A technique to prevent Phishing

When I come to think of it.. stealing a persons credentials through phishing sites is going to be one of the biggest and most dangerous threat on the Internet.

Websites need to do  more than merely display warning messages on their sites in order to prevent phishing or alteast bring down the instances.

I think the basic concept is for the website to authenticate itself before the user puts in his/her passwords.

A simple technique that I thought of is described below

The login screen first displays only the textbox for the username, once the username is entered, the site makes an AJAX call and fetches the persons name and displays a message saying ” Hi Vinci Rufus” or some other info from the person’s profile before he/she can put in the passwords.

Well this does add an additional step, but I think it would be worth that extra step than losing your Internet Identity forever.

I’ve put up a small example of the above technique at this url

www.vinznet.com/labs/phishing/first_step.php

username : user@user.com     [ you can also hit tab]
pass: user

username: admin@admin.com
pass: admin

This is surely not a foolproof method and if the user doesn’t bother to look up on the screen to see if the site managed to get the correct info then there is nothing that can be done about it, or if the username is very similar to the persons name then we’ll need to pick up some other info like the birthdate or something.

So let me have your thoughts and ideas on the comments area and we can have a discussion.

I’m also thinking of another solution involving flash/flex based hologram kind of a thing.. but I’ll talk about it in another post.

Adding a Static Block in Magento

Static Blocks are a great way to display banner ads notices or any  html content on various pages,

Its also fairly easy to work with.

1) Create the Static Block by going into CMS / Static Block and put your html content there. and give it a unique identifier like ” mybanner” or something like that.

Now if you want to add the banner within an CMS page that you simply need to write the following code to diplay the block there

{{block type="cms/block" block_id="mybanner"}}

However if you want the static block to be a part if your header or left column or the right one then you’ll need to go in an change the respective .phtml file

Say you want the static block on the left column then

Locate the left_col.phtml file it should be at this path

/app/design/frontend/default/default/template/callouts/left_col.phtml

open it up and add the following line where ever you want to display the block

<?php echo $this->getLayout()->createBlock('cms/block')->setBlockId('mybanner')->toHtml() ?>

That should do the trick.

Oh and make sure you have Cache Disabled  all this while, otherwise its like banging your head against a brick wall !!

System > Cache Management

Integrating the Magento LiveChat Extention

Most Shopping Sites need a Live Chat to help the visitors get their questions answered

Mangento has a faily popular extention called the MagentoLiveChat Available here

http://www.magentocommerce.com/extension/808/livechat

Creating the Operatior can get a little tricky so follow the steps here

http://www.magentocommerce.com/wiki/modules_reference/english/beck_livechat/operator_list/index

Adding a new Layout in Magento 1.3.2.1

If you need to create a new layout for a Magento Site, its not a straight forward thing..
Here are the steps you need to follow.
First create the layout file.. I’m calling mine as home.phtml located at
design\frontend\default\default\template\page\home.phtml

Then you need to go in and edit the config.xml file located at
/app/code/core/Mage/Page/etc/config.xml

and add in the xml tags as follows within the < layouts >tag

<Homepage module="page" translate="label">
<label>Homepage</label>
<template>page/home.phtml</template>
<layout_handle>Homepage</layout_handle>
</Homepage>

Upload the files and in the admin when you edit the page under CMS and go into Custom Design you should now able to see the Homepage under the layouts drop down