The hacking community has viewed the attacks on major websites this week with disdain.
On websites, chatrooms and bulletin boards used by self-proclaimed hackers, the people behind the raids have been slammed as "packet monkeys", the lowest form of hacker.
Others have used more derogatory language.
Hackers see themselves as skilled artisans, studying computer systems and security, then using their programming skill to expose loopholes.
They gain the respect of their peers by breaking into well-protected systems. For many the attacks on sites such as Yahoo and Amazon did a diservice to hackers.
'Script kiddies'
"The guys who got Yahoo aren't hackers, they're script kiddies," said one message posted on a news group.
mitnick Mitnick: A hacking legend
An article on the hacker information site, Hacker News Network, dubbed the attackers "pathetic kids."
"There is no grace, no skill, and no intellect behind these attacks. You are not a hacker and you do not deserve respect for your childish actions," it said.
"You are no better than the twisted individuals who spray a crowd of innocent bystanders with a machine gun, only to nick your intended target."
Hackers are keen to distance themselves from those who seek to create havoc on the internet. They argue they are motivated by intellectual stimulation rather than profit or malice.
"If you can't express yourself better than a saturation attack, and can't deal with being called a name or wronged somehow, seek help offline. You sorely need it," said the Hacker News Network article.
No special knowledge
The cyber assaults were mounted using software readily available over the internet which allows someone to send huge amounts of information to a computer system, overloading it.
For hackers, this sort of attack, called a Denial of Service, requires no special programming knowledge.
But some security experts have warned that the nature of the raids suggests a well-organised and sophisticated group at work.
An e-mail from Yahoo engineers said the vandals knew what servers to target to cause the maximum disruption.
It described the Yahoo attackers as "smart and above your average script-kiddie," saying they "probably know both Unix and networking pretty well and learn about site topology to find weak spots."
In the hacking underground, technically-skilled but often alienated individuals earn respect of their peers by showing flashes of brilliance in exposing the vulnerability of a computer system.
Most hackers are anonymous, known only by their internet monikers.
Perhaps the most famous is Kevin Mitnick. A legend in hacker circles, he once headed the FBI's most wanted list.
He has just been released from jail, following a five-year prison sentence for a series of high-profile break-ins into the systems of, among others, Motorola, Nokia, Fujitsu, Novell, NEC, and Sun Microsystems.
Some in the hacking community have also rounded on the media over their reporting of the attacks, saying it is unfair to point the finger at hackers.
"We cannot permit them or anyone else to lay the blame on hackers," said the front page of one of the main hacking publication on the internet, 2600 Magazine.
"So far, the corporate media has done a very bad job covering this story, blaming hackers and in the next sentence admitting they have no idea who's behind it."
Pakistan
Benazir Bhutto - from pariah to martyr...?
Benazir Bhutto is under house arrest. Politically, is that good news for her? And are we witnessing the beginning of the end for General Musharraf?
Floods
We can't hold back the tides - nor could King Canute - but could we at least stop so much building on flood plains storing up inevitable disasters in the future?
Liz MacKean is in Lincolnshire to find out why planning permission has been granted to high risk housing schemes.
iPhone hackers
The new iPhone is coming out at 18:02 tonight, and hackers are already working out how to unlock the expensive tie in contract with O2. With every new advance in IT and the web, an increasing number of "Geek Guerrillas" are liberating the technology to make it free for the consumer. Who are they and - apart from the obvious - what motivates them? Paul Mason finds out.
And don't forget that Newsnight Review will be live in New York.
Benazir Bhutto - from pariah to martyr...?
Benazir Bhutto is under house arrest. Politically, is that good news for her? And are we witnessing the beginning of the end for General Musharraf?
Floods
We can't hold back the tides - nor could King Canute - but could we at least stop so much building on flood plains storing up inevitable disasters in the future?
Liz MacKean is in Lincolnshire to find out why planning permission has been granted to high risk housing schemes.
iPhone hackers
The new iPhone is coming out at 18:02 tonight, and hackers are already working out how to unlock the expensive tie in contract with O2. With every new advance in IT and the web, an increasing number of "Geek Guerrillas" are liberating the technology to make it free for the consumer. Who are they and - apart from the obvious - what motivates them? Paul Mason finds out.
And don't forget that Newsnight Review will be live in New York.
Course to produce expert hackers
A new qualification in computer hacking has been set up at a university with the help of a computer specialist based at Sawston near Cambridge.
The University of Glamorgan is offering a postgraduate certificate in penetration testing designed with the help of 7 Safe Information Security.
Learning ways to break into computers is essential so that systems can be developed to defeat the real hackers.
Penetration testing means hacking into computer systems to assess integrity.
Previously companies employed ex-hackers to test computer systems.
Nowadays it is more usual to employ computer professionals.
The University of Glamorgan is offering a postgraduate certificate in penetration testing designed with the help of 7 Safe Information Security.
Learning ways to break into computers is essential so that systems can be developed to defeat the real hackers.
Penetration testing means hacking into computer systems to assess integrity.
Previously companies employed ex-hackers to test computer systems.
Nowadays it is more usual to employ computer professionals.
SMB Hacking Tools
Hacking Tool: SMB Grind
SMBGrind increases the speed of LOphtcrack sessions on sniffer dumps by removing duplication and providing a facility to target specific users without having to edit the dump files manually.
One way of increasing the speed of LOphtCrack sessions on sniffer dumps is to remove duplication and provide a facility to target specific users without having to edit the dump files manually. Therefore password cracking becomes a time-consuming laborious process unless it is targeted towards particular passwords.
If an attacker can force a NetBIOS connection from its target it can retrieve the user authentication information of the currently logged in user. On its part SMB protocol uses a challenge-response method of authentication to prevent replay attacks and complicate cracking. The challenge is eight bytes of randomly generated data which the client encrypts using the password as an encryption key. If this can be obtained, the session can be hijacked as well. But this is not always easy.
SMBGrind is a tool that seeks to solve this problem and make password cracking by LOphtCrack faster. It removes duplicates and saves the file to disk so that the attacker can e-mail the filtered file directly from within SMB Grinder via the File-Send menu option.
Hacking Tool: SMBDie
SMBDie tool crashes computers running Windows 2000/XP/NT by sending specially crafted SMB request
SMBDie is another tool that takes advantage of the implementation of a protocol by a vendor. The vulnerability results because of a flaw in the way Microsoft's implementation of SMB receives a packet requesting the SMB service. Two SMB exploit programs - SMBDie and smbnuke exploit the vulnerability the same way.
An attacker can launch a denial of service by establishing a valid SMB session to a Windows NT/2000/XP system, and then sending a specially crafted transaction packet to request the NetServerEnum2, NetServerEnum3 or NetShareEnum functions. In the SMB transaction packet, if either or both of "Max Param Count" and "Max Data Count" values are equal to zero, then the server miscalculates the length of the first buffer. This causes the next chunk in the heap to be overwritten. Once the first buffer is released then the heap will be in an inconsistent state and will cause a blue screen of death. The attacker can use both a user account and anonymous access to accomplish this.
Any machine on the network including systems that are connected via VPN can launch this attack. All that an attacker needs is the IP address and NetBIOS name of the target system. The attack registers an entry in the system log when it is successful but does not indicate the source of the attack. Countermeasures include blocking access to SMB ports from untrusted networks. By blocking TCP ports 445 and 139 at the network perimeter, administrators can prevent the attack from untrusted parties. Additionally, the LAN man server service can be stopped which prevents the attack, but again may not be suitable on a file and print sharing server.
Hacking Tool: NBTDeputy
*
NBTDeputy register a NetBIOS computer name on the networkand is ready to respond to NetBT name-query requests.
*
NBT deputy helps to resolve IP address from NetBIOS computer name. It's similar to Proxy ARP.
*
This tool works well with SMBRelay.
*
For example, SMBRelay runs on a computer as ANONYMOUS-ONE and the IP address is 192.168.1.10 and NBT Deputy is also ran and 192.168.1.10 is specified. SMBRelay may connect to any XP or .NET server when the logon users access "My Network Places"
There are certain pre-requisites for NBTdeputy to be effective. NetBIOS over TCP/IP must be disabled as NBTdeputy uses port 137 and 138. The user must specify a unique computer name on the LAN because NBTdeputy does not check for existing computer names. The user must also specify an existing Workgroup on LAN as NBTdeputy does not become the Master Browser. NBTdeputy must exist on the same LAN as the targeted XP and .Net Server machines.
NetBIOS DoS Attack
*
Sending a 'NetBIOS Name Release' message to the NetBIOS Name Service (NBNS, UDP 137) on a target NT/2000 machine forces it to place its name in conflict so that the system will no longer will be able to use it.
*
This will block the client from participating in the NetBIOS network.
*
Tool: nbname
o
NBName can disable entire LANs and prevent machines from rejoining them.
o
Nodes on a NetBIOS network infected by the tool will think that their names already are being used by other machines.
NetBIOS is a set of defined software interfaces for vendor-independent PC networking and is primarily used on Microsoft Windows computers. The NetBIOS Name Service (NBNS) provides a means for hostname and address mapping on a NetBIOS-aware network. In Microsoft's implementation of the NBNS Name Server (Microsoft WINS Server) they mapped group names to the single IP address 255.255.255.255 (the limited broadcast address). In order to support real group names, Microsoft modified WINS to provide support for special groups. These groups appear differently in WINS. However, since an authentication mechanism has not been defined for NetBIOS running over TCP/IP protocol, all systems running NetBIOS services are vulnerable to spoofing attacks.
For instance, an attacker can send spoofed "Name Release" or "Name Conflict" messages to a target machine and force the target machine to remove its real name from its name table (as seen with nbtstat) and not respond to other NetBIOS requests. This results in a denial of service as the legitimate machine is not able to communicate with other NetBIOS hosts.
NBName is a tool written by Sir Dystic of the Cult of Dead Cow. It decodes and displays all NetBIOS name packets it receives on UDP port 137.
Using the /DENY * command line option it will respond negatively to all NetBIOS name registration packets it receives.
Using the /CONFLICT command line option it will send a name release request for each name that is not already in conflict to machines it receives an adapter status response from.
The /FINDALL command line option causes a wildcard name query request to be broadcast at startup and each machine that responds to the name query is sent an adapter status request.
The /ASTAT command line option causes an adapter status request to be sent to the specified IP address, which doesn't have to be on the local network.
Using /FINDALL /CONFLICT /DENY * will disable entire local NetBIOS network and prevent machines from rejoining it. Nodes on a NetBIOS network infected by the tool will think that their names already are being used.
---Regards,
SMBGrind increases the speed of LOphtcrack sessions on sniffer dumps by removing duplication and providing a facility to target specific users without having to edit the dump files manually.
One way of increasing the speed of LOphtCrack sessions on sniffer dumps is to remove duplication and provide a facility to target specific users without having to edit the dump files manually. Therefore password cracking becomes a time-consuming laborious process unless it is targeted towards particular passwords.
If an attacker can force a NetBIOS connection from its target it can retrieve the user authentication information of the currently logged in user. On its part SMB protocol uses a challenge-response method of authentication to prevent replay attacks and complicate cracking. The challenge is eight bytes of randomly generated data which the client encrypts using the password as an encryption key. If this can be obtained, the session can be hijacked as well. But this is not always easy.
SMBGrind is a tool that seeks to solve this problem and make password cracking by LOphtCrack faster. It removes duplicates and saves the file to disk so that the attacker can e-mail the filtered file directly from within SMB Grinder via the File-Send menu option.
Hacking Tool: SMBDie
SMBDie tool crashes computers running Windows 2000/XP/NT by sending specially crafted SMB request
SMBDie is another tool that takes advantage of the implementation of a protocol by a vendor. The vulnerability results because of a flaw in the way Microsoft's implementation of SMB receives a packet requesting the SMB service. Two SMB exploit programs - SMBDie and smbnuke exploit the vulnerability the same way.
An attacker can launch a denial of service by establishing a valid SMB session to a Windows NT/2000/XP system, and then sending a specially crafted transaction packet to request the NetServerEnum2, NetServerEnum3 or NetShareEnum functions. In the SMB transaction packet, if either or both of "Max Param Count" and "Max Data Count" values are equal to zero, then the server miscalculates the length of the first buffer. This causes the next chunk in the heap to be overwritten. Once the first buffer is released then the heap will be in an inconsistent state and will cause a blue screen of death. The attacker can use both a user account and anonymous access to accomplish this.
Any machine on the network including systems that are connected via VPN can launch this attack. All that an attacker needs is the IP address and NetBIOS name of the target system. The attack registers an entry in the system log when it is successful but does not indicate the source of the attack. Countermeasures include blocking access to SMB ports from untrusted networks. By blocking TCP ports 445 and 139 at the network perimeter, administrators can prevent the attack from untrusted parties. Additionally, the LAN man server service can be stopped which prevents the attack, but again may not be suitable on a file and print sharing server.
Hacking Tool: NBTDeputy
*
NBTDeputy register a NetBIOS computer name on the networkand is ready to respond to NetBT name-query requests.
*
NBT deputy helps to resolve IP address from NetBIOS computer name. It's similar to Proxy ARP.
*
This tool works well with SMBRelay.
*
For example, SMBRelay runs on a computer as ANONYMOUS-ONE and the IP address is 192.168.1.10 and NBT Deputy is also ran and 192.168.1.10 is specified. SMBRelay may connect to any XP or .NET server when the logon users access "My Network Places"
There are certain pre-requisites for NBTdeputy to be effective. NetBIOS over TCP/IP must be disabled as NBTdeputy uses port 137 and 138. The user must specify a unique computer name on the LAN because NBTdeputy does not check for existing computer names. The user must also specify an existing Workgroup on LAN as NBTdeputy does not become the Master Browser. NBTdeputy must exist on the same LAN as the targeted XP and .Net Server machines.
NetBIOS DoS Attack
*
Sending a 'NetBIOS Name Release' message to the NetBIOS Name Service (NBNS, UDP 137) on a target NT/2000 machine forces it to place its name in conflict so that the system will no longer will be able to use it.
*
This will block the client from participating in the NetBIOS network.
*
Tool: nbname
o
NBName can disable entire LANs and prevent machines from rejoining them.
o
Nodes on a NetBIOS network infected by the tool will think that their names already are being used by other machines.
NetBIOS is a set of defined software interfaces for vendor-independent PC networking and is primarily used on Microsoft Windows computers. The NetBIOS Name Service (NBNS) provides a means for hostname and address mapping on a NetBIOS-aware network. In Microsoft's implementation of the NBNS Name Server (Microsoft WINS Server) they mapped group names to the single IP address 255.255.255.255 (the limited broadcast address). In order to support real group names, Microsoft modified WINS to provide support for special groups. These groups appear differently in WINS. However, since an authentication mechanism has not been defined for NetBIOS running over TCP/IP protocol, all systems running NetBIOS services are vulnerable to spoofing attacks.
For instance, an attacker can send spoofed "Name Release" or "Name Conflict" messages to a target machine and force the target machine to remove its real name from its name table (as seen with nbtstat) and not respond to other NetBIOS requests. This results in a denial of service as the legitimate machine is not able to communicate with other NetBIOS hosts.
NBName is a tool written by Sir Dystic of the Cult of Dead Cow. It decodes and displays all NetBIOS name packets it receives on UDP port 137.
Using the /DENY * command line option it will respond negatively to all NetBIOS name registration packets it receives.
Using the /CONFLICT command line option it will send a name release request for each name that is not already in conflict to machines it receives an adapter status response from.
The /FINDALL command line option causes a wildcard name query request to be broadcast at startup and each machine that responds to the name query is sent an adapter status request.
The /ASTAT command line option causes an adapter status request to be sent to the specified IP address, which doesn't have to be on the local network.
Using /FINDALL /CONFLICT /DENY * will disable entire local NetBIOS network and prevent machines from rejoining it. Nodes on a NetBIOS network infected by the tool will think that their names already are being used.
---Regards,
Protecting against Session Hijacking
1.
Use Encryption
2.
Use a secure protocol
3.
Limit incoming connections
4.
Minimize remote access
5.
Have strong authentication.
Countermeasure
When practical, limit successful sessions to specific IP addresses. This usually only works when dealing within an intranet setting, where the IP ranges are predictable and finite.
Countermeasure
Re-authenticate the user before critical actions are performed. If possible, try to limit unique session tokens to each browser instance (e.g. generate the token with a hash of the MAC address of the computer and process id of the browser, etc.) Configure the appropriate spoof rules on gateways (internal and external). Monitor for ARP cache poisoning, by using IDS products or ARPwatch.
Countermeasure
Use x.509 certificates to prevent more traditional types of TCP hijacking.
Countermeasure
Use encryption. This can be done by one or more of the following.
*
Forcing all incoming connections from the outside world to be fully encrypted.
*
Forcing all connections to critical machines to be fully encrypted.
*
Forcing all traffic on the network to be encrypted.
*
Using encrypted protocols, like those found in the OpenSSH suite. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keygen and sftp-server.
Countermeasure
Use strong authentication (like Kerberos) or peer-to-peer VPN's.
Use Encryption
2.
Use a secure protocol
3.
Limit incoming connections
4.
Minimize remote access
5.
Have strong authentication.
Countermeasure
When practical, limit successful sessions to specific IP addresses. This usually only works when dealing within an intranet setting, where the IP ranges are predictable and finite.
Countermeasure
Re-authenticate the user before critical actions are performed. If possible, try to limit unique session tokens to each browser instance (e.g. generate the token with a hash of the MAC address of the computer and process id of the browser, etc.) Configure the appropriate spoof rules on gateways (internal and external). Monitor for ARP cache poisoning, by using IDS products or ARPwatch.
Countermeasure
Use x.509 certificates to prevent more traditional types of TCP hijacking.
Countermeasure
Use encryption. This can be done by one or more of the following.
*
Forcing all incoming connections from the outside world to be fully encrypted.
*
Forcing all connections to critical machines to be fully encrypted.
*
Forcing all traffic on the network to be encrypted.
*
Using encrypted protocols, like those found in the OpenSSH suite. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keygen and sftp-server.
Countermeasure
Use strong authentication (like Kerberos) or peer-to-peer VPN's.
Learn How to Disable Default Shares on Windows Operating System
* The default shares for Windows computers can be as useful to an attacker as the intended user.
* The default shares of concern are ADMIN$ and one for each logical disk on the system (C Drive = C$, D Drive = D$, etc.)
* Once an attacker has identified the default shares a dictionary attack can be attempted against these shares.
* To disable it, Open Control Panel/Administrative Tools/Computer Management (or right-click on My Computer and select Manage).
* Double-click the SHARES to open the shares to the computer and identify the default shares. In this example, the ADMIN$ and C$ are the shares of concern.
* Click on START/RUN and type Regedit. Click OK.
* Browse to the following: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/lanmanserver/parameters
* Right-click and select NEW, DWORD value. Enter the name of AutoShare-Server and enter a value of 0.
* Right-click and select NEW, DWORD value. Enter the name of AutoShare-Wks and enter a value of 0.
* Restart the computer.
* From the Computer Manager validate the same.
* The default shares of concern are ADMIN$ and one for each logical disk on the system (C Drive = C$, D Drive = D$, etc.)
* Once an attacker has identified the default shares a dictionary attack can be attempted against these shares.
* To disable it, Open Control Panel/Administrative Tools/Computer Management (or right-click on My Computer and select Manage).
* Double-click the SHARES to open the shares to the computer and identify the default shares. In this example, the ADMIN$ and C$ are the shares of concern.
* Click on START/RUN and type Regedit. Click OK.
* Browse to the following: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/lanmanserver/parameters
* Right-click and select NEW, DWORD value. Enter the name of AutoShare-Server and enter a value of 0.
* Right-click and select NEW, DWORD value. Enter the name of AutoShare-Wks and enter a value of 0.
* Restart the computer.
* From the Computer Manager validate the same.
Latest News U can UseThis is a featured page
Google Checkout Makes Holiday Shopping Even Faster and Easier This Year
New Survey Says Forty Percent of Americans Expected to Shop Online From Work This Holiday Season
The Monday after Thanksgiving – Cyber Monday – is expected to draw another record crowd of online shoppers this year, as people log on after spending the holiday weekend fighting the crowds and browsing through stores.
According to a new survey conducted by Harris Interactive and commissioned by Google Checkout, 40% of employed U.S. adults say they'll be doing at least some of their online holiday shopping from work this year, with 1 in 4 of those shoppers logging on to track down that perfect gift on Monday, November 27 (57% plan to shop during coffee and lunch breaks, while 34% will wait until the end of the workday).
Trying to squeeze online holiday shopping into already busy schedules, shoppers will be looking for even more speed and convenience this year. And while there are many online shopping options to make finding the right gift relatively easy, online shoppers still have to deal with hassles, such as entering billing, shipping, and contact information multiple times as they move from site to site. Google Checkout eliminates an average of 15 steps from the online checkout process, in many cases making checking out as simple as entering a single login. This can save a lot of time for online shoppers, who will visit an average of 5.5 websites for holiday gifts this season, according to the survey.
For the holidays, Google Checkout will also be offering users a variety of promotions for their holiday shopping. Through Tuesday, December 26, users will receive $10 off purchases of $30 or more, or $20 off purchases of $50 or more, depending on the merchant. And best of all, these promotions are reusable, no special registration is necessary, and there are none of the delays that come with rebates -- users will automatically see the credits applied as they make their purchases. For example, if users visit an average of five participating websites, they can redeem the promotion on each of those sites and save at least $50 on their holiday shopping.
Since the launch in June, thousands of merchants have added Google Checkout to their sites. So shoppers trying to cross things off their lists will be able to do so quickly and easily on a wide range of sites, including Buy.com, Starbucks Store, The Sports Authority, Ace Hardware, Timberland and many more.
"We understand that more and more holiday shoppers are looking to beat the crowds by heading online to cross items off their list," said Troy Brown, senior director of e-commerce at Timberland.com. "That's why we've partnered with Google Checkout to offer our customers another fast, easy, and secure checkout process to help them take advantage of our online holiday offers."
Shoppers will be able to find participating merchants and special promotions on a new Google Checkout holiday site (checkout.google.com/holiday) that will be launching on Cyber Monday. The site will provide information on the promotion and offer gift ideas in the most sought-after categories this year – which, according to the survey, include clothing, gift certificates, toys, electronics, DVDs, and music.
If you'd like to learn more about the survey results, the Google Checkout holiday site and promotions, or the ways that Checkout makes online shopping faster and more convenient, you can visit checkout.google.com/holiday on Cyber Monday, November 27.
New Survey Says Forty Percent of Americans Expected to Shop Online From Work This Holiday Season
The Monday after Thanksgiving – Cyber Monday – is expected to draw another record crowd of online shoppers this year, as people log on after spending the holiday weekend fighting the crowds and browsing through stores.
According to a new survey conducted by Harris Interactive and commissioned by Google Checkout, 40% of employed U.S. adults say they'll be doing at least some of their online holiday shopping from work this year, with 1 in 4 of those shoppers logging on to track down that perfect gift on Monday, November 27 (57% plan to shop during coffee and lunch breaks, while 34% will wait until the end of the workday).
Trying to squeeze online holiday shopping into already busy schedules, shoppers will be looking for even more speed and convenience this year. And while there are many online shopping options to make finding the right gift relatively easy, online shoppers still have to deal with hassles, such as entering billing, shipping, and contact information multiple times as they move from site to site. Google Checkout eliminates an average of 15 steps from the online checkout process, in many cases making checking out as simple as entering a single login. This can save a lot of time for online shoppers, who will visit an average of 5.5 websites for holiday gifts this season, according to the survey.
For the holidays, Google Checkout will also be offering users a variety of promotions for their holiday shopping. Through Tuesday, December 26, users will receive $10 off purchases of $30 or more, or $20 off purchases of $50 or more, depending on the merchant. And best of all, these promotions are reusable, no special registration is necessary, and there are none of the delays that come with rebates -- users will automatically see the credits applied as they make their purchases. For example, if users visit an average of five participating websites, they can redeem the promotion on each of those sites and save at least $50 on their holiday shopping.
Since the launch in June, thousands of merchants have added Google Checkout to their sites. So shoppers trying to cross things off their lists will be able to do so quickly and easily on a wide range of sites, including Buy.com, Starbucks Store, The Sports Authority, Ace Hardware, Timberland and many more.
"We understand that more and more holiday shoppers are looking to beat the crowds by heading online to cross items off their list," said Troy Brown, senior director of e-commerce at Timberland.com. "That's why we've partnered with Google Checkout to offer our customers another fast, easy, and secure checkout process to help them take advantage of our online holiday offers."
Shoppers will be able to find participating merchants and special promotions on a new Google Checkout holiday site (checkout.google.com/holiday) that will be launching on Cyber Monday. The site will provide information on the promotion and offer gift ideas in the most sought-after categories this year – which, according to the survey, include clothing, gift certificates, toys, electronics, DVDs, and music.
If you'd like to learn more about the survey results, the Google Checkout holiday site and promotions, or the ways that Checkout makes online shopping faster and more convenient, you can visit checkout.google.com/holiday on Cyber Monday, November 27.
Subscribe to:
Posts (Atom)
