Wednesday, December 06, 2006
Top 10 Ajax Security Holes and Driving Factors
This following article is by Shreeraj Shah - net square
One of the central ingredients of Web 2.0 applications is Ajax encompassed by JavaScripts. This phase of evolution has transformed the Web into a superplatform. Not surprisingly, this transformation has also given rise to a new breed of worms and viruses such as Yamanner, Samy and Spaceflash. Portals like Google, NetFlix, Yahoo and MySpace have witnessed new vulnerabilities in the last few months. These vulnerabilities can be leveraged by attackers to perform Phishing, Cross-site Scripting (XSS) and Cross-Site Request Forgery (XSRF) exploitation.
There is no inherent security weakness in Ajax but adaptation of this technology vector has changed the Web application development approach and methodology significantly. Data and object serialization was very difficult in the old days when DCOM and CORBA formed the core middleware tier. Ajax can consume XML, HTML, JS Array, JSON, JS Objects and other customized objects using simple GET, POST or SOAP calls; all this without invoking any middleware tier. This integration has brought about a relatively seamless data exchange between an application server and a browser. Information coming from the server is injected into the current DOM context dynamically and the state of the browser’s DOM gets recharged. Before we take a look at security holes let’s examine the key factors that seem to be driving Web 2.0 vulnerabilities.
Multiple scattered end points and hidden calls – One of the major differences between Web 2.0 applications and Web 1.0 is the information access mechanism. A Web 2.0 application has several endpoints for Ajax as compared to its predecessor Web 1.0. Potential Ajax calls are scattered all over the browser page and can be invoked by respective events. Not only does this scattering of Ajax calls make it difficult for developers to handle, but also tends to induce sloppy coding practices given the fact that these calls are hidden and not easily obvious.
Validation confusion – One of the important factors in an application is input and outgoing content validation. Web 2.0 applications use bridges, mashups, feeds, etc. In many cases it is assumed that the “other party” (read server-side or client-side code) has implemented validation and this confusion leads to neither party implementing proper validation control.
Untrusted information sources – Web 2.0 applications fetch information from various untrusted sources such as feeds, blogs, search results. This content is never validated prior to being served to the end browser, leading to cross-site exploitation. It is also possible to load JavaScript in the browser that forces the browser to make cross-domain calls and opens up security holes. This can be lethal and leveraged by virus and worms.
Data serialization – Browsers can invoke an Ajax call and perform data serialization. It can fetch JS array, Objects, Feeds, XML files, HTML blocks and JSON. If any of these serialization blocks can be intercepted and manipulated, the browser can be forced to execute malicious scripts. Data serialization with untrusted information can be a lethal combination for end-user security.
Dynamic script construction & execution – Ajax opens up a backend channel and fetches information from the server and passes it to the DOM. In order to achieve this one of the requirements is the dynamic execution of JavaScripts to update the state of the DOM or the browser’s page memory. This is achieved by calling customized functions or the eval() function. The consequence of not validating content or of making an insecure call can range from a session compromise to the execution of malicious content.
Web 2.0 applications can become vulnerable with one or more lapses mentioned above. If developers have not taken enough precautions in putting in place security controls, then security issues can be opened up on both the server as well as browser ends. Here is a list and brief overview of ten possible security holes.
(1) Malformed JS Object serialization
JavaScript supports Object-Oriented Programming (OOP) techniques. It has many different built-in objects and allows the creation of user objects as well. A new object can be created using new object() or simple inline code as shown next:
message = {
from : "john@example.com",
to : "jerry@victim.com",
subject : "I am fine",
body : "Long message here",
showsubject : function(){document.write(this.subject)}
};
Here is a simple message object that has different fields required for email. This object can be serialized using Ajax and consumed by JavaScript code. The programmer can either assign it to the variable and process it or make eval(). If an attacker sends a malicious “subject” line embedded with script then it makes the reader a victim of cross-site scripting attacks. A JS object can have both data and methods. Improper usage of JS object serialization can open up a security hole that can be exploited by crafty packet injection code.
(2) JSON pair injection
JavaScript Object Notation (JSON) is a simple and effective lightweight data exchange format and one that can contain object, array, hash table, vector and list data structures. JSON is supported by JavaScript, Python, C, C++, C# and Perl languages. Serialization of JSON is a very effective exchange mechanism in Web 2.0 applications. Developers choose JSON over Ajax very frequently and fetch and pass required information to the DOM. Here is a simple JSON object “bookmarks” object with different name-value pair.
{"bookmarks":[{"Link":"www.example.com","Desc":"Interesting link"}]}
It is possible to inject a malicious script in either Link or Desc. If it gets injected into the DOM and executes, it falls into the XSS category. This is another way of serializing malicious content to the end-user.
(3) JS Array poisoning
JS array is another very popular object for serialization. It is easy to port across platforms and is effective in a cross-language framework. Poisoning a JS array spoils the DOM context. A JS array can be exploited with simple cross-site scripting in the browser. Here is a sample JS array:
new Array(“Laptop”, “Thinkpad”, “T60”, “Used”, “900$”, “It is great and I have used it for 2 years”)
This array is passed by an auction site for a used laptop. If this array object is not properly sanitized on the server-side, a user can inject a script in the last field. This injection can compromise the browser and can be exploited by an attack agent.
(4) Manipulated XML stream
An Ajax call consumes XML from various locations. These XML blocks originate from Web services running on SOAP, REST or XML-RPC. These Web services are consumed over proxy bridges from third-parties. If this third-party XML stream is manipulated by an attacker then the attacker can inject malformed content.
The browser consumes this stream from its own little XML parser. This XML parser can be vulnerable to different XML bombs. It is also possible to inject a script in this stream which can again, lead to cross-site scripting (XSS). XML consumption in the browser without proper validation can compromise the end-client.
(5) Script injection in DOM
The first four holes were the result of issues with serialization. Once this serialized stream of object is received in the browser, developers make certain calls to access the DOM. The objective is to “repaint” or “recharge” the DOM with new content. This can be done by calling eval(), a customized function or document.write(). If these calls are made on untrusted information streams, the browser would be vulnerable to a DOM manipulation vulnerability. There are several document.*() calls that can be utilized by attack agents to inject XSS into the DOM context.
For example, consider this line of JavaScript code, Document.write(product-review)
Here, “Product-review” is a variable originating from a third-party blog. What if it contains JavaScript? The answer is obvious. It will get executed in the browser.
Full Article: Click to Read This Article
Thursday, April 07, 2005
RSS is Not Only for Blogs
Contrary to popular opinion, RSS is not only good for delivering content from your blog, although blogs are what made RSS so popular.
In fact, RSS can be used to deliver a great variety of content and content types. If you can break down your content in to individual stories or individual pieces, you can deliver it via RSS.
Just to give you an impression of the power of RSS, here are some examples of content you can publish using it …
--> MarketingVOX is using RSS to deliver internet marketing news to their readers as it becomes available. Instead of having to wait to receive all the news in a single e-mail newsletter, RSS users get them as soon as they are ready.
--> Amazon.com is using RSS to announce their bestsellers and to help their users keep track of releases they are most interested in.
--> Some affiliate managers already communicate with their affiliates using RSS. You can of course use it to communicate with any other target audience as well, such as your employees or team-members, and even your company owners.
--> FindSavings.com uses RSS to deliver savings coupons and related information.
--> Lockergnome uses RSS to provide visitors with the latest downloads and relevant software. Yet again other companies are using RSS to deliver product updates and patches directly to their customers, just as they become available.
--> A few hundred content publishers are using RSS to deliver audio content, such as .mp3 interviews and even “radio” shows.
--> Textamerica.com allows people to post pictures, videos & text from their mobile phones and then make this content available via RSS feeds.
--> Other companies are using RSS to deliver whitepapers and other educational content.
--> One company uses RSS as a consulting billing awareness tool. The consultants create activity reports and the RSS feeds from the activity channels carry the billable information to the accounting staff for invoice preparation.
--> Many internet publishers are using RSS to deliver their newsletters, as a supplement to their e-mail delivery. Since many people no longer want to give their e-mail address away to publishers, this is a great way to keep your e-zine readership growing.
--> Publish living digital catalogues of your products and provide your customers with your latest product releases, broken down by the categories they're interested in, and make it easy for them to order.
--> Provide your affiliates and marketing partners with RSS feeds they can promote to their visitors to better promote your products and still make a commission. Amazon.com is already doing it. When are you starting?
--> Create RSS autoresponders with scheduled messages, to keep in constant “marketing” contact with your prospects and slowly get them to the point of purchase.
--> Provide limited-access content to your customers, employees, team members and even investors, without fearing other unwanted eyes. Use RSS for internal communications, teamworking and other needs.
--> Provide your customers with easy access to software updates, delivered to them exactly as they become available, without the fuss of having to visit your web site or deal with huge e-mail attachments, which would get blocked by spam filters anyway.
--> Newsreporters are constantly bombarded with e-mail, so why not instead deliver your press releases via RSS? Or even better yet, why not deliver some of your releases as video comments, interviews or statements from your company managers or owners?
--> Help your visitors keep up with what’s going on in your web forum, by publishing your latest forum posts or whole threads via RSS.
And yet these are still only a few examples of what you can do with RSS today, since something new comes up almost every day.
Are you as well already among those taking advantage of the marketing & publishing power of RSS?
------------------------
Rok Hrastnik is the author of »Unleash the Marketing & Publishing Power of RSS«, acclaimed as the best and most comprehensive guide to RSS for marketers by leading RSS experts. The complete guide on RSS for marketers: http://rss.marketingstudies.net/index.html?src=sa3
7 Incredibly Simple Ways To Profit Wildly From Public Domain Material
“7 Incredibly Simple Ways To Profit Wildly From Public Domain Material”
Copyright © 2005 Ewen ChiaIf you’re in the business of marketing online, a major portion of your income will come from your ability to deliver quality content and products to your market.
Now, besides creating these yourself, one of the quickest and cheapest way to acquire all the content and products you need is in the public domain.
Whatever your requirements, you can find almost anything in the public domain. Examples include texts, audio, images, stock video, music and software...which you can flexibly use in whichever ways you want!
A word of warning though...
While a large portion of this material is "fair use", not all the works entered into the public domain database are clear of copyright restrictions.
A true public domain work is information open to the public for use, including copying, distributing and modification at no cost. Currently works published 75 years ago are considered to be public domain, while those published from 1924-1963 may be public domain - IF the copyright was not renewed.
I would highly recommend reading the public domain FAQ pages at these websites first before you use any material:
http://www.gutenberg.org
http://www.pdimages.com
http://www.pdmusic.org
http://digital.library.upenn.edu/books
However - if you desire an easier and quicker method of monetizing the public domain, you will be amazed at what you can do at ==> http://www.miniebook.com/files.htm
Assuming you now have all the public domain content you want, the million dollar question is:
"How do I truly monetize them to create long-term profit streams?"
The answer is in these 7 simple methods:
Method #1: Kick Start An Information Empire
How many mini sites in a week can you set up to sell info-products that has already been created for you? It's a no-brainer.
Public domain provides the perfect opportunity for creating an empire of super profitable mini sites that can each make money on autopilot for you. It's really a numbers game...
If one mini site generates a conservative $300 per month, ten of these would mean a nice income of $3,000 every month! What if you just concentrate on getting the formula down to a science and duplicate these mini sales machines every day? Think about it.
Apply this concept to auction listings and you can also create a fortune with public domain and eBay.
Method #2: Churn Out Complete Niche Websites
Split up public domain material and use them as pages of targeted niche content for your website. It's a simple idea but hardly anyone exploit it.
All you do is select relevant public domain books and break them down into instant content. With a little SEO skills, planning and targeted keyword-based public domain content, you can spit out new websites that ranks highly in the search engines overnight.
This is a better solution and enhancement to automated site creation tools, which being essentially carbon copies of each other, have high risks of being banned.
While it takes work, this is one quick way to develop new niche sites on demand. You can then profit from them using Google Adsense, affiliate programs and advertising revenues. This method can also be applied to blogs.
Method #3: Get Traffic With Viral Lead Generators
A proven way to generate free and highly-targeted traffic is to create lead generating mini ebooks and make them viral. This is a strategy I reveal in detail in “Mini eBook Secrets” at ==> http://www.miniebook.com.
Basically public domain material can be fully or partially used as content for your mini ebooks, which you simply create and give away to bring back traffic to your site. Adding a viral marketing effect to your mini ebooks will explode your traffic for life - without any cost to you.
Not many people are using public domain in this way and it'll be highly profitable for you to do so.
Method #4: Follow-up For Maximum Profits
It's a proven fact that following up with your prospects through an autoresponder sequence or ecourse is bound to increase your sales. This is where you can use content from the public domain to great effect.
If you can cut and paste, you can create a quality ecourse with public domain works. It's as easy as it gets.
Method #5: Achieve Instant Recognition And Credibility
This one is good - split the public domain book's content into hundreds of articles with YOUR name and resource box on them.
Then simply submit these 'instant' articles and sit back. Your personal branding and name recognition will skyrocket beyond belief! You'll also receive credibility and expert status with your articles, provided they're good.
By the way, get this free report to populate your articles on thousands of sites and ezines:
==> http://www.instantmarketingsecrets.com/lifetime.htm
Method #6: Create Multiple Products At Lightning Speed
Have you thought about repackaging and creating different products out of public domain material? Just changing the format can vastly increase the perceive value and worth of the product.
You can take a public domain book and split it up into modules, create audio recordings or market it as a paid subscription newsletter for tons more profits than just selling it as a single ebook. Just changing the format can vastly increase the perceive value and worth of the product.
Another idea is to combine a few books with a common topic as a themed package. You can then sell resale rights to it and generate instant backend cash. Or create a high-ticket item by combining manuals, audio and dvds together.
The possibilities are huge!
Method #7: Use Them As Special Bonuses
Public domain material make excellent bonuses for your main product when you're looking for increased value. Other uses of bonuses include:
As extra incentives for your affiliate promotions; as incentives for publishing articles; or even for a simple purpose like clicking to a site. You get the idea :-)
Apply these 7 methods and your traffic, sales and income will surely surge.
If you're ready to profit wildly from public domain material, check this out now ==> http://www.miniebook.com/files.htm
Ewen Chia's Free Secret Manual "Web Money Formula" Reveals How You Can Start Making Quick Cash Online In As Little As 7 Days...Even From Scratch!
Click Now For Instant Download:
http://www.InstantMarketingSecrets.com
HOW To Increase Your Traffic Using Reciprocal Links
Could you use an extra 500,000+ visitors to your site each year?
What if I told you there was a way to do this for free, using the time it takes you to watch your favorite TV show each week, would you be interested?
I'm sure you would tell me to stop hitting the bottle so hard, it isn't possible.
Well you would be wrong on both counts. For starters, I don't drink. Secondly, it is possible to rake in huge amounts of traffic for free.
How do I know this? Simply put, I am living proof it works.
I don't pay a single dime in advertising costs, and it only takes a few hours a month to produce this traffic.
So what is my secret? Reciprocal links!
Reciprocal linking is one of the most powerful and effective advertising concepts on the Web. Yet it is vastly underutilized by most Webmasters.
I have thousands of links pointing to my site:
http://www.freeclassifiedlinks.com
These links are responsible for 75% of my traffic.
I almost feel guilty that I am able to generate this traffic so easily.
Here is the secret to my success: Everything is automated!
I simply don't have time to manually add my partners new links by hand. Therefore, I have a site engine that allows my partners to enter their site information, then tells them how to add my link to their Website.
It is so simple, that I'm astounded more Webmasters don't utilize these techniques.
Here is a quick start guide to automating your linking strategies:
1.) Choose the right software
You must have a way for link partners to add their Website information automatically. There are dozens of software programs on the Web that will accomplish this.
I personally use Reciprocal Manager:
http://www.freeclassifiedlinks.com/rm.html
To find similar programs, simply go to Download.com and search on "Link Exchange Software" for more programs.
2.) Find high quality Websites to exchange links with
There are a couple of ways to accomplish this:
- You can use software such as SEO Elite to find highly targeted link exchange partners.
SEO Elite - http://www.freeclassifiedlinks.com/seoelite.html
- Use Alexia to find high traffic link partners for your site.
Alexia is a very powerful search engine that allows you to:
* Search the Web and other resources directly from your toolbar.* Obtain traffic and contact information for each site.* Surf more efficiently with related links for each page.
The information found on Alexia is very powerful, yet it can become quite time consuming contacting each Webmaster individually (Remember to automate as many tasks as possible).
http://www.alexa.com/
- Subscribe to these reciprocal links newsletters:
Elite Links -http://www.freeclassifiedlinks.com/elitelinks.html
Zebulon Exchange of Links -http://www.2000clipart.com/zelus/index.htm
Each newsletter is packed with Websites looking to exchange links.
3.) To keep track of your link popularity, visit:
http://www.linkpopularity.com/
You will see a major spike in traffic to your Website within a few short months of starting your link campaign.
It is important that you set aside a day or two each week to run your campaign.
Remember, you will only get of your campaign, what you put into it.
------------------------
Jason Tarasi publishes the newsletter "My Secrets To Success." Subscribe now and DISCOVER the Rags to Riches stories from some of the most successful Internet marketers online. Claim you free lifetime subscription now by visiting: http://www.mysecretstosuccess.com/
Saturday, April 02, 2005
What Are Blogs?
Designing and Building Your Small Business Website
Friday, April 01, 2005
Steps to Creating and Promoting RSS Feeds
Saturday, March 19, 2005
Overview of Cellular Phone Carriers
Overview of Cellular Phone Carriers
by: Declan Tobin
How many times have you heard of people spending hundreds of dollars on the
latest and greatest cell phone only to be disappointed by the bad signal?
Dropping calls is another very annoying occurrence with cell phones. You need to
look very carefully into the cell phone carrier that you wish to sign up with.
You will be signing a contract usually for one year so make sure it’s money well
spent.
Who are the main cell phone carrier?
- AT&T
- T-Mobile
- Verizon Wireless
- Cingular
- Nextel
- ALLTEL
- Sprint PCS
The above carriers are only a hand full in and every expanding mobile world.
All will approach with special offers and incentives with camera cell phones etc
to sign you up. The positives are obvious. You get a free cell phone and maybe
some extra minutes talk time but they get a customer for a year. Most carriers
have good coverage but it is worth your while looking at your options.
If you rely on your cell phone for work such as sales reps or drivers etc you
need to look into the roaming charges. Some people think the charges may only
vary slightly from one carrier to another so why bother. This is a lazy approach
and untrue. You could save yourself hundreds of dollars per year simply by
looking around. You can check the rates out online on most of the carrier’s
websites. Roaming rates can be expensive so look long and hard before you
decide.
I don’t need to travel so roaming charges are not a worry to me:
If you are happy enough using your phone mainly from the house or just
plodding around you are not going to have any concern of high charges for
roaming, but there are other ways to save money and lots of it. Many people
never think too much about the SMS Text messages they send. Yes it saves money
rather than calling and it is fast and generally reliable, however, different
carriers have different text rates. You might not think that one-cent saving in
not much and rightly so but if you are a regular Text user you need look at the
overall yearly saving. Most cell phone carrier companies will offer special
saving incentives on SMS Text so look into it.
Where else can I save money?
The latest and the greatest, the camera phone is as popular as a DVD.
Everywhere you look people seem to have them. Great fun and very handy for that
special moment for when you only wished you had a camera but very I repeat very
expensive you decide to send many pictures to friends and family. Here by
looking at your different options you can save plenty of you hard earned
dollars. All it takes is a quick look around the web or a phone call; most of
the carriers have free toll numbers. Monthly service rental will also vary from
one company to another.
Another Tip
With so many cellular phone stores around you will be spoiled for choice.
Remember stores make commission so if you are in a large shopping mall the
chances are that there are a number of different cell stores. Check out the
different rates and you will see a difference. Money is not everything, going
back to the start of this article you need to make sure that you have an
exceptional signal. If you are going to be a loyal customer for a year or so you
should expect nothing but the best back in service.
What if I already have my own cell phone?
This is not a problem. If you are out of contract with one of the cell phone
carriers you are free to look around just like from the beginning. You can
either use your own cell or take them up on their offers, as most will offer you
a free cell phone as a new user to the network.
What if I want to terminate my contract before it has officially ended?
Look long and hard at your contract before you sign, especially the smaller
print. All carriers have different clauses in their contract but if you want to
terminate early there usually is a penalty charge of some sort. One way out of
this is to get a prepaid cell phone where you have no contract. You are free to
swap from one carrier to another as you please. Be aware prepaid cell phones are
more expensive pre minute talk time and Text than if you where on a monthly fee.
| About The Author Declan Tobin is a successful freelance writer providing advice for Cell prepaid plans Carriers and more! His numerous articles provide a |
Saturday, March 12, 2005
Camera Cell Phones
The Pro's and Con's of Camera Cell Phones
by: Declan Tobin
All the major phone manufacturers are cashing in on the ever increasing
market in camera phones. Companies such as Nokia, Siemens, Motorola and many
more have seen their profits sore since the introduction of the camera cell
phone. Many of the cell phone carriers are offering a free camera phone for new
customers to their networks.
What are the benefits of owning a camera cell phone?
Yes the camera cell phone is a luxury and very affordable to buy but the
there are many advantages to having such a phone. How many times have you been
in a position where you wished “if only I had a camera” It’s easy to send a
picture to friends or family who may live far away or overseas. Pictures saved
on the camera can be easily uploaded to your home computer. Camera phones today
offer high resolution photos with red eye reduction and different zoom options.
You can take an excellent scenic photo and set it uniquely setup as your
background image. The quality of the photo will depend on the type of phone you
purchase but overall the camera phone is an excellent purchase.
Disadvantages of owning a camera cell phone:
Like everything there is always a downside. Camera cell phones have a number
of disadvantages over standard cell phones. Firstly they are generally more
expensive to buy. Sending photos to friends or family from your cell phone is a
costly activity. You need to check with your cell phone carrier to see the
rates. It is much more expensive than sending a general text. Sometimes the
quality of the photo is not as clear as you may have expected. Some people find
it difficult to focus the lens using the phone.
It can be costly if the lens gets cracked and needs to be replaced (some
camera phone lens cannot be replaced and the whole phone will need to be
changed)
Remember if you are purchasing a camera cell phone go the extra mile and get
insurance. Unfortunately in today’s world they are the type of gadget that pick
pockets only love.
What is the cheapest way to get a camera cell phone?
If you a new user to the mobile world check out the different cell phone
promotions offered by the carriers such as Cingular, T-Mobile, Verizon and
others. These types of companies will offer free camera phones if you sign up to
their network. Generally the camera phone will not be the top of the range but
certainly good enough for you to practice with as your first camera cell phone.
Once you have been on the network (generally for 6 months to one year) you may
be entitled to an upgrade / trade in (check with the carrier before you sign any
contracts).
Photo and movies:
Apart from photos most camera cell phones can act as a mini camcorder. You
generally get a 30 second movie feature with even the basic camera phone. You
can even upload or sync the movie clip you have just created to your PC and
transfer to the Internet or simply email it to friends or family. This feature
is ideal for special occasions such as birthdays or even a wedding clip for
those who cannot travel.
Overview:
The camera cell phone is by far the best seller on today’s market. Very
popular with people of all ages. They are convenient and generally inexpensive
to run (providing you do not abuse sending photos all the time to friends). If
you are not at the level of a professional photographer and just want the party
or fun pictures the camera cell phone is ideal, small and tidy to carry and
mostly good quality pictures.
Remember to shop around for the best offers and ask the different carriers
their rates for sending pictures MMS. You will be surprised at the different
rates offered. Camera cell phones are also available as a prepaid cell phone but
remember, prepaid cell phones a more expensive than one with line rental and MMS
rates are generally very high per text.
| About The Author Declan Tobin is a successful freelance writer providing advice for |
Thursday, March 10, 2005
Awesome Ways to Get Outdoors!!!
Chuck Fitzgerald C2005. All Rights Reserved.
Are you looking for fresh ways to spend time with your friends
and family? Outdoor activities getting a little boring are they?
With your fast paced life gaining speed all the time, it's easy
to stick to what's familiar; but is that any way to live? Let's
take a few minutes and look at how easy it is to break out of the
same-ole-routine and into the new with wholesome activities near
home and out of doors. Read on to see why it's tough to beat
having fun with friends and family outdoors in the fresh air.
One of the first things we notice as we step outdoors and into
nature is that we are not alone. Life surrounds us. So the
first thing to do is to slow down and have a look around. While
you're looking, why not do some bird watching. It's fun, easy to
do and inexpensive. All you need are birds and they are
everywhere. Make a family game out of it. Who can find the
first bird with the color blue on it? How many ducks are on the
pond? Are they all the same kind? You get the idea. But be
careful, once you start bird watching you'll find it difficult to
stop. Before long you'll have a good pair of birding binoculars
and a field guide for your part of the country. Then you'll be a
bird watcher with birding fever. The best part of bird watching
is spending time with others outdoors; and birding is a hobby
you'll love for the rest of your life.
If you need a sport that's a little more high tech, give
geocaching a shot. Geocaching is the sport where you use your
handheld GPS receiver to find caches hidden by others using their
GPS receivers. This is something you can do by yourself, with
friends or with your children. Geocaching teaches outdoor
navigation in a fun and interactive way while allowing you to
explore your own neighborhood and beyond. You'll learn new words
and phrases such as cache coordinates, travel bugs, micro-caches,
benchmarking and geoteaming. All you need is internet access and
a GPS receiver; some GPS receivers retail for many hundreds of
dollars but many models are available for around $100. Although
the sport is active in over 200 countries, most geocachers enjoy
playing the game in their own neighborhoods. It's awesome!
If a GPS receiver isn't in your budget right now, perhaps you
might give Letterboxing a try. Letterboxing is similar to
geocaching in that you are searching for a hidden treasure, but
in this case it is called a box not a cache and you use clues
versus coordinates to locate the treasure. There are other
components to the Letterboxing game such as rubber stamps and log
books. Letterboxing is inexpensive, loads of fun and addictive.
So what's next? How about the oldest of all outdoor hobbies?
That's right, stargazing. If you live in a large city and spend
all of your time there, it's easy to forget about the night sky
because you can't see it. But it's still there and provides
breath taking views that are impossible to communicate. So grab
a jacket, a pair of binoculars and a loved one and go somewhere
nearby where you can have an unobstructed view of the night sky
with as little light pollution as possible. With a pair of
binoculars you should be able to see man-made satellites, the
moons of Jupiter and craters on our own Moon. Once you catch the
stargazing fever you'll move up to a telescope where you can
point it virtually anywhere in the night sky and be awe struck.
There is so much available to us outdoors. Try something new
like bird watching, geocaching, letterboxing or stargazing. Each
of these activities has a large on-line community ready to share
its sport, its tips and its passion with you. Visit our on-line
education center and we'll point you in the right direction.
Not everyone has the skill or desire to climb Mount Everest, hike
the Appalachian Trail or sail the world's oceans. But there is
something everyone can do near their own homes that will open the
eyes and their minds to the beauty of nature. Take a few hours
this week and spend it outdoors with someone you like. Use
this information and you'll Get It Right The First Time. Get
Outdoors!
============================================
About the author: Chuck Fitzgerald is the owner of Arizona based
BackCountry Toys, an online specialty store with the "Best Gear
Out There" and dedicated to helping outdoor enthusiasts to "Get
It Right The First Time" with timely educational information.
Please visit www.BackCountryToys.com to find great gear and to
receive the Fact & Tips e-newsletter, "FreshAir." (800)
316-9055.
