Search-Internet Marketing | Tag Archive

Tag Archive | "Vulnerabilities"

Tags: Fake Accounts, Gist, Google, Jason Morrison, Pathways, Quality Team, Report Spam, Search Quality, Security Features, Social Animal, Social Networks, Social Profile, Spam Issues, Spammers, Spikes, Standard Security, User Experience, User Profile, User Profiles, Vulnerabilities

8 Tips for Combating Social Profile Spam

Posted on 30 June 2009

The way of the web has become very social, as you are more than likely aware. Fortunately, this makes for more widespread conversations about any and all issues that are deemed worthy of discussion by anyone on the Internet.

Unfortunately, it also opens up many pathways for abuse including spam, which can quickly turn a positive user experience into an ugly one.

As the web continues to become a more social animal, more and more webmasters find ways to make their own sites more social. Essentially, this makes for a web full of little social networks. A webmaster that is going this route may run into some of those spam issues right in the profile pages of his/her so-called users.

Jason Morrison of Google’s Search Quality Team has posted an interesting article on the company’s Webmaster Central Blog. Within this article are 8 tips for dealing with this social profile spam.

The tips are:

1. Make sure you have standard security features in place

2. Use a blacklist to prevent repetitive spamming attempts

3. Watch out for cross-site scripting (XSS) vulnerabilities

4. Consider nofollowing the links on untrusted user profile pages

5. Consider noindexing profile pages

6. Add a "report spam" feature to user profiles and friend invitations

7. Monitor your site for spammy pages

8. Watch for spikes in traffic from suspicious queries

Morrison elaborates on each of these, but I think you get the gist of it. "Google is constantly under attack by spammers trying to create fake accounts and generate spam profiles on our sites, and despite all of our efforts some have managed to slip through," he says, citing the tips as ways to make spammers’ lives more difficult.

It would appear that spam (in any form) just isn’t going to go away. All you can do is use the tools and strategies that are at your disposal to minimize it and try to maintain a positive user experience. That’s what Google does.

Posted in Social MediaComments Off

Tags: Adult Websites, Attractive Targets, Google, Google Users, Hotbed, Inferno, Malicious Content, Mdash, Messagelab, Messagelabs, Personalized Services, Python Script, Security Programs, Session Cookies, Sheer Number, Sole Purpose, Support Python, Viral Activity, Vulnerabilities, Vulnerability

Google Quietly Patches Huge Vulnerability

Posted on 13 May 2009

A security researcher known by the online handle of “Inferno” discovered a cross-site scripting ( XSS) vulnerability in mid-April affecting a range of Google services like Gmail, Google Documents, iGoogle, and Analytics.

The flaw involved Google’s Support Python Script enabling hackers to steal session cookies. Because Google.com uses a single sign-on cookie for all its personalized services, a hacker could have gained access to users’ emails, contacts, documents, website code and analytics—anything Google users might have stored on Google servers.

While that’s a terrifying for scenario for many, Inferno took the moral path and quietly reported the vulnerability to Google instead of selling that information on the black market. To Google’s credit, Google was on the job less than an hour after receiving the report, even late on a Saturday night, and had all Google servers updated by last week, just two weeks later.

(Everything’s relative; the sheer number of servers and programs affected made this a heckuva job. Two weeks can be considered quick, especially since Adobe is still recommending workarounds until they can patch up Reader and Acrobat.)

Around the same time, Google had to act fast to patch up two XSS vulnerabilities in its Chrome browser.

Symantec’s MessageLab reports that websites people trust are increasingly attractive targets for hackers. Once upon a time on the Web, bad neighborhoods of temporary adult websites were considered a hotbed of viral activity. While many sites are still set up for the sole purpose of distributing malware, according to data from last week collected by MessageLabs, only 15.4 percent of domains blocked by security programs for hosting malicious content were less than a year old.

The rest—86.4 percent—were older than that. “It is highly likely that older sites are legitimate sites, while those that are only a week old or less are likely to be temporary sites set up with the sole purpose of distributing malware,” said MessageLabs senior analyst Paul Wood.

And yet, only 3 percent of those blocked for hosting malicious content were under a week old; just 10 percent were under a month old. It’s also unlikely a site set up to distribute malware will reach its first birthday without being discovered. With that in mind, it certainly seems that cybercriminals have shifted their focus toward compromising websites trusted by many, many people.

Security will also be an intense focus as the shift toward cloud computing continues. With all that data in the cloud (i.e., not on an individual’s hard drive), cloud services offered by companies like Google will become increasingly attractive targets.

Google did not return request for comment.