Google Lego 50th Anniversary Inspiration
Creative Commons License credit: manfrys

I have a small blog about hiking in the triangle. It’s nothing fancy, and my family uses it to catalog our growing love with local hiking. One of my hike-loving co-workers noticed last week that she could no longer find it through google.

The site looked the same; however, a quick source check noted thousands of spam links in the footer. The site, running an older version of wp, had been hacked.

The site got a virtual scrub down and update to the latest version of wordpress. Although the google “punishment” hurt my feelings, I understood completely. Spam filled pages should be devalued. My experience with search engine ranking is that things move very, very slowly. I wondered to myself if trianglehike would ever be found on google again.

with SPAM
Creative Commons License credit: dominiekth

Much to my surprise, trianglehike is back into google this am. The punishment was temporary and reversed (automatically, I am assuming) soon after the hack was repaired. Amazing.

Obviously, this is great news to the blogger who might accidently miss an update or two. One mistake does not kick you out of the game forever. As hard as google battles spam, this distinction between black hat malicious spam and hack-induced accidental spam is impressive.

Even more impressive is how google suppresses the power of wordpress hacks. By correctly identifying and quickly down ranking affected sites, any SEO benefits are lost. Without benefits, the hacks are not economically worth a spammer’s time.

Google is effectively suppressing the power of a widespread spam attack without excessive punishment of the web site owners. Bravo.

This probably will not last long, but it is fun for now. Much like our hacking the wii servers with firefox post, user agents are providing fun once again.

Starbucks and AT&T wifi recently opened up free access to the iPhone. By changing the user agent the browser, anybody can make their browser look like the iPhone to the servers. A couple of easy switches away and it is access for everybody.

Here is how to do it in Safari. Switching user agents in firefox is almost as easy. This documents the iPhone user agent information.

1. Open Safari while connected to a AT&T wifi
2. Enter the Preferences, select the Advanced tab, and then select Show the Develop menu in the menu bar
3. From the Develop menu select User Agent
4. Select the iPhone User-Agent
5. The page will reload and ask for a geniune iPhone number. Everybody has a friend with an iPhone, right?
6. Welcome to free internet from Starbucks

I did a quick demonstration of this at my local Starbucks. Forgive the stammering but I didn’t want to take a bunch of cuts sitting outside the coffee house. Screenflow is adding some pauses and slurring too… Nice, but buggish program.

High resolution pod cast available here. YouTube video available below.

tease for youtube free wifi starbucks video

Did you hear of browzar this week?  The less than 300K download was suddenly the answer to completely safe browsing! 

Ummm, no.  It’s a wrapper for Internet Explorer that tries to delete your privacy information as you surf.  Scott Hanselman discovered very quickly that it does not even do that very well. 

It also redirects all a user’s searches to overture.  Wow, that’s like spyware 101.

A few people bought it hook, line and sinker:

  • China Martens, InfoWorld
  • Martin McKeay, ComputerWorld
  • Jordan Running, Download Squad
  • Michael Pick, RobinGood
  • Sam Sethi, TechCrunch UK
  • Rafe Needleman, cnet
  • Digg promoted it to the front page; however, users were quick to start commenting on its true nature.
  • Slashdot posted about it as well.  Users there started discussing its status quickly as well.

So what started this wave of browzar pain?  A press release!  Yes, many of these high-profile bloggers saw the press release and posted about it as soon as possible. 

So who is more to blame: Ajaz Ahmed for releasing this junk or the bloggers who repeated his propoganda?

Infragard conference

October 11th, 2005

I’ve spent the day at our local Infragard Membership Alliance annual conference. Some good presentations, lots of hairs standing up on the backs of necks. A particularly good presentation on malware included a striking demonstration of exploiting a vulnerability on a fully patched windows server and installing a rootkit which made itself invisible even though it took over port 80 for its evil purposes. It made everyone running IIS want to leave and go back to the office to shut down their server and, well, keep it down. The whole experience made a lot of people think. The take home message is that there isn’t much you can do and you are pretty much out of luck.

No more Trusted Solaris

October 10th, 2005

Sun plans to phase out Trusted Solaris and instead offer security extensions software that will sit on top of Solaris to provide all of the features of Trusted Solaris. I remember thinking how cool it would be to use Trusted Solaris on a box… I’d feel like I was in the CIA shooting suspicious sidelong glances out of my cube as I keep all of my super secret data… secret. Then reality set in as I realized that it implemented the really tedious, mind numbing aspects of security, the seemingly exciting (but oh so not) aspects of Red Book classifications C2 and B1, blah blah. Very important stuff, but not very much fun. Sun hasn’t released a Trusted Solaris since some version of Solaris 8. Can’t blame them.. I bet getting the OS through its certification process is even less fun than using it. Here are details.

Very bold identity thieves

September 14th, 2005

The theft of computerized personnel records from Fort Carson Army base in Colorado last month has to make other victims of computer heists feel a little better and the rest of us more nervous. Sweet talking a receptionist out of her password in exchange for a Starbuck’s gift certificate is one thing, walking out of an armed military base with four hard drives is a little different.