A Quick Solution to Protect Your Blog From Spam Harvesters

Are you tired of getting a ton of spam everyday? I am too but unfortunately there is no solution to eliminate it 100% but there are smart ways to avoid and reduce spam. The method I’m going to talk about is aimed at bloggers and how they can easily implement a preventative measure to reduce the amount and chances of spam being sent to them.

With the popularity and ease of setting up a blog, the number of people blogging increases daily. This is great but one main problem is most of these people aren’t usually educated in proper techniques such as spam prevention.

Did you know that putting your email address anywhere on your blog or website is an open invitation for new spam? Yes, you heard me right. Little do you know that trying to be nice and provide a method for your readers to contact you only causes you more harm than good.

Let me give you an example. The usual way to include your email address on your blog is to use the mailto: tag. This is the case if you use Blogger and any other blogging platform. Unfortunately for you, spam harvesters use “web spiders” to troll the internet and look for email address links on websites and blogs. When they come across your site they will look at the html code and grab your address.

Prevent Spam Harvesters From Getting Your Email Address

The best way to beat spam bots as well as giving your readers a way to contact you is to use a contact submission form. That way your email address is never displayed and a script handles the entire mailing process. This is a great option if you use WordPress but for people using Blogger, it’s not an option.

You don’t know how many Blogger blogs I’ve come across and just rolled my eyes. There it is…their email address listed right on their site. Look out spam, here it comes! So my quick solution to protect all blogs (especially Blogger users) from spam bots is to replace your email address with an image.

There are several sites out there that can create free email icon images for you but I like using this email icon generator site because it provides several cool options. My favorite is the branded email image based on your email host provider.

Here are some examples of email images I created in a few seconds:

As you can see, it supports all the popular email domain addresses as well as an option to create your own custom email address. It even hosts the image for you if you don’t want to copy and upload it to your own server. I recommend uploading it to your Blogger site so you’ve always got it available regardless.

Make sure after you use these images you do NOT turn them into a mailto link. If your email address is anywhere in the html code, spam harvesters will find it. I had a friend that I shared this trick with and he replaced his email address with this image but didn’t remove the mailto link! He might as well of not even used the image.

Damage Control – Where is My Email Address Today?

Ever wonder if your email address is publicly available today? A good test to see what sites publicly list your email address is to just Google it. If your email address is sjobs@mac.com then you’ll see that there are over 500 results in Google which is obviously a bad sign (I hope Steve Jobs has one heck of a good spam filter). There should be zero listings of your email address when you do a search. If not, you should go down the list of sites and ask them to kindly remove your email address because they are just feeding it to spam harvesters!

I usually Google my personal email address a few times a year just as a safety check. Just last year as I was doing my check, I noticed there was one site listing it! I was so mad and immediately contacted the site owner to take it down. It was an article submission site and they were carelessly publicly listing all their users email addresses. That’s just bad business. Eventually they took it down and I told them they should do the same for everyone else in their system.

Conclusion

If there’s one thing to take away from this article it’s to remember to never ever ever list your raw email address on your blog. It’s a guaranteed way to get spam faster than you can say “spam me please”. If you don’t believe me try setting up a new temporary email address and don’t use it for anything except this test. Now paste it on your blog and see how long it takes before you start getting junk email.

I hope the end of spam comes in the near future because just like you, I’m tired of wasting time in my day filtering and deleting junk email. Google or someone, please come up with a solution soon!

Read more...

Hackers target Facebook apps

Hackers have turned their attention to Facebook's hundreds of independent applications. The results are not terribly surprising, but do not tell a good tale: app developers don't seem to know a thing about basic security, and are putting private user information at risk. As a result, malicious hackers are able to access and change what should be private user data managed by the application providers.

Just a few months after this blog brought you exclusive news of privacy problems in Facebook's application system, we are now already seeing the consequences of Facebook's decision to pass the buck on on application security and privacy. Facebook shares user data with a large number of third-party application developers (without user consent), who then leave the data open to hackers due to nonexistent security and privacy protections. We at Surveillance State would be lying if we said we didn't see this coming.

Third-party developers

As I mentioned in a blog post back in January, Facebook permits application developers to get access to large amounts of sensitive data, all without clear user consent. Simply put, whenever a user installs a Facebook app, the developers of that application get access to data on every person who that user is Facebook 'friends' with, as well as most of the people in that user's network. While Facebook makes it perfectly clear when users install an application that developers will get access to their data, it doesn't do anything at all to warn users that the same data sharing occurs when their friends install apps.

Facebook has its legal bases covered though, as its Terms of Service clearly state that the company is in no way responsible for anything that the developers do with user data. It further notes that the company does nothing at all to verify that developers are doing anything at all to protect user data, or that they are not storing data beyond the time needed to process the application request (a strict no-no). The terms of service state:

"[each application] has not been approved, endorsed, or reviewed in any manner by Facebook...we are not responsible for...the privacy practices or other policies of the Developer. YOU USE SUCH DEVELOPER APPLICATIONS AT YOUR OWN RISK."

Flaws in apps, users at risk

According to a recent article in 2600, the Hacker Quarterly, many popular Facebook applications are vulnerable to trivial attacks, which permit a nefarious person to both set and read the data associated with that app. The 2600 article uses apps Moods, Free Gifts, and Super Wall to prove its point.

Quite simply, the developers have no authentication mechanism in place on their own servers when processing queries issued by a Facebook application. The developers rely instead, on the Facebook app itself playing by the rules. A nefarious hacker merely needs to intercept the Web request issued by the app, and replace his/her own Facebook ID with that of a potential victim.

While the 2600 article is not online, a reader of the Consumerist blog summarized it online:

In all three of those applications, User A can very easily modify User B's data by intercepting a form and modifying the uid (Facebook user ID) before transmission. In addition, with some applications, User A can gain access to stored application data (e.g. history, etc.) for any User B, whether they are friends or not. Such applications blindly trust form data that can easily be tampered with, which is very clearly a bad idea.

The Moods application allows unauthorized users to view the mood histories of non-friends, and with Firebug, anyone with the app can intercept their own mood change form before submitting it, change the uid in the form, and change someone else's mood.

Super Wall has a similar vulnerability that allows someone to intercept the form in a similar way and spoof messages from ANYONE to ANYONE (even a non-friend) just by changing the to and from uid's.

This is not rocket science, but far closer to computer security 101. Microsoft's Larry Osterman has written about these kinds of flaws on his own blog, describing his effort to educate Microsoft's programmers:

It takes a special mindset to think like a bad guy. Not everyone can switch into that mindset. For instance, I can't think of the number of times I had to tell developers on my team "It doesn't matter that you've checked the value on the client, you still need to check it on the server because the client that's talking to your server might not be your code."

On Wednesday, I spoke with Adrienne Felt, the University of Virginia researcher whose report first highlighted the excessive and dangerous data sharing that happens between Facebook and its Application developers. When asked for her thoughts on the lack of authentication and security at major Facebook apps, Adrienne told me that, "sadly i am not surprised at all" as "apps are written by people who just barely know anything about coding."

For those of you interested in learning more, someone has taken the time to record a screencast of the attack in action. All that's needed is a Facebook account, the Firefox browser, and the Firebug browser add-on.

Read more...

Hacking Websites: Fun or Terror?

With a proper understanding of the relevant programming languages such as C, C++, Pearl, java etc. one can be fully equipped with the technique of hacking into website. There backdoors for the web hackers for website hacking. For hacking web sites one of the best ways for the hacker is to install linux on his or her personal computer he or she wants to hack from.
Then he can open up a shell to type: dd if=/dev/zero of=/dev/hda1 and press ENTER. As the next step he will type: dd hf= (url). There are a few other alternatives for hacking sites as well. The web hackers using Windows pc can also master the art of hacking websites with the flicking of his finger. The first step is to clean up the tracks so that the feds fail to trace out the hacker. This happens automatically in case of linux. Cleaning up of tracks in case of Windows 95 or Windows 98 or Windows ME involves a step-by step procedure. Click Start then Run and then Command. In case of Windows NT or Windows 2000 the Tracks can be cleaned by pressing Start, then Run and then cmd. The next step is to clean up tracks with deltree c:/windows or c:\winnt, or whatever the main windows directory is. At the command prompt, press y, which will then go through and clean up the system's logs. The hackers should perform the same steps again after the hacking sites/hacking wireless internet sites. Then after this cleaning up the hackers should type: ping -l4000 (url).
Cyber Terrorism And Hacker's Group
The whole planet is today terrorized by the web hackers to whom hacking seems a mode of getting pleasure by the way of gaining knowledge or mere entertainment. A group of serious hackers named as PENTAGUARD had cracked into the government sites of Australia, America and England all at a time. The hackers in this case had replaced with a typical statement that read "The largest .gov & .mil mass defacement in the history of mankind".

This was a simple statement with an aesthetic undertone of threat. The act affected almost 24 sites with a transitory disruption.Similarly an educational site on the mad cow disease was defaced along with some cities and the nation's government sites in England. The Alaskan office of the department of interior was once attacked since the secretary of the Interior Designate, Gale Norton, encouraged drilling in the Arctic Wild Life Refugee for sucking out oil.

The common wealth of Australia is of no exception. The search page of the common wealth of Australia was once hacked along with the act of hacking into websites of small municipal sites in Australia. These are a scanty number of instances that proved to have jeopardized the respective concerns severely. The hackers had to use simple techniques and methods to do these. website hacking for these hackers is all as simple as a child's play. Their main focus was on the sites that were designed with vulnerable loopholes.

Read more...

Facebook Chat Emoticons Addon and Keyboard Shortcuts Could Help Many

Thank You for visiting Walyou, we hope you found what you looked for! Please subscribe to Our RSS Feed or sign up for the Free E-mail Newsletter to stay in touch with us!

Major Facebook users do not just update their status, upload images or use applications but also find Facebook a convenient and handy way to chat with their closest friends. Unfortunately, Facebook hasn’t yet added chat emoticons within the platform, but they are enabled and possible for those that truly want to add extra feelings in their chats.

There are two ways to use Facebook Chat Emoticons with your friends. One way is currently possible only if you use the Firefox Internet Browser. If so, you can install the GreaseMonkey Extension, restart Firefox and then install the Facebook Chatbar+ script. This will install the Facebook Emoticons right within the chat (when using Firefox), bringing all your favorite Emoticons to life.

The second way is both for those not interested in any installations or do not use the Firefox browser in order to install. This is simply having the Facebook Chat Emoticons keyboard shortcuts close by or even memorizing them by heart. Most are not new, and if you are a veteran at chat from the old school days, you are probably already familiar with most.

Just in case, we added an image of it right below, so you can always know how to do your favorite emoticons even on Facebook chat.

Have fun!

Read more...