Archived; click post to view.
Excerpt: … for spammers, anyway. Upgrading WordPress often might just help!

On the other hand, you could still wake up and find out your blog looks like this after a zero-day attack —

That's probably a bad thing. But, in fact, many of us in the blogosphere have enjoyed this particular problem.

And it's not quite as much fun as the blue pill.

In the worst case, it's not just spam, it's badware or viruses. And then Google won't want to cohabit with you ever again.

Well, you'r…

Archived; click post to view.
Excerpt: You thought cheap webhosting was a bargain. Maybe … but bad webhosting isn't just a bummer — it can get you delisted, added to badware lists, etc.

And it doesn't have to be your fault (directly, anyway).

Use IX Web Hosting | ixwebhosting.com web hosting at your own risk. One day you might just get hacked and/or defaced. Even worse, you might be — courtesy of some Turkish hacker — installing malware on users' computers by proxy. The hackers seem to be pretty good…

Archived; click post to view.
Excerpt: Dear Microsoft (cc: black hatters),If you don't fix this problem, I promise to make a sport out of getting people I don't like delisted from your index.  It's just plain irresponsible.  And the problem is compounded in scope by another defect in your product — the failure to handle redirects properly.  This one is quite embarrassing, as any site that has a successful affiliate program may be subject to an undeserved penalty.  It's not just an edge case, and i…

Archived; click post to view.
Excerpt: Since I got my 10 links, I can now post again.  Needless to say, until then, I had a bit of free time.  What do you think I was doing?Let me tell you.  I decided to do an objective investigation as to whether cloaking is alive and well in "the" Google image search.  It is.  And she's apparently, umm, working it.I fancied that I would investigate some indian sex (careful!).  I was just sorta nearby in Fiji after all.  I'm sure you could find so…

Archived; click post to view.
Excerpt: We all have a mischievous side.  I know I do.  And in that vein, I have a great idea for a PubCon or SES segment.  I'd appreciate some feedback in the form of comments if you'd like to see such a segment.  Then I can approach Danny Sullivan or Brett Tabke with the idea:Title: "Understanding Black Hat SEO: Protecting Yourself From Black Hat Vulnerabilities"The segment would cover the basic black hatter's psyche, and what he's after.  I'd go t…

Archived; click post to view.
Excerpt: I guess I think like a hacker, because I thought of this before seeing RSnake's post about finding vulnerabilities with Google Code Search.If you want to find lots of PHP-based web applications that are likely vulnerable to HTML injection, try this search out:lang:php (print\(|echo)\s\$_(GET|REQUEST)This says "Find all PHP code that calls 'print' or 'echo' to display $_GET or $_POST (likely) without escaping anything.  What a great way to find places to inject stuff…

Archived; click post to view.
Excerpt: I'm a sinner!  I violate Google's TOS daily.  But the guy standing next to me on Yom Kippur made me look like Jill Whalen!  He was a spammer — and a pretty devious one at that.  Some of it was muffled by the sounds of unfed stomachs growling for forgiveness, but I managed to hear these 5 things he said:1. I'm sorry, my Lord, for using 1000s of vulnerable .edus as parasites to promote Viagra, a drug that increases the pleasure and frequency of illicit carnal sin. …

Archived; click post to view.
Excerpt: This recent article mentions that XSS and HTML injection are quickly eclipsing the traditional stack smashing and SQL tainting attacks in popularity.  But why?  I posit that the reason is simple — XSS & HTML injection vulnerabilities are frighteningly trivial to find.  I will demonstrate the relative ease of finding injection points in this article.  I wrote a script that sniffs out hundreds of such vulnerabilities rapidly and automatically, in fact.

Both XSS & H…