------=_NextPart_000_00EC_01C554B9.B379BCF0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

A bit of an off-topic word of caution: Most of you probably heard that
Google launched a new Web Acceleration-service designed specifically for
broadband users. Google offers to use their massive network, pair it with
their caching and compression engines to deliver pages faster to the end
user.

The service is currently in beta, but already -aside from a number of
privacy issues- a quite annoying bug surfaced: While the service doesn't
handle encrypted pages, it has been seen that unencrypted pages delivered
through it might in some cases return other people's cookies (cached from
previous visitors to the same page), form content and even login and
passwords. Obviously, this is not really something that anybody wants to
happen.

I am not aware of any technique (other than using SSL for all forms) to
avoid this kind of errors. In the case of Merchant, customer information
screens are usually encrypted, however basket information isn't. Even if the
potential risk of an intrusion or session hijacking might be relatively low,
this makes it once again important to remind users to do the day-to-day
Merchant administration via SSL. (Yeah, we all know that this should be the
case, but how many store editors still don't use it???).

Personally, I won't use this new service (I really don't like the idea of
them knowing everything about my browsing patterns and I am quite sure that
they'll mine the data to deliver potentially competing products and services
via their advertising network ), however I am sure that many
visitors/customers will.

Maybe some of you have made your own experiences or more information about
it which you could share; especially of interest and importance is of course
if you see (or don't see) any problems with it.

Thanks,

markus


------=_NextPart_000_00EC_01C554B9.B379BCF0--