There’s been reports in the news about half a million Microsoft websites being hacked. Everything is being blamed on IIS when in actual fact it poor programming by the developers of the websites.

It stems from a type of attack on the websites called SQL injection which is actually related to the database layer rather than web server as seems to be reported everywhere.

The automated attack takes advantage of the fact that databases aren’t locked down by default therefore allowing the SQL injection to perform tasks inside the database that really shouldn’t be allowed. Best practice for database development should include anticipating possible different types of attack including SQL injection therefore employing defensive programming technique. In addition the database user to be used by the web application should ideally be locked down to only allow the minimum access allowed.

SQL injection attacks aren’t just limited to Microsoft databases so it should really serve as a warning to all programmers.

There has been news lately about Microsoft and GMail Captchas being broken and with figures of 60-80% success rates by spambots is certainly looks like the current method of blocking automated access is going to need a replacement soon.

Now this security image technology has long been the bane of visually impaired users with captchas effectively denying access to large areas of the web. It’s just a small part of the whole accessibility debate.

A new service called IMAGINATION adds another level to the captcha idea and is being touted as captcha 2. IMAGINATION uses a picture of a distorted image and radio button list of options describing the image, these options are also in an image. This would require the recognition of the image and then the text options available which makes things a lot harder for the spambot and unfortunately still keeps the visually impaired out.

I wish I could come up with a solution to this issue but the honest truth is I can’t. Even the odd site that provides an alternative audio captcha isn’t a perfect solution and as voice recognition software is very mature I’m sure that this could be an alternative way in for the spambots.

The only option I can see that satisfies both blocking automated processes and follows accessibility guidelines is the kind of question and response architecture. In it’s simplest form this could be “What is the colour of the sky?” - most users of course will be able to answer “Blue” and be let through. However this does leave the door open to bots being able to lean on the power of the net to answer the questions.

So where to go from here? Well this entire problem stems from the anonymity of the net so the obvious solution is to provide an independently authenticated identification system that could be used in a similar fashion to OpenID.

Being identified on the net solves a wide range of issues being talked about at the moment but are people willing to lose their anonymity though?

Microsoft’s Silverlight seems to be gathering steam and is getting lofty predictions from industry monitors that it’ll triple its use within 18 months.

It’s major competitor, the current undisputed market leader, is Adobe Flash but I believe in the long run Silverlight should at least start to give Flash a run for it’s money which is only good for encouraging innovation even more.

Comparing Flash against Silverlight isn’t really fair we should be looking at Adobe Air which gives a whole platform to work with in a similar way to Silverlight.

I have to agree with the predictions from the article I can see Silverlight adoption growing rapidly. However I don’t necessarily see Flash market share suffering hugely; at least at first. Generally Flash is a design tool (I accept it can do more but ActionScript isn’t a good development language in my opinion) and I can’t see the Flash lovers changing over to Silverlight quickly or at all. Flash does what they need - if it ain’t broke why fix it?

In which case how is Silverlight going to take off? Well it provides an amazing tight development platform - server-side and client-side coding along with multimedia all tied in together. The idea of XAML is very exciting allowing the development of user interfaces that just weren’t possible before. Also because it’s the next step for the .NET framework the great number of existing .NET developers that will adopt it causing it to grow quickly. Also Microsoft have been very clever here as Silverlight can be treated as a development platform or a design platform depending on your strengths and therefore the software package you would use therefore hoping to steal the Flash market. Finally Microsoft are truly trying to make Silverlight cross-platform and cross-browser to maximise the market potential in a similar way to Flash.

I for one will eventually move onto the Silverlight platform - I’m currently monitoring it’s success to ensure the community around this new technology is mature enough to support it fully.

Another update on the search engine wars! It seems Yahoo! is trying to jump into bed with Google to avoid the smothering embrace of Microsoft.

However with their joint market share amounting to about 90% there is no way this is going to be allowed by the powers that be and I believe not in the interest of the market as a whole. There is an excellent article on the BBC that goes into all the detail you’d need about this and I agree with every point.

Now there are rumblings that AOL might be interested in teaming up with Yahoo! and even Rupert Murdoch might team up with Microsoft for the bid for Yahoo!

Personally I think AOL and Yahoo! isn’t going to change a thing there certainly isn’t any chance of eating into Google’s share.

Yahoo! are obviously terrified to be swallowed up by Microsoft (I’m sure it would cease to exist) but I can see this as the only option if we’re not going to have a single company with a monopoly on the market. I’m not even sure if it’s too late now. Whatever Google’s reputation this isn’t good for the market and stifles innovation.