Typhoid Mary (aka Mary Mallon) was was the first identified healthy carrier of typhoid in the US. While she did not die from typhoid, she passed the disease to others who then became infected and died. Throughout most of her life, she denied her role in the deaths of those infected by her. Today the term ‘Typhoid Mary’ has come to mean a carrier of a dangerous disease who is a danger to the public because they refuse to take appropriate precautions.

Kanga.nu is a typhoid mary. This Plone site has a major security vulnerability which allows malicious users to create URL’s on the site that then forward visitors to a new page. Here is how it works:

» Read the rest of the entry..

A digital fingerprint can be thought of as your own personal googlewhack, or a search query that generates only one result. Consider the following example, one of the worst possible digital fingerprint choices would probably be the end with over 400 000 000 million results indexed in Google. It would not be possible to distinguish your own the end’s from other the hundreds of millions of other web pages that contain that phrase.

However, if we add a single word to the end we can create a unique and personal fingerprint, » Read the rest of the entry..

Observe the best of today’s splog spam my filters caught. Somewhere between step 1 and step 1 + n, this guy screwed up. I’m thinking it was on step 2, but it could have been steps 3 or 4. Care to guess?

Nice blog. If you are interested in other ##KEYWORD## related blogs visit ##LINK##
Interesting Post. If you find ##KEYWORD## interesting, I invite you to check out my ##LINK## website.

I really liked your post. You would probably enjoy the articles I have compiled at my ##LINK## site. I invite you to check it out.
As always, you have compiled a very interesting blog here. I think you would enjoy my ##LINK## blog. You should check it out if you are interested in all things related to ##KEYWORD##

Very well written! Based on the content of your blog, I think you might enjoy some of the articles at my ##LINK## site and hope you will give it a peek.

Here is my reply: » Read the rest of the entry..

I’ve written about methods of alerting contextual advertising networks to abuse before [see Abusing Yahoo!’s Contextual Advertising (YPN) — not clickfraud] and have been pleased to see some action on the front. But things are still too complicated and time consuming. Spammers continue to prosper at the expense of us all (see why everyone loses).

The following guide explains two ways of fighting back and alerting the Adsense program of abuse that you stumble across when browsing the web (skip the preamble and head right to the two methods). A typical scenario involves the following: » Read the rest of the entry..

This is old news, but I’ve been busy. Congratulations go out to the YPN team for listening to their detractors and instituting a method for the general public to comment on websites they see that contain YPN contextual ads. Before, you had to be a member of the YPN! network to report other members who abuse YPN’s Terms of Service (TOS) (read Abusing Yahoo!’s Contextual Advertising (YPN) — not clickfraud for a full account of the details).

As of July 31, you can use the following email address to alert Yahoo of websites that mess with the colors, and generally try to get you to click on ads unwittingly (and thus break the TOS): ypn-feedback@cc.yahoo-inc.com. » Read the rest of the entry..

This article continues down the same path as Teaching Akismet Part 1: I am good with a look at how Akismet could be used for nefarious purposes. In the first post we learned that user input determines what Akismet thinks is spam. In this article, that idea is expanded in order to teach akismet to be bad. Below are listed three potential applications of the idea that Akismet can be taught things.
» Read the rest of the entry..

Introduction: Part 1 of a 2 part series focused on how Akismet can / could be taught good or evil. Part 1 below explains the situation I found myself in, and the steps that I took to remove myself from Akismet’s list of comment spammers. Part 2 introduces some theoretical concepts for the creation of spamming networks.

For the past couple of days, Akismet (a popular comment spam fighting service provided by Automattic et al) had me pegged as a comment spammer. I didn’t know that Akismet was doing this, I only figured it out after several random blogs refused to post comments I had made.
» Read the rest of the entry..

I hope the company that paid for the following spam in my inbox is happy. We all know they just -insert web link here-, but when you actually get spam with -INSERT_LANDING_PAGE_URL- its just too funny. Here is the actual code of the email (with emphasis):

<html><head><title>oemcds2</title>
</head>
<body>
<p align=center><a href="INSERT_LANDING_PAGE_URL"></a><b> a click here gets you to…</b></p>
<p align=center><font color="#cc0099">PURCHASE OEM SOFTWARE FOR LOW, LOW PRlCES AND….
</font></p>
<p align=center> <font color="#000066">- become familiar with the most common Microsoft Office software </font></p>
<p align=center>- design and buiId web paqes with MacroMedia software</p>
<p align=center>- create and edit pdf files with Adobe software </p>
<p align=center><b>A NEW CAREER IS WAlTING JUST AROUND THE CORNER! </b></p></body></html>