Netvibes module developer collects web credentials, personal content

A French security blogger gained access to private user data on personal homepage service Netvibes last weekend, exposing stored usernames and passwords for popular integrated web services as well as user content loaded in the page. The blogger’s account has since been deleted from Blog*Spot (currently cached on Yahoo!), but he provided extended details to French blog Le blog de ¥€$ (English translation). Netvibes has since claimed to patch “a security vulnerability in webnotes” exploited by this developer. I alluded to some of these issues with stored user information, phishing, and general brand confusion in a post two months ago…

The Spam Farms of the Social Web

Blogs and other social media tools have changed the publishing landscape over the past few years, making it easier than ever to share information with the world. The ease of use and focused attention of the medium has also helped create new opportunities for spammers to automatically generate content, buy links, and get noticed by search engines and other points of aggregation. In this post I will break down the operations of one spam network utilizing social media technologies such as WordPress, Digg, del.icio.us, and more to climb the search results and generate revenue through ads and affiliate programs. Last…

Buzzword laden startup launches

I just received a press release for a new startup launching today. The announcement is heavy with buzzwords, but doesn’t actually tell me what the site is all about. Here’s the actual first paragraph, with the name and industry removed. Web 2.0 changes the way we perceive information. [Company name] uses Web 2.0 in the [vertical name] (i.e. blogs, podcasts, ajax, tags, etc.) and is particularly attentive to RSS, which presents a formidable opportunity for this sector. The press release on the launch of this new company next explains what a typical RSS button on a website looks like, and…

AdSense API enters beta

AdSense has a new API, allowing users to create and manage AdSense accounts programmatically using SOAP. Sounds ideal for all the spam bots creating new scraper pages for asbestos and cancer news. If your bot creates a new bot account and earns over $100, you get $100 too! Yes, there are more serious uses such as a reputable blog provider creating an AdSense ID for its members, put I just see the piles of web spam getting worse….

LiveJournal XSS attack

A group of crackers named Bantown claims to have hijacked 46% of LiveJournal’s active accounts, over 900,000 total, via a cross-site scripting attack according to Brian Krebs of The Washington Post. The group was able to steal the cookies of LiveJournal users clicking on links created by the group on their hundreds of automated journal accounts. LiveJournal altered their URL structure last night to allow each user to have their own private cookie domain. The Bantown group continues looking for sites to BBQ, or swap user profiles for something a bit more sexual, often involving farm animals. Some of…

Kanoodle cookie bounty

Advertising network Kanoodle will now pay webmasters for planting a cookie on a visitor’s computer without ever showing an advertisement. Sites placing a cookie classifying a user’s browsing habits into one of 7,500 contextual ad categories. Publishers in the program will be paid 5% of the revenue earned when an advertisement served on the Kanoodle network is triggered by a cookie generated on the publisher’s site. Kanoodle advertisements are an integrated option for TypePad Pro users. Bloggers could profit from distributing cookies on their own personal weblogs for later monetization on a TypePad Pro site with advertising or other blogs…

Google spam suite primer

Google provides a full suite of services for the entry-level blog spammer. There are plenty of legitimate uses for all of these Google services, but Google’s market-leading position in search creates a spam ecosystem that inflates corporate revenues, index size, and user data. Google’s blog hosting service, Blog*Spot, received a lot of attention this week as blogosphere neighbors threw up their arms in protest of the host, which is like the seedy motel at the edge of town that rents by the-hour. It’s cheap and inviting to those who know no better, but those in the know don’t want anything…

Microsoft bidding on Claria?

The New York Times reports Microsoft is currently in talks to acquire Claria for $500 million. Claria, formerly known as Gator, is known for its software installed on Windows computers to track browsing behavior and serve personalized advertisements based on this acquired user behavior. The article reports MSN is very interested in personalization technologies and the increased advertising revenues they provide and is pursuing companies in the space in an attempt to close the gap on Google. I am not a big fan of the methods used by Claria to deliver personalized listings. I think MSN could accomplish similar tracking…

Stealing citizen content

I am sitting in my hotel room in Seattle researching all the sites that used my photographs from yesterday’s Microsoft announcement in violation of my Creative Commons Attribution Non Commercial license. I broke a story with high-resolution photographs and commercial websites decided not only to use my content without attribution but in one case a site was selling prints of my photographs. Breaking news is very competitive and everyone wants the scoop in their search for full and in-depth coverage. Unlike a picture of the Golden Gate Bridge or something artsy I feel like these sites already have benefitted from…

Shirky spam?

Over the last few days I received multiple e-mails about a message submitted using an e-mail address I use only on my weblog and it’s feeds. The interesting thing is it appears this e-mail address was used to send a message to Clay Skirky’s NEC list. It looks like a spammer might be crawling weblogs specifically to spam weblog mailing lists and it’s the first time I have observed such a thing. Watch your inbox for a message from “nec-bounces@shirky.com” for approval of a message subject of “Re:” and you might observe part of a trend….