Last week however thousands of websites running Microsoft SQL Server 2003 and 2005 were hit by cyber-criminals with an attack designed to circumvent their security. The attack injected code into the servers that meant every visitor thereafter would be greeted by a message saying their computer had been infected by hundreds of viruses.

This of course wasn’t true, it was a way to trick people into paying for a downloadable trojan that would clean the virus problem but would really install botnets, keyloggers and more onto your PC. Worse, in paying for this software, the criminals would then have your credit card details… or more!

This attack could have compromised 28,000 websites according to some reports and is frightening news, especially for all those of us with personal data held by web companies A, B and C.

This brings me back to SSL. If we want to shop online then for over a decade our web browsers have been able to warn us whether or not the information we send is being encrypted, and if that website is deemed safe for financial transactions or for the exchange of personal data.

Then we have companies including Microsoft and Google maintaining blacklists of unsafe websites, shared between them and anti-virus companies, to warn us further of malware-ridden websites by turning our browsers red.

What we don’t have are warnings about how secure the underlying technology on a website is, and whether we can trust that.

There’s no reason why this would be hard to do either, an encrypted file located on the server (probably with the SSL certificate) that could be read by the browser and certificated by a third-party would be all that would be needed, after all this is tried and tested technology. This file would contain informaton about the hosting on that computer, what operating system version it runs and the versions of what other technologies it is using.

In the cases outlined above a system such as this would have warned visitors to the websites that the sites they were visiting and trusting their personal information to, were using older technologies that, even when properly patched, could be vulnerable to attack.

Indeed many people who already know about such things, might choose to steer clear of all servers running Windows in favour of those running Linux and MySql.

It truly amazes me that we don’t already have a system such as this but I’m even more stunned that so many companies and hosting firms are using technologies on their website that are almost a decade old. So come on people, agree a standard by which, within a small margin of error, we can see a traffic light of how secure our personal information will be on a website before we hand it over.

Recently though the company has taken a more pragmatic approach and has moved, slowly admittedly, towards full standards compliance.  With their next browser, Internet Explorer 9, they’ve said it will be fully compliant and recent tests from the W3C organisation certainly bear this out.

The figures, reported today by Engadget, put IE9 slightly ahead of the next best browsers for full compliance with the new web standard.  Admittedly the top three browsers are all betas and so we can expect these figures to move, sharply and quickly, but for now it’s an excellent sign.

Internet Explorer has lost significant market share in recent years after the cataclysmic calamity that was IE6 (I try and find stronger and more colourful adjectives every time I mention the god-awful thing).  Now Microsoft are desperate to grab some market share back and, by all accounts, IE9 could do it through a combination of complete standards compliance and new features that people actually want and will use.

We’ll keep you informed about how this picture changes at gHacks.  The new HTML5 browsers are all due out in 2011 and it will be a very interesting year indeed for the web that we’ve all come to know and love.

An OpenID is an URL. However, using an URL like http://computerjoe.myopenid.com/ to log-in and post comments with just doesn’t look sophisticated. I much prefer to use my own blog’s URL to post comments and log-in; it pumps traffic to my blog and frankly just looks better.

Whilst you could run your own OpenID identity server to do this, this takes quite a bit of expertise to set-up and whilst it is probably more secure, it isn’t needed in my opinion.

It is possible to use a any identity server with your website’s URL. I personally use MyOpenID, but I log in to sites with joeanderson.co.uk/blog; not with computerjoe.myopenid.com.

This can be done by simply adding a few lines of HTML to your website’s <head>.

For example, I put

<link rel=”openid.server” href=”http://www.myopenid.com/server” />
<link rel=”openid.delegate” href=”http://computerjoe.myopenid.com” />

Naturally, these have to be modified depending on your username and server, but the provider should provider the information.

There are several benefits using this type of OpenID identificatin. The main one is that it just looks better but the most practical one is probably that it allows you to change provider whilst keeping the same log on. So, if I suddenly decide not to use MyOpenID, I can change to any other provider but my URL remains the same.

Some of you where pretty interested in the topic and there where a few debates in the comments over which was the best, so I’ve decided I’ll share a list of every online OS that I have found up to now.

Enjoy.

Since last week I have discovered one Webtop which is worthy of a special mention- iCloud. You’ll need an invite to access the iCloud beta, but apply and it’s likely you’ll receive it within a couple hours.iCloud comes with a UI that is well designed and varies a little more then the other Windows clones. It also comes with some very handy applications, check it out.

G.ho.st
DesktopTwo
myGoya
Ulteo
GlideOS
Jooce
iCUBE
youOS
Starforce
Purefect Desktop
ZimDesk
Online Operating System
CosmoPOD
Webdesk.in
MyBooo
goPC
Psych Desktop
AstranOS
SSOE

If I have missed any let me know.

AjooBlast is a freeware application for Microsoft Windows that works as a server and player at the same time. You would add your mp3 folders to the server and set a secure password for the server. The player would then be able to connect to the server over the internet or lan providing such a connection would exist. It is important to have the IP address of the server at hand because you will need it if you connect to the server over internet.

You need to be able to install the software on the other computers as well which is rather unfortunate because I’m not able to install software on my work pc. It offers a great feature nevertheless which makes it easy to share the music with your friends. They only need the software, your IP and password and are able to connect to your server and play the music.

I think it is really astonishing what some coders can do with some kilobytes. Great application. The software is missing a web client which would make it even greater

Paste and Go is a simple Firefox add-on which adds the functionality know from Opera to Firefox. It adds the paste and go function to the right-click menu when your mouse hovers above the address bar. It adds similar functionality to the search bar where the right-click menu entry is called paste and search.

Last but not least you can use a keyboard shortcut for the same effect. In Windows and Unix it is Control + SHIFT + V, on Mac COMMAND + SHIFT + V.

Some users are reporting that the newest version of the plugin caused errors while using the keyboard navigation. This is no problem for me because I’m not using keyboard navigation at all but it might be for some of you who do. You better don’t install the extension if you use or need the feature.

You come from a country where free speech is only a theory. Countries include china, north korea, most islamic countries, germany and france for instance.

You work in an environment that prohibits access to parts of the internet.

You write about a certain situation and want to make sure no one knows that it´s you, for instance you blog about your current job or the situation in your home town.

You dislike that the government tries to track everyone and everything on the internet.

You are paranoid

Hope that´s settled now. Let us start with the methods and technology to stay anonymous.

Before I start I would like to remind you to use common sense as well. It does not help you if you use a proxy to post on a message board but use your real identity there. The same principle is valid for all other means of communication. Don´t mention your real data if you want to remain anonymous.

I will discuss the following methods to stay anonymous on the internet: a) webproxies, b) proxies, c) tunneling software, d) cookies, spyware and the like.

Webproxies:

Webproxies are a great way to stay anonymous with almost no work required on your site. You open the url of the webproxy, enter the url you want to visit and visit the site you want to visit using the ip of the webproxy. Easy and fast method that has some problems as well. First, it might not support all scripts that the site you want to visit uses. This could be a problem, maybe it has only the effect that the design does not look as usual, maybe functions of the website do not work. If thats the case try different webproxy server.

The servers can easily be blocked by a firewall or other means of blocking scripts / urls. If that is the case you could try and setup your own webproxy. All you need is webspace that supports php / cgi. You then have the advantage that only you or a few people know about this proxy and it´s less likely that it will be banned.

You can try cgi proxy or php proxy or search the web for more scripts.

A word of advice. Don´t pay for a webproxy service. Most payments can be tracked. Good lists of webproxies can be found at ghacks.net and proxy.org

Proxies:

Unlike webproxies proxies are mere ip addresses that route your request to the destination. The important factor if a proxy can be used to hide your identity is if it spills your ip. It does not make sense to use a proxy to stay anonymous if the destination sees your ip and not the one from the proxy.

That means you will have to check proxies before you are using them. A program that does this is charon by my friend rhino. It checks the proxies for speed and anonymity. Now, all is left is to add the proxy to your browser and check a whatismyip.com site for your ip. If it shows the ip of the proxy you are surfing anonymously. Beware that certain languages like java are still able to reveal your real ip on a website even though you are using a proxy.

Firefox has some great proxy extensions like the Proxy Selector. You probably would like to know where you get the proxies that you check in charon ? You can perform searches for proxy lists, visit irc or scan for yourself for example.

Tunneling software

Proxies have a big problem. If one monitors the proxy one does know what everyone who uses the proxy is doing. It´s a good idea to use a proxy server that is not located in your home country. The US government will have problems asking a north korean proxy server owner for their server log or access to it. It´s not likely that this is going to happen.

But, the possibility exists and it´s a good way to be on the safe site. Tunneling tools allow you to use software on your computer that does not support proxies in first place to be used with proxies. Some simply require you to enter a proxy in the tunneling software and you are free to go, others encrypt your data transfer and route if through several servers to make sure no one is able to find out about the source and destination and the data itself.

Tor is one of those products and it could be a good idea to take a look at the software which is hosted at the eff website. Jap anonymity and privacy is another tool that might be worth looking at

Cookies, spyware and the like

This should be common sense but I thought I add it anyway to the article. There are different methods that are able to track you that do not rely on your ip address. Those are cookies for instance, take a look at the excellent wikipedia article about cookies if you don´t know about cookies.

Spyware is another threat that is able to track your movement and action on the internet. Make sure you run a clean system by using tools like spybot. You should also be sure that no rootkits, virii, trojans, worms and the like are already installed on your computer.