hackedy-deactivated20130901

Tumblr vulnerability revealed

SPAM EXPLOIT

Nota Bene!

I have not personally confirmed any of this, as I never, EVER post via email. That is not because I am so virtuously security-aware as much as it is about my need for control, I confess.

Anyway, it seems like a good idea to read the following and consider the suggested advice if you do post by email.

Via hackedy:

mikefuckingchilton:

Is somebody hacking into your account and posting spam??

Changing your email address and your password (or even your url) still isn’t working?? [In other words, none of the listed actions have served as an effective remediation for your hacked status ;o) ]

Spammers don’t even have to log into your account. This is the solution (given to me by the lovely chan):

Go to your blog settings.

image

Scroll down until you see this:

image

What spammers are doing is emailing that email in order to post!! Reset your email twice or even three times just to be safe,  if you continue to have a spam issue (and don’t forget to hit save at the bottom).

So far it’s worked on my own blog and on a few others with a similar issue. If they end up getting into our accounts again we’ll look into another solution!!

I thought about this today in the shower and whaddaya know, someone’s doing it already.

Emphasis mine.

not-not-not-TUMBLR STAFF BLOG: GIVEAWAY ALERT

image*hxxp://i.imgur.com/lq3zU.png*

Dearest dataanxiety,

In response to the tons of annoying Apple product related spam recently cluttering your dashboard, we have teamed up with Apple’s development team to ACTUALLY GIVE AWAY APPLE PRODUCTS!

*hxxp://tumblrlinks.com/?applepromo*

Under the condition that you agree to “test” the product, by allowing basic debug data to be automatically sent to Apple’s dev and diagnostics teams.

So, in a nutshell..
CLICK HERE TO RECEIVE YOUR FREE IPHONE!
     *hxxp://tumblrlinks.com/?applepromo*
Just be sure to fill out your email address and all accurate info, use confirmation link, and then use the PROMO CODE: TUMBLRCARES

Because we do care, just not about spammers.

Note: only the first 1,000 users may take part in this promotion, which is on a first come first serve basis.

Oh, and don’t be greedy. “Publish” and reblog away! Share the loot!
</

Banhammer via @Gawker

This week I was going to give everyone the ax who has a star but has yet to upload an avatar but, well, we haven’t been showing avatars for days now. The tech team is working on it, I assure you, and while we wait I figured we’d focus on a few people who’ve engaged in one of my least favorite pet peeves…

simplystatistics

Visualizing Yahoo Email in Real Time

simplystatistics:

Here is a cool page where yahoo shows you the email it is processing in real time. It includes a visualization of the most popular words in emails at a given time. A pretty neat tool and definitely good for procrastination.

The cabal of three bio-statistics professors running the new Simply Statistics tumblr weren’t terribly impressed with this Yahoo! real-time data visualization.

Upon closer inspection, it becomes more interesting, specifically the spam count feature. Go ahead, have a look: visualize.yahoo.com.

boxofmeat

boxofmeat:

Rather than stopping bots by having people identify themselves, we can stop the bots by making it difficult for them to make a successful post, or by having them inadvertently identify themselves as bots. This removes the burden from people, and leaves the comment form free of visible anti-spam measures.

Originally from the blog of Ned Batchelder (which I must hasten to mention, boxofmeat gave 100% attribution to), which is decent reading even for 2007, and even if spam seems to have won the day.

While there, I noticed a comment describing something called “Negative CAPTCHA” by Damien Katz. I had to click on through, and was rewarded for my effort with one of the more amusing, responsive and long running comment threads in awhile.

If you have the time… Negative CAPTCHA.

By the way, I have no idea if any of this would work or not anymore. But I really like some of the hunt-and-seek of spam traps and detection, as well as the use of probability theory and such. Naive Bayes can be SO gullible sometimes.

Via End-to-End Analysis of the Spam Value Chain
An excellent study! It was short, easy to understand and full of original content.
Unusual features
Links to supporting research (with no pay walls in the way!), news, fun stuff too! E.g. &#8220;Anatomy of a Spam Viagra Purchase&#8221;. 
End-to-end Analysis of the Spam Value Chain is a recent study researched and sponsored by The International Computer Science Institute in Berkeley, California.
The International Computer Science Institute
The ICSI is one of the only non-profit independent research organizations in the U.S.A. It is also a leading center for computer science research, worldwide.

Via End-to-End Analysis of the Spam Value Chain

An excellent study! It was short, easy to understand and full of original content.

Unusual features

Links to supporting research (with no pay walls in the way!), news, fun stuff too! E.g. “Anatomy of a Spam Viagra Purchase”. 

End-to-end Analysis of the Spam Value Chain is a recent study researched and sponsored by The International Computer Science Institute in Berkeley, California.

The International Computer Science Institute

The ICSI is one of the only non-profit independent research organizations in the U.S.A. It is also a leading center for computer science research, worldwide.

I guess this isn’t THAT troubling. Yet it does seem sad and wasteful for people, small business owners in particular, to spend their time like this.

The reason is web spam and unethical “search engine optimization”.

Blekko, the new search engine that is using human curation to eliminate spam from search results, and MerchantCircle, the largest online network of local business owners in the nation, today announced a partnership that will weed out spam for users searching for small business resources. MerchantCircle’s community of 1.6 million members will help improve small business search results by curating the new slashtag /smallbusiness so that it returns results from trusted resources that are free of spam.

Rich Skrenta, CEO of blekko said “… small business owners are forced to compete in search with professional SEO wizards who want to get in the way of good information.” [Since launching in November, 2010] Blekko … has taken dramatic steps to clean up the swampy web.