Friday, August 1, 2008

Researchers Discover Adobe PDF Hack

Computer security researchers said Wednesday they have discovered a vulnerability in Adobe Systems Inc.'s ubiquitous Acrobat Reader software that allows cyber-intruders to attack personal computers through trusted Web links.

Virtually any Web site hosting Portable Document Format, or PDF, files are vulnerable to attack, according to researchers from Symantec Corp. and VeriSign Inc.'s iDefense Intelligence.

The attacks could range from stealing cookies that track a user's Web browsing history to the creation of harmful worms, the researchers said.

The flaw, first revealed at a hacker conference in Germany over the holidays, exists in a plug-in that enables Acrobat users to view PDF files within Web browsers.

By manipulating the Web links to those documents, hackers and online thieves are able to commandeer the Acrobat software and run malicious code when users attempt to open the files, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense Intelligence.

Dunham gave this hypothetical scenario: an attacker finds a PDF file on a banking Web site. The attacker creates a hostile Web site that links to the bank's PDF file. Included is malicious JavaScript code that will run on the unsuspecting user's computer once the link is clicked.

"PDF is trusted and tried and true -- everyone uses it," Dunham said. "But instead of just viewing the file, you've initiated script that shouldn't be executed. All you have to do is click on the PDF and the ball starts rolling."

Representatives from Adobe did not return a call from The Associated Press on Wednesday night.

The flaw appears to target Microsoft Corp.'s Internet Explorer 6.0 Web browser and earlier versions, and Mozilla's Firefox browser, the researchers said.

They recommended that users protect themselves by upgrading Internet Explorer or changing Firefox's user options so the browser does not use the Acrobat plug-in.

Researchers said it's unclear how pervasive or harmful any future attacks might be.

"Given that it is easy to exploit, I would expect that we will see this method used considerably in the coming days and weeks, until it is resolved," a Symantec researcher said in a posting on a company Web log.

Tuesday, July 29, 2008

The Retooling of a Search Engine

OAKLAND, Calif., Dec. 3 — A replica of what looks like Han Solo of "Star Wars," frozen in carbonite, sits outside Jim Lanzone's office here. A closer inspection, however, reveals that the frozen body is that of another fictional character: Jeeves, the English butler best known in Internet circles as the mascot of the Ask Jeeves search engine.

For Mr. Lanzone, chief executive of Ask.com, the prop is a reminder of what the Internet search company he runs has ceased to be.

Ask Jeeves was acquired by IAC/InterActiveCorp, headed by Barry Diller, in March 2005 for nearly $2 billion. A year later, IAC ditched Jeeves and renamed the search service Ask.com. "The reputation of Ask Jeeves was very poor," Mr. Lanzone said.

Now, Mr. Lanzone, who became chief executive in April, is ready to proclaim that efforts to transform that reputation are paying off.

Like every other major search company, Ask would like to narrow Google's huge lead in search and search advertising.

After losing a distribution deal with Dell Computer late last year, Ask actually gave up market share to other search engines. But Mr. Lanzone said that in the last four months, Ask has steadily regained ground, to grab the No. 4 spot — even as larger companies like Microsoft and AOL, whose search is run by Google, have seen their market share erode.

On Monday, Ask.com is introducing AskCity, a service that integrates maps with information about local businesses, restaurants, concert and movie listings and reviews.

These so-called local searches already account for 10 percent of all Internet queries and are expected to grow faster than other searches. They are also seen as a way to tap into tens of billions in spending by small businesses, which have yet to switch much of their advertising dollars to the Internet.

Early reviews of the service by analysts are positive, and Mr. Lanzone said AskCity, which makes use of data from other IAC businesses like Citysearch and Ticketmaster, was just the kind of service that was slowly helping Ask build a top-quality search engine.

"Right now, the focus is almost entirely on improving the user experience," Mr. Lanzone said. "This is the product that, to date, we are the most proud of. It is going to have a huge impact for people who use Ask."

For his part, Mr. Diller said AskCity was a demonstration of Ask's role in helping tie together the disparate properties owned by IAC.

AskCity is "a really good service that is dependent on the information from all these IAC sites, which is the raison d'ĂȘtre of the company itself," Mr. Diller said, adding that over time, other IAC entities, which include HSN, LendingTree.com, Evite and Match.com, will be more tightly integrated with Ask.

Accounting for 5.8 percent of all the searches in the United States in October, Ask has edged out AOL to become the fourth most popular search engine, according to comScore Media Metrix. By comparison, Google had 45.4 percent of all searches, Yahoo 28.2 percent and Microsoft 11.7 percent.

Data from Nielsen NetRatings, which measures only searches on Ask.com, not on related sites in the Ask network, shows that Ask's use grew 25 percent in October from a year earlier, the second highest rate of growth among the major search engines, after Yahoo.

The turnaround of Ask began long before Mr. Diller acquired the company. After the collapse of the dot-com bubble, shares of Ask Jeeves dropped below $1 and the company was close to extinction. But in 2001, it sowed the seeds of its rebirth when it spent about $4 million to acquire Teoma Technologies, a small company in New Jersey that had developed well-regarded search technology. A year later, Ask Jeeves got a lifeline from Google, which cut a deal to place ads next to Ask Jeeves search results.

Other major search engines largely organize results based on the number of links a Web site receives from other sites. But Teoma's software first clusters sites based on content categories, then chooses the most popular sites in those categories.

That approach, known as Expert Rank, has allowed Ask to do a better job at finding specialty sites that may be the most authoritative on a given subject, even though they may not be the most popular.

Ask also has differentiated itself by giving users previews of the Web sites that appear in their searches and offering simple ways to narrow or expand search results. In a search for the keywords "California and wine," for instance, a set of options will appear next to the results allowing you to focus your search on, say, California wineries, California wine ratings or California wine prices. You can also expand your query to famous foods in California.

And Ask eliminated the emphasis on answering questions through Ask Jeeves, a feat it was able to accomplish on only a limited number of queries.

The steady improvements have earned Ask the praise of analysts, reviewers and even some competitors.

"They are doing a lot of clever and interesting things," said Marissa Mayer, Google's vice president for search products and user experience.

AskCity is getting similar praise.

"Over all, it is an impressive product," said Greg Sterling, founder of Sterling Market Intelligence, a research firm. Mr. Sterling said AskCity compared favorably with competing local search services offered by Google, Yahoo and Microsoft.

AskCity takes content from other companies, including some owned by IAC, and mixes it all into one site. If you search for a French restaurant in San Francisco, for instance, you will see a listing of all the restaurants alongside a map with the locations highlighted. A third pane allows you to narrow your search to a specific neighborhood, or immediately search for another kind of cuisine. It is also easy to view individual restaurant reviews through Citysearch or make reservations through a service called OpenTable.

You can also select one restaurant and then do a subsequent search for nearby movies, concerts or other events, and book tickets for those events right on the site through Ticketmaster or TicketWeb. AskCity will also display walking or driving directions from the restaurant to the movie theater or concert hall.

You can also annotate an AskCity map and e-mail it to others. You could, for instance, tell friends to meet at a certain location — say, Gate F at Monster Park, home of the San Francisco 49ers — mark the location with an X on the map, and send the map to friends who may not be familiar with the stadium. Or you could save a search of all the music clubs near your house and go back to it time and again to see what is playing at each location.

While other local search sites require users to jump from event listings to maps and other services, AskCity "has integrated all those disparate services into one common interface," said Jeetil Patel, an analyst for Deutsche Bank. "Ask has always been very good with the quality of its results, and this is another way to grow usage."

Mr. Lanzone is optimistic — perhaps overly so — about Ask's prospects. "There is room for a Pepsi to Google's Coke," Mr. Lanzone said.

For the foreseeable future, however, the Pepsi label would have to remain Yahoo's, as Ask is a distant fourth in the search engine race — and that is counting not just searches on Ask.com, but also on sites like MyWay and iWon, which became part of Ask's network when the company acquired Interactive Search Holdings in 2004.

Even analysts bullish about Ask's prospects are more circumspect.

"My view is that people use Ask as a secondary engine," said Safa Rashtchy, an analyst with Piper Jaffray & Company. But Mr. Rashtchy said that if Ask did nothing more than increase the frequency with which existing Ask users turned to the service, it could pay off.

"Search is a very lucrative and large market," Mr. Rashtchy said. "For them to increase the number of queries that users do on their site could result in a meaningful increase in profits."

Mr. Lanzone said there was another way that Ask could become an increasingly valuable property. The alliance with Google, which still serves up about 60 percent of all the ads on Ask, will end next year. Given that Google has paid huge sums to deliver ads on sites like MySpace and AOL, Ask should be in a good position to negotiate, Mr. Lanzone said.

"When that deal is up, we need to look for what's best for us," Mr. Lanzone said.

NYTimes.Com