1. Google Draws Fire Over Blogspot Spam Blogs

    The explosion of spam blogs on Google's Blogspot hosting service is drawing a chorus of condemnation from prominent bloggers, and has led at least one blog search service to stop indexing posts on Blogspot. The growth of spam blogs has accelerated in recent months, fueled by automated tools that can create blogs on Blogspot and some similar services and populate them with keyword-optimized posts and Google AdSense advertisements.

    About 39,000 fake blogs have been created on the web in the past two weeks, according to an analysis by Technorati, or about 4.6 percent of the 805,000 new weblogs created in that period. FightSplog, which has been monitoring new blogs at Blogspot, recently documented 2,763 porn splogs created by a single "splogger." Blogspot-based spam blogs recently began featuring names of prominent bloggers in posts, boosting the splogs' visibility in searches at web-based RSS aggregators like Feedster, PubSub and Bloglines.

    The move prompted IceRocket to stop indexing new posts from Blogspot.com, according to a blunt post from Mark Cuban, a major investor in IceRocket. Cuban says Blogspot indexing will resume once filters are adjusted, but warned Google to fix the problem or face a permanent ban. Bloggers are also focusing their fire on Google, which has stepped up its splog-squashing efforts in recent weeks but still can't keep pace with the automated instasplogs. "If your motto truly is to do no evil, then you need to start putting some resources behind an effort to curb this train wreck," LockerGnome's Chris Pirillo advised Google.

    (more...)

    Posted by Rich Miller on 17th October, 2005 in Dogfood

  2. Microsoft Updates Fix for Critical Win2K Hole

    Microsoft has issued workaround instructions for a buggy patch issued last Tuesday as part of its monthly security update. The patch repairs a critical security hole, which could leave Windows 2000 systems open to an Internet worm attack. Microsoft says that few systems have been affected by issues with the update for a security hole known as MS05-051, which could allow attackers to gain control of Windows 2000 computers via an unchecked buffer in the Microsoft Distributed Transaction Coordinator (MSDTC).

    Late last week users began reporting significant problems on some Windows XP, Windows 2000 and Windows Server 2003 systems after the patch was applied. Although few users were directly affected, the bug reports may have prompted many network administrators to delay patching their systems until the issues were resolved.

    (more...)

    Posted by Rich Miller on 17th October, 2005 in Security

  3. Video iPod Launch Slows Apple Store

    The Apple Store was offline for more than an hour following the launch of a new video-enabled iPod, which was unveiled today after months of anticipation. While the launch of a new Apple product routinely leads to brief "restocking" outages for the Apple store, today's downtime was longer than usual, perhaps due to web traffic generated by the pent-up curiosity of iPod lovers.

    applestore.png

    The video iPod has a 2.5-inch screen and will sell for $299 for the 30-gigbyte hard drive, and $399 for 60 gigs. Apple's iTunes store will now sell music videos and some TV programming at $1.99 per video.

    Posted by Rich Miller on 12th October, 2005 in Performance

  4. OpenSSL Patches Security Hole

    OpenSSL has released a software update to fix a flaw that could make it easier for hackers to attack secure web servers. The security issue could allow attackers to force an SSL-enabled site to use the outdated and potentially insecure SSL version 2.0 protocol.

    Some secure web sites allow visitors to connect using earlier versions of SSL, an option which can be enabled by OpenSSL's SSL_OP_ALL setting. Normally, web servers will default to the most current encryption protocol supported by the user's browser, usually TLS or SSL version 3. But a flaw in the SSL_OP_ALL implementation could allow an attacker to trick the server into using SSL 2.0.

    "An attacker acting as a 'man in the middle' can force a client and a server to negotiate the SSL 2.0 protocol even if these parties both support SSL 3.0 or TLS 1.0," notes the advisory from OpenSSL. "The SSL 2.0 protocol is known to have severe cryptographic weaknesses and is supported as a fallback only." The OpenSSL Project is advising users to either upgrade their server software with the latest version or disable SSL 2.0 entirely.

    (more...)

    Posted by Rich Miller on 11th October, 2005 in Security

  5. Phishing Defense a Key Factor in eBay-VeriSign Deal

    Paypal will implement strengthened anti-phishing measures for up to 1 million users next year through a deal announced yesterday between VeriSign and eBay, which operates Paypal. While most of the headlines focused on eBay's purchase of VeriSign's payment processing unit for $370 million, the most widely-felt benefit of the deal will likely be the enhanced security for Paypal, which has been relentlessly targeted by phishing scams.

    The agreement calls for eBay to buy up to 1 million two-factor authentication tokens from VeriSign. eBay and PayPal plan to begin the rollout of two-factor authentication to customers in 2006, including marketing and security programs designed to "promote customer adoption."

    (more...)

    Posted by Rich Miller on 11th October, 2005 in Security

  6. VeriSign Acquires Weblogs.com, Declares War on ‘Splogs’

    VeriSign has acquired Weblogs.com, the primary weblog "ping" service tracking how often weblogs are updated. The deal capped a wild Thursday in the blogosphere, which started with the announcement that America Online has bought Weblogs Inc., one of the most prominent blogging networks.

    While the AOL-Weblogs Inc. deal is focused on content, VeriSign's purchase of Weblogs.com from founder Dave Winer is all about infrastructure. "For a long time, ping servers could be stood up as a single box running on a fast business DSL connection," noted VeriSign's Mike Graves on the company's Infrablog. "Those days have passed at least for the popular ping servers; pings are well on their way to requiring serious infrastructure. That’s where VeriSign comes in."

    (more...)

    Posted by Rich Miller on 7th October, 2005 in Security