Tag: security

IE 7 & 8: Navigation to the webpage was cancelled, revisited

If you get the error “Navigation to the webpage was cancelled” while browsing, chances are a security setting needs to be corrected. In a previous post, I suggested a “scorched earth” settings-reset procedure, but I’ve found that that isn’t always sufficient. Sometimes the settings need to be relaxed beyond factory defaults.

For instance, our Learning Management System (LMS) uses mixed https and http content, and Internet Explorer is often set to block mixed content entirely. Sometimes it will prompt the user but often it will simply give the error “Navigation to the webpage was cancelled.” In the case of our LMS, a large clue to what is going on is that the login page appears completely unstyled, because the style sheets and images are part of the blocked content. 

Continue reading

Managing your privacy on Facebook

Facebook’s privacy settings can be managed in a very detailed manner, but setting them up correctly can be confusing to new members. It is not at all obvious that you have any control over what people see of your personal information.

Put your friends into lists

To get started with taking back control over your personal life, take a moment to consider what privacy levels you might need. There may be items you may be comfortable with your family seeing but not friends, and vice-versa, such as photos of yourself uploaded by your friends. You’ll be grouping people into lists that will allow or prevent them to see specific items. Typical lists you might consider making would be “family”, “friends”, “acquaintances”, “coworkers”, “party animals”, etc.

Click “All Friends” under the Friends menu in the blue stripe up top.

Continue reading

Cleaning up and Preventing HTTP Injection Attacks

I recently had the (undesired) opportunity to learn about HTTP and SQL injection attacks. It took a great deal of effort to diagnose and clean up, but hopefully what I learned from the experience may help you prevent these attacks on your own site or clean up after such an attack.

I first found out my site had been compromised because one of the subdomains started displaying “403” errors (permission denied) and one of the users notified me that the site could no longer be reached. At this time, the rest of the site seemed fine, so I had not noticed anything was wrong with it myself.

On examining the subdomain files, it turned out that the .htaccess file had some new directives written into it, which had the effect of blocking all access to the site. When I further examined the file, it appeared that the actual intent had been to redirect only the users that arrived at the site through a search engine, while allowing direct visitors to see the site as usual.

Continue reading