If anyone checked the site this morning, you noticed that I was hacked sometime in the middle of the night. While the details remain somewhat of a mystery, the hacker somehow gained priviliged access to the server that all of FellowSites is hosted on. Thankfully, he didn’t do any major damage. He ran a simple script that searched for index pages on the server, backed up the pages, and then replaced the originals with an index page of his own.

Steve and I have been in contact with the reseller host most of the morning. Everyone’s pages are back to normal and they’ve fixed the security vulnerability so that it won’t happen again. They also got the culprit’s IP address and they’ve banned him from the server.

A List Apart released a new article this week by author Stuart Robertson. The article details an intriguing new form of the old-fashioned image map. He throws the image up as a background and then uses CSS to position the links over the top. Pretty clever, eh?

However, what I think is even more clever is the site he designed using the technique: Blambot’s Dead Ends. It’s a choose your own adventure book! I used to love those when I was a kid. I haven’t had a chance to read much of this one, but the site looks incredible. Who would’ve thought you could build a great looking page like this using standards compliant methods?

I absolutely love Google News. It brings together articles from over 4,500 different news sites, and you can search for news on any topic you happen to be interested in.

One of the greatest features they’ve added to the system is News Alerts. You can specify search terms and an email address, and you’ll receive news about your search terms as often as you specify. I’ve set up a few different ones, for instance: “mozilla firebird”, “university of utah”, “contentwatch”, and “southern baptist”. I love being able to read current news about things I am interested in, rather than having to wade through a bunch of news I don’t care to read.

Are you still using Internet Explorer? You should really consider switching. A security exploit was discovered recently that all IE users need to be made aware of. The trick uses a non-displaying character and a rarely used URL convention to trick you into thinking you are on one site when you are really at a different site.

Let me explain the URL part first. Ever been to a site where a window popped up first asking for your username and password? You can bypass that little window by typing your username and password before the URL. For instance, if your username is “joey” and your password is “heehaw”, you would type the URL like this:

bq. http://joey:heehaw@www.joeyday.com

You can do that even for sites that don’t have a password. It will simply be ignored by the website you are loading.

So, what’s the exploit? Well, when it comes to displaying URLs, IE seems to ignore everything after certain non-displaying characters. So, sticking a fake URL followed by a few non-displaying characters before the @ symbol causes the real URL to get cut off. The display problem appears in the status bar when you hover over the link, and in the address bar after you’ve loaded the link.

Example: Download the world’s best Internet browser

If you’re using IE, you’ll see “http://www.microsoft.com” in the status bar when you hover over the link, and that’s also what you’ll get in the address bar once you’ve arrived on the page. However, instead of Microsoft’s page, you should get a page where you can download Mozilla Firebird.

The implications are pretty obvious. Ever seen those little “Donate” links people put on their site that takes users to PayPal? Anyone could use a link like that to direct users to a fake PayPal page asking them to re-enter their personal information. Stop and think for a second, and you can probably come up with a number of additional ways someone could use this security vulnerability to their advantage.

It’s important to note that this exploit does work partially on Mozilla Firebird. When you hover over the link in Firebird, you’ll see the fake address in the status bar. However, status bar text is easy to change using simple JavaScript, so this isn’t as big of an issue. When you land on the page you’ll see the full URL, including the non-displaying characters. There’s already a patch available in the Bugzilla database (Bug #228176) that fixes the status bar glitch.

My guess is we’ll see a Windows Update in a few days that addresses the vulnerability in IE.

I’m not exactly sure why, but lately I’ve had something against every AOL commercial I’ve seen. The latest one is no different.

The commercial starts with a woman opening her mail. She discovers a new AOL CD, and immediately rushes over to her husband exclaiming, “It’s here! It’s here!” The camera then focuses on one wall in the house, where there is a sculpture of a fish made entirely of AOL CDs. The husband drops the new CD into the last open space (the fish’s eye), and they proudly admire their finally finished work.

Then Jerry Stiller shows up out of nowhere. He explains to them that the new CD has AOL 9.0, and they really ought to give it a try because it’s better than all the old versions. I’m not sure I even have to say anything here. Everyone makes fun of AOL for the number of free CDs they send out. Now they’re making fun of themselves! :duh

If you’ve received too many AOL CDs, send them to No More AOL CDs. These guys have collected over 250,000 CDs. Their goal is to collect a million and then give them back to AOL to try and get their message across. I, for one, hope they succeed.