Many people schedule their day on the fly, and are often away from their computers when they need to run to their next event. With Google Calendar, you don’t have to be online to be alerted about upcoming events—all you need is a mobile phone. Now you can set up mobile SMS (text message) reminders that will be sent to your mobile phone.
Regular expressions is a powerful tool for the incoming data processing. The problem demanding replacement or text search, can be successfully solved by this “language inside language”. And thought maximum effect from the regular expressions might be achieved by using server languages, it is not no point to undervalue the opportunities of this client’s utility.
Regular expression is a tool for lines or symbols strings processing, which determines text template.
Modifier is designed for regular expression “supervision”.
Metacharacters are special symbols, which serve as commands of regular expressions language.
Regular expression is worked out as usual variable, just it is used slash instead of quotes, e.g.:var reg=/reg_expression/
Simple templates are such templates, which do not need any special symbols.
Let us say, our task is to change all the letters “p” (both capital and lowercase) to Latin letter “R” in phrase Regular expressions.
We create template var reg=/p/ and realize it with replace method
<script language=”JavaScript”>
var str=”Regular expressions”
var reg=/r/
var result=str.replace(reg, “R”)
document.write(result)
</script>
As a result we receive <<RegulaR expressions>>, change was made only in first occurrence of letter “r” according to match-case.
But this result doesn’t suit under conditions of our task… Here we need modifiers “g” and “i”, which may be used both separately and altogether. These modifiers are put inside the template of regular expression, after slash. They have the following values:
modifier “g” specifies line search as “global”, that is to say in our case change happens with all the occurrences of letter “p”. Now the template looks this way: var reg=/r/g. If we insert it into our code:
<script language=”JavaScript”>
var str=”Regular expressions”
var reg=/r/g
var result=str.replace(reg, “R”)
document.write(result)
</script>
So we receive <<RegulaR expRetions>>.
modifier “i” specifies case-insensitive line search, so if we add this modifier into our template var reg=/r/gi, after script processing we receive required result of our task:<<regular expretions>>.
Metacharacters specify symbols type of the required line, type of external environment of line in text, as well as quantity of the symbols of separate type in browseable text. That is why it is possible to divide metacharacters into three groups:
Metacharacters of coincidence search:
\b word board, which specifies condition, under which the template is to be processed at the end or at the beginning of the words.
\B not word board, which specifies condition, under which the template is not processed at the end or at the beginning of the words.
\d digit from 0 to 9.
\D not a digit.
\s single empty symbol, corresponding to space symbol.
\S single nonempty symbol, any symbol other than space.
\w digit, letter of flatworm.
\W not digit, letter of flatworm.
. any symbol, any signs, letter, digits, etc.
[ ] symbol series, specifies condition, under which template has to be processed under any symbols coincidence put into square brackets.
[^ ], set of non-occurransing symbols, specifies condition, under which template has not to be processed under any symbols coincidence put into square brackets.
Quantified metacharacters:
* Zero or more times.
? Zero or one time
+ One or more times.
{n} exactly n times.
{n,} n or more times.
{n,m} at least n times but less than m times.
Metacharacters of position:
^ at the line beginning.
$ at the end of line.
replace — this method we had already used at the beginning of the article, it is assigned for the sample search and change of found subchain to new subchain.
test — this methods checks out whether coincidence in the line takes place towards the template, and retrieves false, if comparison with the sample failed, otherwise true.
For example:
<script language=”JavaScript”>
var str=”JavaScript”
var reg=/PHP/
var result=reg.test(str)
document.write(result)
</script>
As a result displays false, as the line “JavaScript” is not equal to line “PHP“.
Also method test may retrieve any other line assigned by the programmer to true or false.
For example:
<script language=”JavaScript”>
var str=”JavaScript”
var reg=/PHP/
var result=reg.test(str) ? “Line coincided”: “Line did not coincide”
document.write(result)
</script>
In this case a result will be displayed as “Line did not coincide”.
exec — this method processes matching of the line with the sample, assigned by the template. If correlation with the sample failed, the meaning null is retrieved. Otherwise the result is subchains array, corresponding to specified sample. /*The first element of the array will be equal to initial line complying with the specified template*/
for example:
<script language=”JavaScript”>
var reg=/(\d+).(\d+).(\d+)/
var arr=reg.exec(”I was born on 15.09.1980″)
document.write(”Date of birth: “, arr[[ ,]] “< br>”)
document.write(”Day of birth: “, arr, “< br>”)
document.write(”Month of birth: “, arr, “< br>”)
document.write(”Year of birth: “, arr, “< br>”)
</script>
As a result we receive four lines:
Date of birth: 15.09.1980
Day of birth: 15
Month of birth: 09
Year of birth: 1980
Far not all the abilities and advantages of the regular expressions are described in this article.
For deeper studying of this matter I’d recommend you to learn RebExp object.
Also I’d like to point out that syntax of regular expressions is the same in JavaScript and PHP.
For example if you need to check out the correctness of e-mail input, the regular expression looks the same
way for JavaScript and PHP: /[0-9a-z_]+@[0-9a-z_^.]+.[a-z]{2,3}/i.
Regular expressions are represented as samples for searching set symbols combinations in text lines (this search refers to comparison to the sample). There are two ways of assignment of variables regular expressions, namely:
var re = new
RegExp(”pattern”[,”switch”]?).
//Here pattern - regular expression, switch – unrequired search options.
Object initializers, eg, var re = /ab+c/, are to be applied in cases, when the value of regular expression stays constant in script service. Such regular expressions compile during script loading, so they execute faster.
Builder call-up, eg, var re = new RegExp(”ab+c”), is to be used in cases when value of variable is going to change. If you are intended to use regular expression several times, then there has sense to compile it by “compile” method for much more effective samples search.
When creating regular expression it is necessary to take into account, that putting it into quotes implies necessity to use escape-consistency, as well as in any other string constant.
For example, two following expressions are equivalent:
var re = /\w+/g;
var re = new RegExp(”\w+”, “g”); // In the line “” changes to “”
Note: regular expression cannot be empty: two symbols // at a run fix the comment beginning. So in order to create empty regular expression use /.?/.
Regular expressions are used by methods ‘exec’ and ‘test’ of RegExp object and by methods ‘match’, ‘replace’, ’search’ and ’split’ of String object. If we need just to check whether assined string contains substring, relevant to the sample, the following methods are used:a href=”/cgi-bin/print.pl?id=118-4.html#505″ mce_href=”/cgi-bin/print.pl?id=118-4.html#505″ class=intext>test or ’search’. But if we need to extract subchain (or subchains) relevant to the sample, we need to use methods ‘exec’ or ‘match’. ‘Replace’ method provides search of assigned subchain and its change into another chain, and ’split’ method allows to break chain into several subchains, being based on regular expression or common text chain. Detailed information about using of regular expressions is displayed in descriptions of corresponding methods.
Regular expression may consist of common symbols; in this case it will correspond to assigned combination of symbols in chain. For example, expression /com/ corresponds to marked subchains in the following chains: «clum», «sweet-tooth», «fleet headquater». Though, flexibility and power of regular expressions gives possibility to use special symbols, which are listed in the following table.
Special symbols in regular expressions:
For the symbols, which are usually interpreted by literal, means that next symbol is special. For example, /n/corresponds to letter n, and /\n/ corresponds to symbol of line advance.
For the symbols, which are usually interpreted as special, means that symbol has to be interpreted by literal. For example, /^/ means the beginning of the chain, and /\^/ just corresponds to symbol ^. /\/ corresponds to reverse slash.
^ - Corresponds to the chain beginning.
$ - Corresponds to the chain end.
* - Corresponds to iterate of previous symbol zero or more times.
+ - Corresponds to iterate of previous symbol one or more times.
? - Corresponds to iterate of previous symbol zero or one times.
. - Corresponds to any symbol, besides symbol of new chain.
(pattern) - Corresponds to chain pattern and memorizes found correspondence.
(?:pattern) - Corresponds to chain ‘pattern’, but does not memorize found correspondence. Is used for grouping of sample’s parts, e.g. /ca(?:t|ttle)/ -
is a short writing of the expression /cat|cattle/.(?=pattern) - Corresponding with “foreseeing”, happens under matching of line pattern without memorizing of found matching. For example /Windows (?=95|98|NT|2000)/ corresponds to “Windows ” in chain “Windows 98″, but mismatches in chain “Windows 3.1″. After correlation search continues from the position coming next after found match without foreseeing.
(?!pattern) - Corresponding with «foreseeing», happens by mismatching of chain ‘pattern’ without memorizing of found correspondence. For example, /Windows (?!95|98|NT|2000)/ corresponds to “Windows ” in chain “Windows 3.1″, but mismatches in chain “Windows 98″. After correlation search continues from the position coming next after found mismatch, without foreseeing.
x|y - Corresponds to x or y.
{n} - n - nonnegative number. Corresponds equally to n occurrences of previous symbol.
{n,} - n - nonnegative number. Corresponds to n or more occurrences of previous symbol. /x{1,}/ is equivalent to /x+/. /x{0,}/ is equivalent to
/x*/.{n,m} - n and m – nonnegative number. Corresponds not less than to n but not more than to m occurrences of previous symbol. /x{0,1}/ is equivalent to /x?/.
[xyz] - Corresponds to any symbol put into square brackets.
[^xyz] - besides ones put into square brackets.
[a-z] - Corresponds to any symbol in the indicated extend.
[^a-z] - Corresponds to any symbol, besides those in the indicated extend.
\b - Corresponds to word bounder that is position between word and space or line advance.
\B - Corresponds to any position besides word bounder.
\ñX - Corresponds to symbol Ctrl+X. E.g., /\cI/ is equivalent to /\t/.
\d - Corresponds to digit. Equivalent to [0-9].
\D - Corresponds to non-numerical character. Equivalent to [^0-9].
\f - Corresponds to format transfer symbol (FF).
\n - Corresponds to line feed symbol (LF).
\r - Corresponds to carriage return symbol (CR).
\s - Corresponds to space symbol. Equivalent to /[ \f\n\r\t\v]/.
\S - Corresponds to any non-space symbol. Equivalent to /[^ \f\n\r\t\v]/.
\t - Corresponds to tabulation symbol (HT).
\v - Corresponds to vertical tabulation symbol (VT).
\w - Corresponds to Latin letter, digit or flatworm. Equivalent to /[A-Za-z0-9_] /.
\W - Corresponds to any symbol, besides Latin letter, digit or flatworm. Equivalent to /[^A-Za-z0-9_] /.
\n - n - positive number. Corresponds to n memorized chain. Is calculated by counting left round brackets. It is equivalent to \0n, if quantity of left round brackets is less than n.
\0n - n - octal number, less than 377. Corresponds to symbol with octal code n. E.g., /\011/ is equivalent to /\t/.
\xn - n - hex number, consisting of two digits. Corresponds to symbol with hex code n. E.g., /\x31/ corresponds to /1/.
\un - n - hex number, consists of four digits. Corresponds to symbol Unicode with the hex number n. For example, /\u00A9/ is equivalent to /©/.
Regular expressions are calculated the same way as other JavaScript expressions, that is to say with account of operations priority: the operations with higher priority are performed first. If the operations have equal priority, they are performed from left to right. In the following table the operations of regular expressions are listed in descending order of their priority. The operations located in one chain have equal priority.
Operations:
\
() (?:) (?=) (?!) []
* + ? . {n} {n,} {n,m}
^ $ \metacharacter
|
Search options:
While creating of regular expression we can indicate additional search options:
* i (ignore case). Not to recognize lowercase and capital letters.
* g (global search). All sample occurrences global search.
* m (multiline). Multi-line search.
* Any combinations of these three options, e.g. ig or gim.
Let us give few examples. Regular expressions recognize lowercase and capital letters. So the following script
var s = “Learning JavaScript language”;
var re = /JAVA/;
var result = re.test(s) ? “” ” : “” not “;
document.write(”Chain “” + s + result + “corresponds to sample ” + re);
displays the following text on the screen:
Line “Learning JavaScript language” mismatches /JAVA/ sample
Now if we change the second line of the example to var re = /JAVA/i;, the following text appears on the screen:
Line “Learning JavaScript language” corresponds to /JAVA/i sample
Now let’s analyze global search option. Usually it is used by ‘replace’ method in sample search and changing found subchain to new one. The matter is that on default this method changes only fir found subchain and retrieves the received result. Let’s examine the following script:
var s = “We write script on JavaScript, ” +
“but JavaScript is not a unique script language.”;
var re = /JavaScript/;
document.write(s.replace(re, “VBScript”));
It displays the text, which for certain mismatches with the desired result:
We write scripts on VBScript, but JavaScript is not a unique script language.
In order to change all the occurrences of “JavaScript” chain to
“VBScript”, we need to change the meaning of regular expression to var
re = /JavaScript/g;. The resulting line looks as follows:
We write scripts in VBScript, but VBScript is not a unique script language.
At last, the multi-line search option allows making comparison with the line expression sample, connected by break line symbols. On default comparison with the sample stops, if break line symbol is found. This option overcomes specified limitation and provides sample search throughout all the initial line. It also influences some special symbols interpretation in regular expressions, namely:
* Usually symbol ^ is associated only with the first line element. If multi-line search option is included, it is compared with any line element, staying after break line symbol.
* Usually symbol $ is associated only with the last line element. If multi-line search option is included, it is compared with any line element, which is break line symbol.
If the part of regular expression is put in round brackets, corresponding subchain is memorized for further use. For the access to memorized subchains use the attributes $1, :, $9 of RegExp object or elements of array variable, retrieved by exec and match methods. In the last case the quantity of found and memorized lines is unlimited.
For example, the following script uses replace method for derangement of the words in line. Attributes $1 and $2 are used to change found text.
var re = /(\w+)\s(\w+)/;
var str = “Regular Expressions”;
document.write(str.replace(re, “$2, $1″))
This script will display the following text on the screen:
Regular, Expressions
by: Igor Pankov
Introduction
The Internet is becoming a more and more dangerous place to be, due in no small part to the inherent security risks posed by viruses and spyware. Additionally, applications that access the Internet as part of their normal operations may have errors in their code that allows hackers to launch attacks against the computer on which those applications are running. The safety and integrity of digital assets is further compromised by the fast-growing threat of cybercrooks who devise and implement large-scale hoaxes such as phishing and ID theft.
In the light of all this, it’s clear that users need a reliable and secure web browser between them and the Internet, which will be free of these problems and won’t let harmful content invade the computer.
The web browser industry continues to be dominated by the Windows-bundled Internet Explorer, with an 85% market share, but in recent years a new breed of free, more functional and resilient browsers has appeared – the most popular being Mozilla/Firefox and Opera. All have received serious security upgrades to help protect against recent scares and safeguard users online.
Internet Explorer is at version 6.0, essentially the same product that was included with Windows XP in 2001. Eighteen months ago, the release of Windows XP Service Pack 2 substantially increased IE safety; however, it did not eliminate many of the loopholes exploited by hostile program code. At present, Firefox is at version 1.5, but its very different development history (see next section) means that it can be considered at a similar level of maturity as Internet Explorer.
Currently, Microsoft is preparing its next-generation browser, Internet Explorer 7.0, which it plans to introduce sometime during the first half of 2006. The company has stated that it intends to make the browser stronger and more secure to help protect its users against the many problems that have dogged the software over the years.
We, along with Internet users everywhere, await the final results with interest. In the meantime, we decided to undertake our own security evaluation of both IE 7 (beta) and its closest rival, Firefox 1.5.
History and overview
Internet Explorer is a proprietary graphical web browser developed by Microsoft. In 1995, the company licensed the commercial version of Internet Explorer 3.0 from Spyglass Mosaic and integrated the program into its Windows 95 OSR1 edition. Later, it included IE4 as the default browser in Windows 98 – a move which continues to raise many antitrust questions.
Firefox is an open-source browser developed by the Mozilla Foundation; anyone who is proficient enough can collaborate in writing and improving its program code. Mozilla is known for its stringent approach to security, promising a bounty of several thousand dollars for any major vulnerability found in the product.
Security incidents and threat response
While no browser is perfect, major security lapses happened rather more frequently with IE than with Firefox. To be fair, Firefox has less than a 10% market share and is thus a rather less enticing target than IE; that’s probably also why security researchers focus much of their attention on the vulnerabilities of Microsoft’s browser, not Firefox’s. Some people have argued that if the market shares were reversed, bugs in Firefox would start appearing on a more frequent basis, as has recently been the case with Internet Explorer.
The open-source architecture of Firefox contributes to the overall safety of the browser; a community of skilled programmers can spot problems more quickly and correct them before a new release is available for general use. It’s been said that threat response time for Firefox averages one week, while it may take months for Microsoft engineers to fix critical bugs reported by security analysts – an unacceptable situation for users who remain unnecessarily vulnerable to exploits (hacker attacks) during that time.
>From the threat response standpoint, Firefox is clearly the winner.
Security features
Phishing safeguard
New protection against financial fraud and identity theft has been incorporated into the new IE. A so-called “phishing filter” now appears on the Internet Options menu, which is intended to protect users against unknowingly disclosing private information to unauthorized third parties. Here’s how it works:
If a user visits a spoofed site which looks exactly like a genuine one – usually as a result of clicking on a link in a fraudulent email - the browser senses a phishing attempt and compares the site against a list of known phishing sites. If the filter finds the site is a phishing culprit, it blocks access to the site and informs the user of the danger of leaving his/her personal details on sites like this. The database of known phishing sites is updated regularly, and users have an option to report a suspected phishing instant to Microsoft for evaluation.
We’re pleased to report that, even in beta, the filter appears to work quite well, correctly identifying half of the test sites we visited as phishing sites.
In Firefox, phishing protection is delivered through third-party extensions such as Google Safe Browsing (currently in beta for US-based users only (see http://www.google.com/tools/firefox/safebrowsing/index.html); this can be plugged into the browser’s extension menu.
As additional protection against accidental phishing, the authors of IE have stated that they plan to make their product display the URL of every visited site. With IE 6, this capability was not available and many pop-ups appeared without displaying an address in the previously non-existent address bar. Unfortunately, in neither browser were we were able to achieve more than a fifty percent URL display ratio; we trust that this percentage will increase as the release of IE 7 approaches and Mozilla continues to work on improving its functionality in this area.
Restriction of executable Web content
In the current version of IE, suspect websites have been free to install almost any software they want on visitors’ machines. While XP SP2 has dramatically reduced this possibility, many unnecessary add-ons and toolbars can still be easily installed by inexperienced users. IE 7 should provide more protection for naïve users, as it will offer to run in protected mode, thus restricting access to the host OS files and settings and making these critical elements of the computer inaccessible to malware.
The default setting for Firefox 1.5 is to have installation of extensions and add-ons disabled; the user must manually change settings in order to enable adding extensions to the browser.
There will always be a tradeoff between security and functionality, but security experts always maintained that letting websites unrestrictedly launch executable code within the browser creates unlimited potential for exploitation. IE 7 will offer much greater flexibility in configuring which external code will be permitted to run within the browser and what impact it would have on the OS.
ActiveX restrictions
Aside from some graphics enhancement of web pages, in most cases ActiveX is more damaging than beneficial. Many sites that serve up spyware and pop-up ads use ActiveX scripting technology, and ActiveX scripting in the Windows environment can be allowed to run unrestrictedly with administrator (root) privileges. Firefox 1.5 does not support Microsoft’s proprietary ActiveX technology and so the Firefox browser is more resilient against spyware infection.
In IE6, even with SP2, ActiveX is allowed to run by default, which automatically renders IE users less protected against the threat of spyware. In the upcoming IE 7, it is not yet known whether Microsoft will continue this approach, but early indications point to this being the case. This would be unfortunate, since the current approach is a clear security vulnerability.
Of course, IE users can manually disable ActiveX scripting on a particular website and let ActiveX be started automatically on all other sites visited. Or, vice versa, they can disable ActiveX scripting on most of the sites visited and permit it to run on a particular site. All this can be configured under the Security tab in IE’s Options menu. However, it is hardly realistic to expect Internet novices, who need the most protection, to do this.
Java, JavaScript and Visual Basic components
Java and JavaScript can be enabled and disabled by both browsers. Firefox allows users to specify permissions for particular actions performed by these scripts. IE 6 allows users to create a group of trusted sites to which global limitations on these scripts will not apply. In IE 7, more flexibility will be added that will lead users toward a more customized display of web pages belonging to a particular site; it appears Firefox also plans to introduce more flexible parameters.
Internal download manager
IE 7’s download manager will be revamped, and feature an option to pause and resume downloads - a feature not available with the current version. Specific actions will be able to be defined following the completion of a download, and users can check the newly-downloaded file with their anti-virus before running it. This approach is already in place with Firefox, so Microsoft appears to be playing catch-up here.
Encryption of data on protected sites
When you submit sensitive information, such as transaction details to a bank or financial institution, it travels in an encrypted form through a secure HTTP (SHTTP) connection. The information is encrypted by your browser and decrypted at the receiving end. The new version of IE will use stronger encryption algorithms to reliably transfer your data without the risk of being intercepted and deciphered by someone in transit. A padlock icon indicating that a user is on a secure site will be placed in a more obvious place than currently, and more detailed information will be provided to help visitors check the authenticity of such sites.
Firefox currently has a better-organized display of security certificates for its users, so clearly Microsoft has a room for improvement.
Updating
Both browsers are updated automatically when new code is ready. Firefox has this update mechanism already in place, and for IE 7, it is expected that updates will be provided through Windows update technology.
Privacy enhancements
IE 7 will have the ability for users to flexibly set what private data will be saved and can be applied to different sites; users will be able to easily remove browsing history and other private details such as passwords, cookies, details submitted on web forms, download history, and temporary files. In IE 6, these files were stored all over the place and users have complained that there is no clear way to delete this information. Firefox 1.5 already provides this capability.
Conclusion
IE 7 promises a lot of interesting security and privacy enhancements that will help users stay more secure. With the final release users will receive a good, solid browser that, if Microsoft promises are fulfilled, will help it to compete well on the security front. As we have seen, Firefox 1.5 is already a role model, and it will be interesting to see what lies ahead for this talented challenger.
Quoting our favorite source of “people familiar with the situation,” the Wall Street Journal (subscription required) claims that executives at Microsoft and Yahoo are in early-stage discussions about merging the two companies to take on Google. Investors seem to be taking this seriously, as Yahoo shares surged in overseas trading because of this news. The company’s market value is now close to $38 billion up from $32 billion earlier this week. So if you want to quantify this rumor, there you have it: the world thinks its worth $6 billion dollars.
Read More: Yahoo to join Microsoft?
Pligg had released beta version 9.5, our last installment of the beta series for Pligg.
Between this release and the next there will be additional optimizations performed and some final tweaking and bugfixes added.
We love open source Stuff, and internet or blog tools, and we always welcome new release, and like always we’ll do the best to inform you about anything new that appearing.
Pligg, for those who’s not familiar with is unique compared to most other content management systems because of its flexibility. A web designer can do pretty much anything with Pligg because the software was designed to be used in as many ways as possible. Not only can a person with very little knowledge of PHP and MySQL install it, but they can modify and administer it with relatively little difficulty. For those who have a greater understanding of web languages, Pligg can act as the first step in a highly customized personal content management system.
The public hacking of a MacBook Pro in a contest at the CanSecWest /2007/ security conference in Vancouver poses a wide risk that expands to users outside of the Apple platform. This is the conclusion put forward by two research VPs from Gartner. Rich Mogull and Greg Young opined that the uncovering of a zero-day vulnerability in the Apple QuickTime media player that ships by default with Mac OS X, but that is also available as a plug-in for Windows, was not beneficial in the least, calling it an “incident (that) highlights the danger of vulnerability research conducted in public.”
“Upon further investigation, researchers found that the vulnerability lies within an application programming interface (API) that QuickTime exposes to Java applets (code run in Web browsers). The sheer breadth of systems and browsers that potentially could be affected means that this could be a serious browser vulnerability. No single safeguard can guarantee complete protection,” Mogull and Young stated.
The two Gartner analysts ignore the fact that there have been no attacks or exploits related to the QuickTime vulnerability, and they simply assume potential risk. Although there have been reports that the original exploit of Dino Dai Zovi could have been captured, such scenarios were not confirmed. Furthermore, the information available about the vulnerability is too scarce to allow for reverse engineering.
This however, failed to stop Gartner from condemning public contests for vulnerabilities. Gartner has a unique and illogic perspective over vulnerability disclosures. The firm proposes that all public vulnerability marketing events should be put to an end because of potential unanticipated consequences that could endanger the users.
Microsoft has also adopted a similar position, applauding the responsible approach to disclosing vulnerabilities, and stated numerous times that it would not set in place an infrastructure to reward the identification of security flaws.
“Public vulnerability research and “hacking contests” are risky endeavors, and can run contrary to responsible disclosure practices, whereby vendors are given an opportunity to develop patches or remediation before any public announcement. Vulnerability research is an extremely valuable endeavor for ensuring more secure IT. However, conducting vulnerability research in a public venue is risky and could potentially lead to mishandling or treating too lightly these vulnerabilities,” Mogull and Young added.
Still, an informed user is also a protected user. The Apple QuickTime flaw puts every Window user with a Java enabled browser at risk. Informing the customers of the existence of the flaw, along with mitigation methods, is also an example of responsibility but this time towards the end-user and not to the vendor.
Google and four U.S. states have partnered to improve the amount of data Google indexes from their Web sites and makes available to users of its search engine.
Google has provided free training and advise to webmasters from the states of California, Utah, Arizona, and Virginia regarding topics like the creation of site maps and the use of Google’s Custom Search Engine service, the company and the states will announce Monday.
Although the improved sites were well architected, their webmasters hadn’t focused much on optimizing them for search engines like Google’s, said J.L. Needham, Google’s manager of public sector content partnerships. “These people have search religion. Their site search tools are well designed, but they lack awareness of the site as a search engine target,” Needham said.
Publishers of commercial Web sites are more aware of search engine optimization, because they generate revenue from online advertising and it’s in their best interest to get good placement in search engine results. Not so with government Web sites, Needham said. Consequently, Google believes there are many public pages from government Web sites missing from its index and in general from the indexes of other search engines. This has led to the creation of a mini-industry around the online sale of public government information, data that instead should be easily and freely accessible via search engines and government sites, Needham said,
The four participating states generally chose to prioritize optimizing Web sites with information they consider to be particularly useful to end users, like information about education, jobs and health.
For example, Arizona’s initial picks include sites with information about licensed child care centers and nursing homes, state jobs, licensed real estate agents and building contractors. “We’re very impressed with the early results of this partnership. The citizens of our state will have access to more state government information that’s more relevant to their daily lives,” said Chris Cummiskey, Arizona’s chief information officer.
Cummiskey expects to add more state agencies to the effort, and that the knowledge will also trickle down to webmasters in counties and cities. “The cornerstone of this is increasing accessibility of Web information to the public and knocking down barriers that exist [between our sites] and the commercial search engines,” Cummiskey said.
Along with Monday’s announcement, Google will set up a site with information on how webmasters from the public sector can optimize their sites so that more information can be indexed by search engines. Google hopes more public sector webmasters will join this program.
A site map is a file that webmasters put on their sites to help the search engines’ automated Web crawlers properly index Web pages. Google, Yahoo, and Microsoft are backing a common protocol to provide a standard format for site maps. Google’s Custom Search Engine lets publishers put a search box on their sites that only returns results from specific sites, as opposed to including results from Google’s entire Web index.
The sponsor of this category is TrustStorePills.com - Online Pharmacy
| black horse |