Posts tagged as:

Blog

New Theme

by certifiedbug on August 11, 2008

in This and That

Thesis 

One of my all time favorites by Chris Pearson was/is CopyBlogger. His themes are always a joy to work with.

{ 2 comments }

I have a new theme

by certifiedbug on February 12, 2008

in This and That

Brian Gardner’s Revolution Pro.

Please excuse the construction and use the Blog tab rather than Home for the moment, lots to learn.

It will be fun, no really… ;-)

Update: Blog tab is now “Articles”

{ 0 comments }

Beware Google Search email alerts on Blogger

by certifiedbug on February 4, 2008

in Rogue

I saw this article over at NetWorkWorld dated 01/31/08. Google blog used to spread malware

A Google-hosted blog is running phony security content that’s linked to malware, as well as using Google’s automated notification service to try to entice subscribers to click on an infected link, says one security expert.

“This is the first time we’ve seen something like this,” Elzam says. “If you get a message from a Google alert, you might think this is a service you can trust. But it’s directing you to a rogue site with fake security software.

This stuff is not new, but it is getting worse. A few days ago one of my alerts for Google Blogs provided a link which opened to a graphic pOrn page complete with videos, ‘click this to play’. Shortcut to infection via codecs, don’t ever click that junk.

I was watching for blogs containing the word of an outfit not usually associated with pOrn.

Fellow MVP TeMerc has been tracking Malware dispensing Google Blogs for some time:
More Blogspot Malware
Google Blogger Blogs Carry WinAntiVirus Ads

{ 0 comments }

Facebook drops Secret Crush over spyware claim

by certifiedbug on January 7, 2008

in Security

A FortiGuard Advisory January 2, 2008 warned their researchers had discovered a malicious widget called “Secret Crush” spreading on Facebook, the social networking site, which prompted users to install the application.

Users were informed they needed to invite at least five more friends to Secret Crush before proceeding, and then were invited to download a Crush Calculator application which contained Zango software. Zango or its affliates are often depicted in the media as adware/spyware.

Zango has publicly denied involvement with Secret Crush.

Fortinet’s so-called “Advisory,” issued Wednesday with the attention-seeking headline “Facebook Widget Installing Spyware,” is completely false as it relates to Zango. A thorough investigation by Zango security personnel reveals no silent or surreptitious installation of any software, much less any “spyware,” by or in connection with the “Secret Crush” widget.

CNET News.com’s Caroline McCarthy writes that on Monday, January 6, 2008 Facebook announced:

Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware,” a statement from the company read. “We have contacted the developers and have disabled the Secret Crush application for violating Facebook Platform Terms of Service.

Zango said the Secret Crush widget on Facebook is now called the “My Admirer” widget.

Apprantly Zango is making the rounds posting disclaimers, such as the comment left on Security MVP Shaba’s pcsecurity blog.

{ 0 comments }

certifiedbug is back

by certifiedbug on January 3, 2008

in This and That

My hosting company did something in the wee hours that caused 404 errors.

Thank you dgosling and Corrine for notifying me.

My gratitude to a friend in the community known as LWM who was able to locate and resolve the problem.

{ 5 comments }

Storm Worm botnet

by certifiedbug on December 31, 2007

in Security

Storm is evolving into a very complex beast.

From rbnexploit.blogspot

Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff.

There are some interesting elements concerning which make this attack innovative:

# Although much of that detected is conventional spam, however there is also a large amount of spam which is getting through many anti-spam defenses due to the use of “fake” BlogSpot (Blogger) links

# Although most have identified as the Zhelatin Storm email worm or variant, it is also as the more recent fake codec downloads, dependent upon where the unfortunate user has come from. This now shows a “polymorphic” format, i.e. the virus or exploit has the ability to alter its signature in an attempt to combat anti-virus tools.

RBN – New and Improved Storm Botnet for 2008

Source: Harry Waldron

Intertwined. Malware on Google Blogspot

Users are getting infected every day with no interaction required.
Unlike some of these Zlob\Codec sites where users are duped into
downloading something. Or the current run of Storm variants being
pushed via Blogspot for that matter.

If you have the misfortune to be infected, I suggest you seek help at one of the sites listed in the right side column under “Security Forums”.

{ 0 comments }

Content scrapers and Rogues

by certifiedbug on December 29, 2007

in Security

With more frequency I see content scrapers subscribe to security orientated blog feeds, simply to draw traffic to their own pages which link to Rogue anti-spyware programs.

FeedEntryHeader is a useful WordPress plugin, allowing you to add a copyright statement with a link to the original article, at the top of your feed entries.

{ 3 comments }

Windows Live Writer

by certifiedbug on November 20, 2007

in Programs

I tried this program awhile back when it was first released and didn’t much care for it at the time. However Writer has greatly improved and I see it being very useful for blogging on the fly.

To be continued, edited and updated as I try it out.

Update:The ability to see exactly how your post will look before you publish it is great, with four viewing or editing modes. Normal, Web Layout, Web Preview and HTML Code.
WLW now supports XHTML. With Live Writer open> Weblog> Edit Weblog Settings> Advanced> Markup Type.

12-12-07. Windows Live Writer was updated to version number 12.0.1367.1128.

This update is being distributed via Microsoft Update, so if you have chosen to have important updates automatically installed, you should receive this update automatically. If you aren’t automatically getting updates, you can open Windows Update, check for updates, and the update will appear in the list of available updates.

Writer Zone

{ 0 comments }

FeedSmith Plugin for FeedBurner. Security Update

by certifiedbug on October 8, 2007

in Programs, Security

Potential security vulnerability
Some WordPress plugins that permit the entry of user-entered values, such as older versions of FeedSmith, can be vulnerable to what is called a “cross-site request forgery.” Without getting overly technical, this permits someone to change WordPress plugin settings on your system without you noticing during the time you are signed into your WordPress control panel. And no one wants that.

According to the official FeedBurner weblog, the update was released 10-03-07. However it did not present in v2.3 WordPress as an available plugin update, so I suggest checking the official FeedBurner weblog for such important updates:
http://www.feedburner.com/fb/a/home

Better yet subscribe to their feed.

{ 0 comments }

Blog life, plugging a plugin

by certifiedbug on October 4, 2007

in News, This and That

For those going through ‘Simple Tagging’ withdrawal after installing WordPress 2.3 with native tags, you will be pleased to know Amaury Balmer has released Simple Tags.
For WordPress 2.3 only, now you have no excuse not to upgrade. ;)

{ 0 comments }

← Older Entries