Safe Browsing

Google has been directly protecting users from malware since 2006. Their Safe Browsing API is probably best known to Firefox users, and is used by numerous other applications to protect users from malicious websites.

Not Just Sites – Networks Too

Many people don’t realise that Google’s malware detection infrastructure measures infection at network as well as website level. So you can check out how much malware each host’s webservers have been found to host over the past 90 days. Here’s some data for a number of well-known Irish web hosting companies:

Key:
# Tested Number of tested sites
# Infected Number of sites serving malicious software
% % sites serving malicious software
Intermediary Number of sites on network acting as intermediaries for further malware distribution
Distribution Number of sites on network actually distributing malware
Link Link to Safe Browsing Diagnostic page

Some Notes

It’s worth noting that most hacked websites do not host malware, but instead inject code that results in visitors downloading malware from other servers. A significant proportion of the increased malware seen in recent months is likely a result of the gumblar hack.

I had better mention that all I’ve done above is show the stats reported by Google – these figures may be inaccurate, and I’m not inferring anything about the security of the above mentioned hosts. I was unable to find stats for a number of other well known Irish hosters.

Has your site been hacked?

If you’re concerned you can use this URL:
http://google.com/safebrowsing/diagnostic?site=mysite.com
[change mysite.com to your domain without www].

Have thoughts on this post? Head over and leave a comment on the blog: Malware Stats for Irish Web Hosting Companies

Follow RedCardinal on Twitter!

But the real issue is that this is already affecting Irish sites:

Google.ie Pages From Ireland [nihaorr1]

2050 Infected Pages From Ireland

If you are running MS SQL on IIS servers be aware that this seems to be spreading quickly.

Have thoughts on this post? Head over and leave a comment on the blog: Serious SQL Injection Vulnerability

Follow RedCardinal on Twitter!

But I think this story of the Golden Spiders organisers ‘guilty’ of spamming just about sums it up for this particular ‘awards’ ceremony.

How can spammers be relied upon to select Ireland’s top websites? Seriously?

Have thoughts on this post? Head over and leave a comment on the blog: Golden Spiders Best Spammer Award Goes To…

Follow RedCardinal on Twitter!

Here’s a quickie – check out Technorati’s developer wiki. Let’s just say it’s been moderately spammed (to death)….

Have thoughts on this post? Head over and leave a comment on the blog: Technorati Wiki

Follow RedCardinal on Twitter!

Please print and fill the enclosed document and send it back to:
Euro Business Guide,
P.O. Box 2021,
3500GA UTRECHT,
The Netherlands,
updating is free of charge!

If you want to unsubscribe send an email to unsubscribe@eurobusinessguide.net

The ‘updating is free of charge!‘ really is such an underhand way to hide the following fine print in the footer of their sign-up form:

THE VALIDATION TIME OF THE CONTRACT IS THREE YEARS AND STARTS ON THE EIGHTH DAY AFTER SIGNING THE CONTRACT.

Ooh, how nice – 7 days cooling off period (God forbid they actually break the law).

THE PRICE PER YEAR IS EURO 990. THE SUBSCRIPTION WILL BE AUTOMATICALLY EXTENDED EVERY YEAR FOR ANOTHER YEAR, UNLESS SPECIFIC WRITTEN NOTICE IS RECEIVED BY THE SERVICE PROVIDER OR THE SUBSCRIBER TWO MONTHS BEFORE THE EXPIRATION OF THE SUBSCRIPTION.

Wow, that’s good value – €999 per annum with automatic extensions for two further years.

If you receive anything from this bunch of gougers simply ignore it as spam of the most repulsive kind.

If you have signed this form unknowing of the legalese, you have 7 days under EU legislation to cancel your subscription (Distance Selling Directive), and if Euro Business Guide pursue you for payment (regardless of the 7 days) get in touch with your local national consumer affairs body.

Hopefully some day these people will receive their just deserts…

Have thoughts on this post? Head over and leave a comment on the blog: Euro Business Guide Scamming Again

Follow RedCardinal on Twitter!

A prime example of this is Unison.ie. When searching for current Irish news it usually ranks fairly high on Google, however all the pages require you register first before you view them. The registration gives no advantage to people like me who just want to a quick look at the latest news. I suspect that I’m not alone and that lots of people will just go back and look for another site.

Unison’s simple user agent checking makes it very easy to get in unmolested though. The User Agent Switcher Plugin for Firefox allows you to easily set exactly what user agent you want your browser to appear as. The GoogleBot isn’t in the list of Useragents available, but it is easily added. Switch to GoogleBot as your useragent, and magically you will have full access to the Unison site.

Now I always knew that they ran a subscription wall on the site, but I hadn’t realised that they were picked up by Google news. There’s been a huge amount of interest in media sites cloaking recently (see here for more). My feeling is that Unison would want to clean this up pretty quick or risk having a lot of egg on their face. As Niall mentions:

I know that Unison will probably close this hole within a few days

Could take quite a bit of work to change the way they present their pages. I suppose they could just set their cloaking routine to let everyone through. But will they?

Nice find Niall.

Have thoughts on this post? Head over and leave a comment on the blog: Unison.ie Cloaking – Will They Be Banned From Google?

Follow RedCardinal on Twitter!

According to McAfee’s Site Advisor Mapping the Mal Web Ireland’s .ie ccTLD is second only to Finland’s .fi in terms of online safety risks:

Four of the five least risky country TLDs are Nordic countries: Finland (0.10%), Norway (0.16%), Sweden (0.21%) and Iceland (0.19%).Ireland (0.11%) rounds out the top five least risky country TLDs. This could be due to governing bodies employing stricter regulations of these domains.

I would imagine that the last comment is very much the reason for the low risk of .ie ccTLD.

• Seven TLDs (.com, .info, .net, .biz, Tuvalu (.tv), Cocos Islands (.cc), and China (.cn)) earn the dubious distinction of ranking in the top 20 riskiest for each of the four risky facets we examined.
• Of these seven domains, .biz and .info are the overall worst domains with highly risky rankings in each of the four categories:

  .info ranks 2nd (overall risk), 1st (e-mail practices), 10th (download risk) and 12th (exploit risk)
  .biz ranks 6th (overall risk), 6th (e-mail practices), 2nd (download risk) and 5th (exploit risk)

• Again, low cost appears to be at least one factor in drawing scammers to the .info TLD.
• Spammers flock to .info, which was created as an alternative to the crowded .com, because its domain names are cheaper – registrars often let people use them gratis for the first year – which is helpful for those, like sploggers, who buy Internet addresses in bulk. Splogs so commonly have .info addresses that many experts simply assume all blogs from that domain are fake.
• Others note that “.info is the first and only top-level domain that was explicitly created and chartered for unrestricted use, though various other TLDs have ended up that way as a de facto situation.”
• .biz is said to be the most popular TLD for spammers because the name servers update immediately, meaning spammers can start using the domain as soon as they register, rather than wait up to 24 hours for the registration to take effect. This is particularly attractive due to the transient nature of spam and phishing Web sites.

Nice to see that .ie ccTLD is so trustworthy.

Have thoughts on this post? Head over and leave a comment on the blog: Ireland .ie ccTLD Safest In The World

Follow RedCardinal on Twitter!

Just about everyone knows that spam is part and parcel of life. We just live with it and try to do our best to minimise the impact it has on our daily lives. Unfortunately spam is a particular issue for the SEO industry, as unscrupulous search marketers often turn to spamming techniques to make a quick dollar.

I get my share of spam at Red Cardinal. Generally I just delete the crap left by ‘kind’ spammers (like Cork Web Design Spammers), but occasionally I do a little digging to see what some of the particularly nasty spammers are at. More about spammers a little later – but first, let me tell you what I think of ‘Long Copy’.

Long Copy Pages for ‘SEO’ tools

I like to include screen shots of pages in my posts. I have a nifty little app that lets me grab entire screen shots from within the browser, not just the visible area.

I wanted to include the sales pages for two SEO tools, both of which use ‘long copy’. Here’s the screen shot of the two pages:

These pages are so ‘long’ that I had to reduce them by a factor of ~14 just to get them that small. Maybe they’re ‘Really Long Copy’, if there is such a thing. (If you want to view those pages in all their glory I’ve ‘published’ the URLs a little further down the page. In case you’re wondering what this is all about I’ll come clean in a second.)

These pages appear to be affiliate sites for two well known SEO tools. I’m not 100% sure what’s going on with these pages as they don’t appear to have affiliate IDs appended to the outgoing URLs. Perhaps the affiliate program uses HTTP referrers for identification. Perhaps these pages are actually proprietary sales pages. I’m don’t know for sure.

So what’s the problem with those sales pages? Purely my opinion, but they look and feel like ‘get-rich-quick’ pitches to me. The message I hear sounds like ‘I’ll sell you this great benefit. But wait, there’s more. Buy now and I’ll include x and y’. Yes, lots of marketers defend this technique. And I know it’s true that ‘long copy’ can be effective, but only when the content is compelling and does not feel like I’m being ‘sold’.

Long Page Copy – Read or Turn Off?

When I see long copy pages like these I just turn off completely. As I mentioned, I just think ‘get rich quick’.

I’ve stuck my neck out on this issue once or twice (hello Copyblogger). I sometimes wonder if perhaps long copy is a peculiar American technique that we just don’t fall for this side of the pond? (And if you’re interested Brian Clarke, a.k.a. Copyblogger, has written a post about the death of long copy.)

Back to the comment spam

So taking a step backward for a moment. Why am I highlighting those two affiliate pages? Keyword Elite and SEO Elite are marketed and sold by Bryxen Software (a firm owned by Brad Callen I believe). As with so much of the US on-line marketing industry, Bryxen uses ‘Long Page’ techniques to sell there software. They also make heavy use of affiliate programs to multiply their sales. A couple of weeks ago Red Cardinal received multiple comment spam like the following:

SEO Elite | +http://SEOElite.gurubuddy.com | IP: 216.16.246.184

seo firm…

Automate your link building efforts and rank high in the search engines easily….

and

Killer Keyword Tool | +http://Keywordelite.find-your-stuff.com | IP: 216.16.246.184

keyword lists…

Generate huge laser-targeted low competition, high demand keyword lists in minutes….

These comments were dropped on multiple posts, and, as you can see above, were left by the same IP. Odd? I think not. Probably the same bot. Checking the WHOIS shows find-your-stuff.com registered to someone in Singapore, while gurubuddy.com is privately registered.

Both of the tools being promoted are from Bryxen Software (Brad Callens company +http://www.bryxensoftware.com/), and the linked sites appear to be affiliates.

Comment Spam by ‘SEO’ Firms – Why SEO has such a BAD NAME

I am sure of one thing – spamming blog comments with links to long copy pages, such as those pictured above in miniature, is one of the main reasons the SEO industry has such serious reputation problems. It is very, very hard to blame people for viewing the SEO industry with suspicion. After all, every day the results of spammers litter our websites and pollute our on-line experience.

The reputation problem is only compounded given that the products marketed by the above spammers are well-known SEO tools: comment spam + SEO tools = SEO spammers. And how can we blame people for making that connection.

I’m very interested in your thoughts on ‘long copy’, and whether you have been converted by a ‘long copy’ page like the ones above.

And if you’re thinking of buying these tools, think about this…

I neither own nor use either of these tools. They may well be excellent tools, and perform their respective task extremely well – I don’t know. But if you want to do the world a favour, don’t buy products that are marketed by spammers.

Have thoughts on this post? Head over and leave a comment on the blog: A Dose Full of Comment Spam, Long Copy Referrer Pages & SEO Tools – What Do YOU Think?

Follow RedCardinal on Twitter!

Alan Cavanagh sent me this:

I came across your site today after a search for blogs on scams. I was targetted by phone this morning by a company called Vardis (you might already be aware of them). It made me quite angry and I posted a warning on my blog http://allancavanagh.blogspot.com/2007/02/beware-of-scam.html . I’d hate to think these guys got straight on the blower to someone else after I hung up on them so I’ve contacted colleagues to warn them off as well. I’d like to spread the word about this which is why I’m contacting you, as there’s probably quite a few small business operators that read your blog.

If they happen to call anyone can you please tell them I miss them and give me a call. I’d love to talk with them

There are more details on Alan’s blog.

Have thoughts on this post? Head over and leave a comment on the blog: Forresters Fund For Children – Vardis Scam Warning

Follow RedCardinal on Twitter!

http://www.google.[...]www.*.*+Port+80

Call me a nut-job (you wont be the first :mrgreen:), but when someone starts sniffing for system variables they’re not normally calling by to say hello.

Now I wonder what the deal is?

Have thoughts on this post? Head over and leave a comment on the blog: I Sense Some Hackers Sniffing About

Follow RedCardinal on Twitter!

I’m going to crack all the SEO related sites/blogs/forums that I can… Maybe once in a while a non-SEO site will slip into the list but what the hell! Who cares anyways?

And the hacker goes on to list future targets:

The list

www.mattcutts.com – Mess with the best, die like the rest? He scares me… Just typing his site in this list makes me tremble

www.spamhuntress.com – That bitch needs some AdultFriendFinder love ASAP!

www.shoemoney.com – A bald “guru”, he is like the Buda of the SEO “gurus” (See eliteretreat.info)

www.pronetadvertising.com

www.forumtrends.com

www.askdavetaylor.com

ha.ckers.org – The hardest one of the list. Hats off to RSnake and iD!

www.v7n.com – Actually I’m just going to target blog.v7n.com and their forums

forums.digitalpoint.com – Hard

www.webmasterworld.com – They have the ugliest backend (and forum!) I’ve seen in my life

www.seoblackhat.com – The blog and the private forums (I help out n00bs over there once in a while)

www.boogybonbon.com

www.syndk8.com

www.stuntdubl.com

www.wolf-howl.com

www.seopedia.com

www.digg.com – I’m not aiming for a deface; rather I will find & release ways to game their “democratic” system (This will make happy some webmasters out there)

www.techcrunch.com – Had access to their server until they updated their stuff. This is the biggest target on the list…

www.johnchow.com – Dude wtf?! You came out of the blur and now your blog is everywhere

www.seobook.com – Your book is not that good anyways so get lost…

www.pearsonified.com

There are some serious big-hitting names in there. Gaming Digg.com? Somehow I don’t think he’s alone in that endeavour :mrgeen:

The above extracts are taken from a post made on Michael Gray’s blog before it was taken down. I flashed off an email to GreyWolf in case he’s unaware (and found out that www.seoblackhat.com is listed in www.surbl.org/lists.html in the process).

We’ll have to wait and see if the Anti-SEO Hacker comes good on any of his threats.

[EDIT] I see that the hacker may have been using an exploit similar to one found by Jason Roe recently. Well done Jason on your find.

If you use WordPress and haven’t already done so, you should upgrade to the latest release – 2.0.7 available here.

Have thoughts on this post? Head over and leave a comment on the blog: Hacker Threatens Digg.com, Targeting SEO-Related Sites

Follow RedCardinal on Twitter!

Fascinating report from McAfee SiteAdvisor on the possible dangers of clicking on search results served by the top search engines.

Possibly the oddest finding for me was this:

8% of sponsored results are rated red or yellow – almost three times the percentage of red and yellow sites found in organic results. Notably, scam sites are found at a much greater frequency in sponsored results.

I would have thought that the major Search Engines would be far more vigilant about their sponsored listings?

Have thoughts on this post? Head over and leave a comment on the blog: How Safe are Search Results?

Follow RedCardinal on Twitter!

Going to the URL in question delivers you a very slick website:

And background on the hospital:

Except it’s copied wholesale from here:

While the homepage seems to be copied from deti.msk.ru:

To be quite honest, I cant say for sure that I would trust any of these sites.

I do know, however, that the slick site that is spamming everyone has got to be fake. So slick, in fact, the only real give-away is the lack of contact details (and the obvious spamming techniques).

The DNS Lookup gives the following cached info:

Using 25 day old cached answer (or, you can get fresh results).
Hiding E-mail address (you can get results with the E-mail address).

Domain Name.......... savechilds.net
Creation Date........ 2006-10-31 17:56:04
Registration Date.... 2006-10-31 17:56:04
Expiry Date.......... 2007-10-31 17:56:04
Organisation Name.... Chuyi ZHU
Organisation Address. Kurchatov sq, Moscow 123182
Organisation Address.
Organisation Address. taiyuan
Organisation Address. 19473
Organisation Address. WG
Organisation Address. RU

Admin Name........... gufty htfy
Admin Address........ Kurchatov sq, Moscow 123182
Admin Address........
Admin Address........ taiyuan
Admin Address........ 19473
Admin Address........ WG
Admin Address........ RU
Admin Email.......... ************@hotmail.com
Admin Phone.......... +7.2147483647
Admin Fax............ +7.2147483647

Tech Name............ he wenjie
Tech Address......... 706,huanandianli building,shennanzhong rd
Tech Address.........
Tech Address......... shenzhen
Tech Address......... 518031
Tech Address......... SZ
Tech Address......... CN
Tech Email........... *************@126.com
Tech Phone........... +86.61280100
Tech Fax............. +86.61280100

Bill Name............ he wenjie
Bill Address......... 706,huanandianli building,shennanzhong rd
Bill Address.........
Bill Address......... shenzhen
Bill Address......... 518031
Bill Address......... SZ
Bill Address......... CN
Bill Email........... ************@hotmail.com
Bill Phone........... +86.75561280100
Bill Fax............. +86.75561280100
Name Server.......... ns2.pokerbotmakemoney.com
Name Server.......... ns1.pokerbotmakemoney.com
Name Server.......... ns7.kindofbullats.com
Name Server.......... ns8.kindofbullats.com

They dont look like the type of name servers a charity would use?

While the real-time DNS lookup returns:

Domain Name.......... savechilds.net
Creation Date........ 2006-10-31 17:56:04
Registration Date.... 2006-10-31 17:56:04
Expiry Date.......... 2007-10-31 17:56:04
Organisation Name.... Chuyi ZHU
Organisation Address. Kurchatov sq, Moscow 123182
Organisation Address.
Organisation Address. taiyuan
Organisation Address. 19473
Organisation Address. WG
Organisation Address. RU

Admin Name........... gufty htfy
Admin Address........ Kurchatov sq, Moscow 123182
Admin Address........
Admin Address........ taiyuan
Admin Address........ 19473
Admin Address........ WG
Admin Address........ RU
Admin Email.......... vince_stebbi@hotmail.com
Admin Phone.......... +7.2147483647
Admin Fax............ +7.2147483647

Tech Name............ he wenjie
Tech Address......... 706,huanandianli building,shennanzhong rd
Tech Address.........
Tech Address......... shenzhen
Tech Address......... 518031
Tech Address......... SZ
Tech Address......... CN
Tech Email........... adminspeed123@126.com
Tech Phone........... +86.61280100
Tech Fax............. +86.61280100

Bill Name............ he wenjie
Bill Address......... 706,huanandianli building,shennanzhong rd
Bill Address.........
Bill Address......... shenzhen
Bill Address......... 518031
Bill Address......... SZ
Bill Address......... CN
Bill Email........... vince_stebbi@hotmail.com
Bill Phone........... +86.75561280100
Bill Fax............. +86.75561280100
Name Server.......... ns2.3fn.net
Name Server.......... dns195.3fn.net

Domain registered on October 31… vince_stebbi@hotmail.com seems to be in both Moscow and Schenzen… This is just plain nasty.

I’ve received about 8 copies of the email. I know most people don’t take any notice, but some might just be taken in by the headline and the slick website.

I called the number on the Dutch website and spoke to a guy called Sergei who is in Spain. Odd? Yes. But he sounded legit and has sent an alert to some group that monitors these sites. Still no harm in putting up the message here.

NASTY, NASTY, NASTY

(If you do want to be charitable this Christmas why not head over to OxfamIrelandShop.com)

Have thoughts on this post? Head over and leave a comment on the blog: Spammers Target Moscow Children’s Hospital – savechilds.net Nasty Xmas Scam

Follow RedCardinal on Twitter!

And let’s be honest, immitation is the highest form of flattery.

But if you’re going to rip off someone’s design by hot-linking directly to their CSS file then you’re just plain looking for trouble…

Original Site:

Lifted Site (after a little bit of CSS injection :mrgreen:)

Images link to sites. Take care of lifted site – really not work safe.

While you’re here can you please spread the word about this nasty bunch of spammers that are trying to scam donations to a children’s hospital in Moscow. More info here.

Have thoughts on this post? Head over and leave a comment on the blog: If You’re Going To Steal Someone’s Design…

Follow RedCardinal on Twitter!

“ready for a new day”

Well perhaps Dublin was, but I’m not so sure about Microsoft.

My day out at Croagh Park

Getting to Croagh Park isn’t the easiest of feats. I arrived after 11am and caught the end of the opening keynote. After a few minutes standing at the back my curiosity got the better of me and I headed to the demo area on the fourth floor. This was where things started to become unstuck.

The Search room

As I am moderately interested in search I headed straight for the Search room. I found a seat (not difficult because everyone else was still upstairs) and a nice MS guy offered to show me the ropes.

The first point to note was that the demo machine seemed a bit temperamental. A few glitches appeared when tabbing through applications – the screen just went dead. My guide mentioned that the demo machines weren’t up to spec for Vista (they certainly weren’t new computers).

He was a knowledgeable and talented guy, but unfortunately he couldn’t tell me if Vista’s new search function would index my web browsing. Nor could he tell me how search behaved across a network.

I do like some features of the new search interface. For instance, if you hover over a search result the related META data appears in a pop-up.

As I was early for the actual demo I went and grabbed a soggy roll and a cup of coffee.

So much attention, so little knowledge

I returned for the search demo proper and found my way to one of the few remaining clients. The demo was of a web-based reporting application that pulled data from a whole bunch of MS products. I’m still not sure how it tied in with search to be honest.

There was one Microsoft person for every four guests in the room, and I asked the nearest rep if I could pull up the application the presenter was showing on my client. After some discussion between Microsoft people I received a response in the negative – the application was running on a server and only available to the presenter. So I carried on watching.

Why demo in Windows 2003?

Strangely, the presentation appeared to be running on a Windows 2003 machine. Now I could be wrong, and it might simply have been a theme, but I still found it odd that Microsoft would promote Vista using a Server 2003 theme?

When the presentation was finished the speaker happened to walk by. I asked him if the web application was platform agnostic and he confirmed it was – it would run on Firefox and other browsers. He also gave me the URL to access the application where I sat. Pity the first couple of fellas hadn’t known that.

As the search presentation was recycling I headed away and caught about half an hour of a very animated and knowledgeable speaker on encryption and Vista’s built-in security features.

Fly me to the moon

Neil Armstrong was a very good speaker, receiving a standing ovation both on arrival and exit. He spoke extremely well and was thoroughly interesting to listen to.

I’m not sure if it’s just me (and Google hasn’t been doing me any favours recently with my tin-hat syndrome), but I felt some of his speech was debunking the debunkers. Maybe he’s just tired of all the naysayers who claim he never got any further than some desert in the US mid-west.

So was I enlightened?

I’ve got to be honest and say no. The welcome package contained two publications, one on the knowledge economy, the other an overview of the Irish case-studies profiled during the day.

I’m really quite surprised there was nothing in the pack about Vista. In fact there was nothing about any of Microsoft’s products. The two publications had a lot about benefits but absolutely no details on the products. I have to say I’m not really any the wiser apart from actually trying out the new Vista UI.

Did I miss something or was I just expecting too much? Or was Micorsoft ready for today?

Have thoughts on this post? Head over and leave a comment on the blog: Dublin Might be Ready for Vista, But is Microsoft?

Follow RedCardinal on Twitter!

But occasionally, just occasionally you come across a gem that puts a smile on your face.

Thank you mikigrubber

Askimet has been getting a bit busier lately (must be because Google loves me now). I filter out a lot of the automated bots with the Bad Behaviour plug-in, so I tend to be left with Asian and Eastern European SEO’s (*cough* spammers *cough*) leaving me nice comments.

mikgrubber gave me a good laugh with this one though:

Hello All. Let’s take a look. A great sollution for you.
pain relief
natural pain relief
lower back pain relief
chronic pain relief
neck pain relief
pain relief medication
knee pain relief
toothache pain relief
natural back pain relief
natural pain product relief
headache pain relief
pain relief cream
tooth pain relief
pain relief product
pain relief drug
pain relief patch
menstrual pain relief
eazol

Of course they were all live links. The usual crap you get. But the main difference with this one was how miki signed off:

Don’t delete this. Thanks!

I think that’s just fantastic. It just cracked me up. A polite spammer. What will they try next?.

(Of course I deleted him straight away :mrgreen:)

Have thoughts on this post? Head over and leave a comment on the blog: Spammers Crack Me Up

Follow RedCardinal on Twitter!

Microsoft Live! has a notoriously poor reputation. People think their search results pretty much suck (try finding a SERP without a blogspot entry), and their algorithm is easy enough to game. But for me, the strangest thing is the extreme measures Live! takes in order to ‘fix’ problems. Here’s a good example.

Just take ‘em out

A recent discussion on Search Engine Watch brought a new Microsoft Live! policy to the attention of webmasters. An email received by a poster from the Live! spam team contained the following:

Your site is acquiring links through posting to or exchanging links with sites unrelated to your site content. Techniques which attempt to acquire unrelated spam links in order to increase ranking are considered spam and your site has been excluded from our index as results.

Now, to be honest, I’m in agreement with Loren Baker at Search Engine Journal and applaud this measure. In theory it’s a proactive step by Microsoft Lives! to clean up their SERPs.

What worries me is the practical side of things. I just wonder if we are going to see collateral damage from this move.

Now before I go any further, I will hold my hand up and say that I don’t normally give a toot about MSN (or Live! as it’s now known). Yes, I still believe that Google executes somewhere between 80 and 90% of all Irish searches. But I do know that certain groups still regularly find their way onto Live! pages (picture all those office workers typing search queries into the address bar of IE :mrgreen:).

Ulterior motives?

Of course the Live! bans may be a defence against the MFA sites which Google is actively banning from their index. In what some believe to be a very cynical move, Google has been banning MFA sites but not disabling their Adsense accounts.

So while Google would prefer not to have their index polluted with MFA sites, they are quite happy to make money from these parasites polluting the indices of their competitors.

So I wonder if perhaps some of the new tactics over at Live! are more of a defensive measure to counteract the competitive postures of it’s biggest competitor?

But what about the gaping hoe in Live!s algorithm?

Well a very recently discovered bug in the way Live! handles duplicate content has opened up a real can of worms. It appears to be rather easy to remove pages from the Live! index simply by linking to the target page in a particular way. This came about because whereas Google just ignores the duplicate, Live! bans both the original and the duplicate (another example of extremes).

I wont link to the above tactic as I don’t feel that would be helpful at all (and it’s apparently so easy to abuse that I think it’s immoral to publish).

Have thoughts on this post? Head over and leave a comment on the blog: More problems for MSN Live!

Follow RedCardinal on Twitter!

Patents can reveal a lot

It is important to follow the technical aspect of search engines. There is undoubtedly one person who is the authority on both today’s technology and the technology the search engines are currently building to serve us tomorrow. He is Bill Slawski of SEO by the Sea.

Patent watching

SEObytheSEA specialises in patent watching. Yesterday I saw Bill Slawski’s post about Microsoft snooping Google search history. It’s quite interesting from a number of perspectives. But first a little background on what’s going on.

Firefox search.suggest

It appears that Firefox has a little known service called search suggest. Search suggest is controlled via the browser.search.suggest.enabled parameter and basically allows third party access to the search history of your search bar.

So whenever you use the built in search bar of Firefox the search query is added to your history so that suggestions can be made based on your prior behaviour.

Now this is where it gets interesting. Apparently Firefox allows third party search plug-ins access to your history so that they too can offer suggestions based on your previous searches. But whereas you might presume that one search engine wouldn’t, or shouldn’t, have access to searches executed on another, well, you’d be wrong.

Microsoft Live sniffing around Google searches?

Apparently Microsoft Live suggested some of Bill’s previous Google queries. Bill then saw that his search history was being sent to Microsoft Live via the browser.search.suggest feature of Firefox. That feature transports your history via a JSON encoded file when this feature is turned on.

The Microsoft Patent

Of course SEObytheSEA is renowned for its coverage of search engine patents. Low and behold, haven’t Microsoft a patent (published November 16) entitled ‘System and method for automatic generation of suggested inline search terms’.

Privacy Ramifications

The default setting of browser.search.suggest.enabled is TRUE in the latest version of Firefox (2.0). (This can be changed via about:config.)

This means that if you are using the built in search bar, a search engine can see your query history regardless of whether it executed those queries. From the SEO by the SEA post:

I performed a search in Windows Live for a term that I don’t believe I ever searched for before on a search engine. I then went to Google Suggest, and started typing in the first couple of letters of the that word to see if it would suggest my Windows Live search term.

It did.

While most people understand that additional toolbars (e.g. Google Toolbar) commonly track your behaviour, it may not be apparent that your search history is made available via this relatively unknown feature of Firefox 2.0.

Of course it’s not as if the major search engines aren’t already collecting enough data on us….

[Some concerned viewers might be interested in CustomizeGoogle plugin for Firefox.]

Have thoughts on this post? Head over and leave a comment on the blog: Does Google Know Your MSN & Y! Searches?

Follow RedCardinal on Twitter!

If you’re curious about where all that spam originates, it makes for an interesting read.

Have thoughts on this post? Head over and leave a comment on the blog: Ever wonder Who Really Does Send You All That SPAM?

Follow RedCardinal on Twitter!

Users (including myself) have reported receiving alerts from TB of new mail that does not appear in any mailbox within the client. Manually scanning INBOX files in a text editor does reveal the mails.

It is not clear if this problem only affects mail with X-Spam-Flag: YES headers.

Do not compact our mailboxes as this may cause the permanent removal of mails that are hidden.

For the moment the best bet is to downgrade to 1.5.0.7.

More details can be found here.

Have thoughts on this post? Head over and leave a comment on the blog: Mozilla Thunderbird 1.5.0.8 Critical Bug

Follow RedCardinal on Twitter!

I just received the old sign-up for their CD-ROM. They seem to be cutting down on costs though – I’ve received it previously in hard copy but today it was a beautiful PDF attachment to a very short but sweet email (maybe times are tough?):

Please print and fill the enclosed document and send it back to:
Euro Business Guide,
P.O. Box 2021,
3500GA UTRECHT,
The Netherlands,
updating is free of charge!

If you want to unsubscribe send an email to ***

For anyone who might feel tempted here’s the fine print from the PDF:

I HEREBY ORDER A SUBSCRIPTION WITH SERVICE PROVIDER EU BUSINESS SERVICES LTD “EURO BUSINESS GUIDE”. I WILL HAVE AN INSERTION TO ITS DATA BASE FOR THREE YEARS. THE PRICE PER YEAR IS EURO 965. THE SUBSCRIPTION WILL BE
AUTOMATICALLY EXTENDED EVERY YEAR FOR ANOTHER YEAR, UNLESS SPECIFIC WRITTEN NOTICE IS RECEIVED BY THE SERVICE PROVIDER OR THE SUBSCRIBER TWO MONTHS BEFORE THE EXPIRATION OF THE SUBSCRIPTION.

Please take care and if you receive this just throw it in the bin.

Have thoughts on this post? Head over and leave a comment on the blog: Euro Business Guide Spam and Scam Warning

Follow RedCardinal on Twitter!

Dear Sir/Madam,

Recent email scams have attempted to consume customers into disclosing their Online Banking security log-in details by re-directing them to a fake site.

Well apart from the reference to scams ‘consuming’ customers that opening sentence states a fact that the banks have been trying to get across to all their customers.

We publish details about such scams on our security pages. However, we would like to get security warnings across to customers as many as possible.

That’s why we’re asking you to take a few minutes to check and update your account details. This will allow us to update your occasional security and Online Banking service information.

Hmm.. so a bit of reverse psychology to draw us in. So you’re telling me about the risks of phishing schemes. Then you mention how important it is to get the message out about these scams. Seems fare enough. You couldn’t possibly be trying to pull the wool over my eyes. God knows, I might even have missed the obvious grammatical mistakes had I been reading this in a hurry.

But it’s your call to action that I love. After warning about the dangers of ‘recent email scams’ you want me to follow your link so I can ‘check and update’ my account details:

Due to the recent security update, you are requested to follow the link below.

And of course you have reinforce that call by preying on that most vulnerable human emotion – fear:

*Important*
You are required to provide all necessary information completely and correctly otherwise, due to security reasons, we may have to close your account temporarily.

Security Advisor
Permanent Tsb

The scary thing here is that should these guys get a native English speaker to create their copy I have no doubt these mails could get some conversions.

Of course if you have Firefox 2 installed you get this nice little message when you click on the link:

The site in question has been removed.

Have thoughts on this post? Head over and leave a comment on the blog: Did Someone Say That Internet Scams Were Becoming More Sophisticated

Follow RedCardinal on Twitter!

MS is offering a tool that lets you to disable automatic delivery of this update – its available at the MS website.

I just wonder if this is going to be another WGA fiasco?

Have thoughts on this post? Head over and leave a comment on the blog: How To Block IE7 in Windows Update (if you’re not too late!)

Follow RedCardinal on Twitter!

So to get into the swing of this blogging thing I thought it might be useful to give an outline of some of the practices and software available that will help keep your PC safe and clean.

Best Practice

1. My #1 piece of advice to anyone surfing the web is to dump Internet Explorer. IE is a dated piece of software that has countless security vulnerabilities. As the market leading web browser it is also the target of most malware attacks and the source of many malware infections on Windows based platforms. I have been using Mozilla Firefox since version 0.7 and cringe whenever I am forced to use IE (generally when on vacation or using someone else’s PC). I have also used Opera and found it to be a well thought out browser. However, for pure extendibility I find Firefox wins hands down. You should really try one of these browsers – they copy over all your settings and bookmarks and I guarantee you will be impressed by the experience.
2. Keep your operating system and applications up to date. Software vendors often update their products fixing bugs, adding functionality and removing security vulnerabilities. It is important that you regularly visit vendor websites or use in-built functionality to keep your products up to date. Most importantly for Microsoft users, you should visit Microsoft’s Update Site every month to download the latest patches. I know that many Irish computer users are limited to dial-up connections but if so you might consider leaving your computer on-line overnight some Saturday night so that it can properly update. The call charges shouldn’t be so obscene at that time.
3. Regularly scan your computers with up to date Antivirus software using the latest definitions available. Most Antivirus software will allow you to schedule scans that run automatically. I have included an Antivirus Software section below with information and my own experience with many of the applications available. You should also install some form of AntiSpyware application – there are many free and purchased solutions available (see AntiSpyware section below for more details).
4. If you are not behind a corporate firewall then you should consider installing a software firewall on your PC. Windows XP ships with the Windows Firewall but it is quite limited in the protection afforded (although, of course, better than nothing). You can find out about various software firewalls below.
5. Something that I don’t see mentioned often is the use of anti-spam software on the mail server. If your e-mail is provided as part of a hosting package you may also have access to anti-spam software. Spamassassin is commonly bundled with Cpanel (you can find it in the Mail section on Cpanel) and uses both filters and heuristics to determine the likelihood of e-mails being spam. You should ensure that it is activated. You won’t lose any e-mail unless you explicitly set this option, but any mail that SpamAssassin believes is spam will be converted to plain text with a warning message in the title. Attachments, which are a common source of malware, will also be converted to plain text and displayed in-line in the message – in effect these attachments become far more difficult to execute by the casual user which reduces the possibility of infection.

In terms of the security software available here is a list of both free and paid applications that will help your PC remain healthy:

1. Spyware Removal and Protections
   • Firefox – as mentioned above dump IE and install a decent browser. You would be amazed at the extra protection.
   • Spybot Search & Destroy – a FREE and handy spy-ware detection and removal tool that has become more advanced over its lifetime. I have used this for many years now and highly recommend it. (oh, and curiously the company is run out of Greystones, County Wicklow!);
   • Spyware Blaster – another FREE tool that basically prevents you from visiting bad websites known to distribute malware. While simply a prevention tool which doesn’t offer the protection afforded by more advanced software, it can be a useful piece of software and best of all it’s free;
   • Microsoft Defender – yet another free application (still in Beta but free for now anyhow) this software integrates technology acquired through Microsoft’s acquisition of Giant Software some years back. I rarely use this app as I find that scans take hours and are very resource hungry but technically this is probably the best free anti0spyware tool.
   • Lavasoft Adaware – available in both professional and free editions this software includes a scanner and removal engine. I have used this in the past but cannot say what the detection rates are like currently.
   • Webroot Spysweeper – this is probably my favourite anti-spyware software. While not free, Spysweeper provides detection and removal technology that sets the benchmark in this area. The one proviso I would give is that since updating to version 5.05 my system has had some serious instability issues.
   • Ewido – Ewido is probably not so well know but I have heard increasingly good things about this software. As with Spysweeper this software requires a subscription.

   If you can afford to buy Anti-Spyware software I would advise Spysweeper, however if you choose to install the top four apps above I reckon you will probably have a good level of protection.

2. Anti-Virus
   • Eset Nod32 – again a brand name probably not well known outside experienced users, but this Czech antivirus really works well. Viewed as one of the best AV tools around, the only downside is that Eset NOD32 is slightly more technical in terms of the configuration options available. I have used Eset Nod32 and highly recommend it.
   • Kaspersky – this time from Russia but widely viewed as having the best detection rates in the industry. I have tried Kaspersky but had to uninstall due to persistent BSODs. Pity because I read very good things about this AV.
   • BitDefender – I have not personally used this AV but again i have heard very positive feedback about its abilities.

   You may well wonder where are the Norton’s, the McAfee’s etc. The reason I don’t mention them is that, while providing sufficient protection for casual users, it is well known that they have the worst detection and removal records. I have included links to some review and comparative sites that you can have a look at.

3. Firewalls
   • Agnitum Outpost – widely viewed as the most effective software firewall for personal use. I believe that previously they also offered a watered-down free version but checking their website I can find no reference to the free version anymore.
   • ZoneAlarm – I have used this particular firewall for a number of years and found the protection to be comprehensive. There have been some previous issues with the software corrupting certain Windows features but these seem to have been ironed out with the latest release. The only thing stopping me going to Agnitum is that ZoneAlarm hasn’t caused me any problems. I can recommend this product if you are looking for a good software firewall. They also offer a reduced feature free version which you could try.
   • Look ‘n Stop – I have only heard of this product recently but everything I have heard seems to be positive. Maybe worth a look.

   Again you may wonder where are the brand name Firewalls. Well again my answer is that the Norton’s and McAfee’s etc don’t offer the protection of the best products available.

   NB ALL-IN-ONE SECURITY SUITES – My advice on this is that most security suites seriously degrade the performance of your PC. If you need the simplest user interface then one of these products *MAY* be for you. However, if you can suffer multiple products you will should reap the rewards in performance terms.

4. AV Reviews and Comparatives
   • AVComparative.org – website giving impartial reviews and comparisons of all the major commercial AV software available. You might be surprised how well (or how poorly) some of the big names do.
   • Wilders Security – online community dedicated to computer security issues. The website is an excellent resource for finding solutions to really nasty PC infections that many AV products cannot remove. You can also find user reviews of security software.
5. Online Anti-Virus Scans
   • Trend Micro HouseCall – a good free online scanner. This will detect but not remove malware from your PC. If the scanner finds malware they will try to sell you their full software.
   • Panda ActiveScan – another online scanning engine with same removal limitations as Trend Micro HouseCall.
   • Kasperksy – yet another online scanning engine. Probably better detection rates than previous two.

   These scanners can be useful if you do not have up to date AV software installed and are worried about malware on your PC.

6. Single File Submission Tools
   • VirusTotal – this is a great tool for scanning single files that may be suspect. It uses multiple AV engines and reports the results usually within seconds.
   • Kaspersky – using the same tool as for online scanning except for single files that you submit to Kaspersky. Usually returns results instantly.

   Great for confirming single file threats that AV software flag as suspicious.

7. Port Scanner
   • GRC – a great tool for testing leaks in your firewall.

   You can use a port scanner to determine if you PC has left any ports open and vulnerable to attack.

Phew! Well I hope the above is useful and maybe, just maybe, prevents someone from getting a nasty malware infection.

Have thoughts on this post? Head over and leave a comment on the blog: Keeping your PC safe

Follow RedCardinal on Twitter!