Last weekend was filled with controversy and the reason for this was a worm hitting many self-hosted WordPress blogs. We warned and urged everyone to upgrade, although the most recent version of WordPress, 2.8.4, was released almost 3 weeks earlier. WordPress 2.8.4 was the second security update for the 2.8 branch in less than 2 weeks. This update was released only 2 days after the vulnerability was discovered, proving how hard the WordPress community has worked to improve and secure the platform.

Ever since WordPress 2.3, which was released almost exactly 2 years ago, every WordPress blogger receives an update notification whenever a new version available is. The majority of new releases are bug fixes and security updates.
Personally, whenever I see that yellow new release notification I can not hit update now fast enough. If it weren’t for the security aspect then it is for the ugliness of the notification.

Nevertheless, in these days some people are given a megaphone online and can not resist the need to be vocal, even though they were the only ones who were to blame. One of these people last weekend was Robert Scoble. His post I don’t feel safe with WordPress, Hackers broke in and took things quickly went viral Robert received support but also bashing. Gruber even went as far to say that Movable Type safer is. read more

Internet security company F-Secure has announced the discovery that Twitter is now following its advice to filter all posted URLs, including shortened ones, for malicious content.

Their screenshot, copied below, shows what happens if you try to post a link to a site that Twitter considers leads to malware.

The message “Oops! Your tweet contained a URL to a known malware site!” pops up and the message cannot be posted. read more

Twitter has published a blog post commenting on the internal documents that are running on TechCrunch. They were obtained through an email hack on an administrative employee’s account, which in turn gave access to Twitter’s Google Apps account. They are stressing the fact that it was personal security that faltered, not Google Apps, but it still points a finger to one of the dangers of data in the cloud. No user accounts are compromised either, and naturally there’s legal actions from Twitter’s side.

Meanwhile, TechCrunch and others are having a field day with the income prognosis report, security issues and the fact that these documents are out in the open in the first place. And naturally it all boils down to a Valleywag post on the twitterati’s response to the breach.

That poor administrative employee will probably stick to better passwords in the future, eh?

Where 15 years ago, having a Web site was something of a badge of nerdiness, today having a site doesn’t require much technical knowledge at all. Someone with almost no technical expertise can set up an account on WordPress.com or Blogger and be blogging within minutes.

However, this doesn’t mean that a blogger can get away with being a technical dunce. Though getting words on the Internet is pretty simple, building and growing a blog does require one to know a bit more than how to flip on a PC. Social networking sites make it easy to get online, but blogging, especially over the long haul, takes something more.

So what are those things that every blogger should know? There are many, definitely more than what is on this list, but here are five things every would-be blogger should know before, or at least shortly after, getting started. read more

Over the past few months, I’ve been writing a lot about cyber crime and security vulnerabilities, especially as it impacts social media and blogs. The April 1, 2009, expansion of the Conficker/Downadup Worm Infection worried many as the 1 in 16 ratio of infected computers increased dramatically around the globe and attacks were aimed at social media services like MySpace, Facebook, and Twitter.

With the increase in cyber crime and security issues, and the growing profit found in cyber crimes, where do you go to report cyber crime if you find it or are a victim of it? read more

We live in an age of transparency. I’d say that “transparency” should have been the word of the year last year, and it’s popularity as a buzz word this year continues. It pops up in most news reports, demanding transparency from banks and financial institutions, politicians, governments, corporations, and individuals.

It also litters our social media interaction. We want our online social interchanges to be with real people who want to know us as real people. We want people leaving comments on our blogs to have names. We want folks on Twitter to have real names, not CD Handles and cute nicknames or keywords. So is it okay to be anonymous any more?

Over the years, there as been an ongoing debate about anonymous bloggers as more and more people take to the Information Highway to have their say. For some, anonymity is a matter of life or death. For others, it’s just wiser. But it isn’t for everyone.

Some use a pseudonym, similar to what writers and artists have been doing for many years, either for protection and security, or because their real name, Hildibob Slibbervitzenson, just isn’t “writerly” or “artistic.” Would women have swooned over Archie Leach? Sang the memorable songs of Barry Alan Pinkus, or sang along to Bohemian Rhapsody with Farrokh Bulsara? Or believed in the sung words of Robert Allen Zimmerman with such fervor? Would Moses have been so memorable if played by John Charles Carter? Would the sexy pottery scene in “Ghost” have been so memorable if performed by Demetria Gene Guynes? Replaces those real names with their pseudonyms of Cary Grant, Barry Manilow, Freddy Mercury, Bob Dylan, Charlton Heston, and Demi Moore and everything changes.

There are many people who blog under a pseudonym without condemnation, but there are still those who choose to publicly blog anonymously. They use CD Handle style names, making a visible statement about their need to be private and choosing to hide behind a masked name while not hiding their opinion.

And there continues to be a witch hunt on to out them when their opinion doesn’t agree with the government or politicians. read more

According to Investor’s Business Daily, evil is sweeping social networks, moving beyond email and blogs to where you like to virtually hang out and congregate:

Security experts last week warned that a new strain of the Koobface virus is hitting Facebook, MySpace and other social networking sites. It looks for links and passwords to other social networking sites.

Social networking site owners work actively to put a lid on nefarious activity. On Tuesday, a federal judge in northern California issued a temporary restraining order against three people accused of widespread spamming and phishing attacks on Facebook. It comes three months after Facebook won a suit that prevents another group of spammers from using or accessing Facebook data and applications.

Virus creators are increasingly targeting social networking sites and other Web 2.0 technologies such as the micro-blogging site Twitter and instant messaging services from Google, AOL and others. Virus writers are also creating fake profiles of celebrities, real friends or business associates hoping people will link with them. Users can be tricked into linking to the fake profile, which can be loaded with various forms of malicious software.

The article by Brian Deagon showcased Facebook users who responded to an email from a “friend on Facebook” to visit a link that initiated a program that “rifled through his hard drive, installed malicious software and sent the same e-mail to all of Daradics’ friends on his Facebook profile.” read more

F-secure reports on security vulnerabilities with Adobe Reader and Foxit Reader for reading PDF files.

While this could be seen as another day-in-the-life update, the warning came with an interesting twist:

Do note that while we are recommending users move away from Adobe Reader, we are not recommending any particular replacement.

…Instead, we recommend users to find their own Adobe Reader replacement.

This way we get more heterogeneous userbase, which is a good idea security-wise. Nobody wants to repeat what happened with the great IE —> Firefox switch. As 40% of users switched to Firefox, about 40% of the attacks switched to target Firefox.

Monocultures are bad.

In the new world of online social, more and more people using the same tools, putting us all at risk as hackers and attackers move towards the natural migration of popularity. Monocultures are bad as they open the door to mass risks. read more

I’m working on my annual Things I Want Gone from the Web article and I’ve personally designated this “The Year of Original Content.” We’re done playing around with feed scraping and autoblogging.

The blog echo chamber effect of someone blockquoting and linking the same content as a recommendation, echoing through the web without original content, is a beginner’s mistake. Don’t do it. Always add your original voice and content to your recommendations, telling your readers why it is important to leave this blog and go to another, then come back for more.

Google took action to penalize duplicate content within a site and between sites, and added bonus points for original and unique, appropriate and relevant keywords around links, especially link lists, rewarding original content providers with nicer PageRank scores. Similar actions are being taken by other major search engines, directories, and legitimate content aggregators.

As a serious blogger, you’ve learned the lesson and stay focused on creating original content. You link to other people’s content appropriately, taking care to protect their copyrights and not confuse your reader’s, putting other people’s content in blockquotes with clearly indicated links and credits.

For scammers, scrapers, and plagiarists, other people’s content has turned into a major money-maker as they use other people’s content for financial gain and misdirection. read more

As a quick update from the information in Downadup Worm Infection: Cyber Attacks on the Rise in 2009 and Security and Hacking: Protect Thyself and Thy WordPress Blog concerning the still spreading Downadup worm, ComputerWorld and others are reporting that the Downadup worm now infects 1 in every 16 PCs for an estimated current total of over 9 million infections.

It now has its own Wikipedia page called Conficker as the worm is also known as Downup, Downadup, Conficker, and Kido.

According to the Wikipedia article, the computer work first appeared in October 2008 but spread fast after the first of the year. It specifically targets Microsoft Windows and Windows Server services using Windows 2000, Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008. It has infected a few governments and hospitals, but mostly corporate computer networks.

On October 15, 2008 Microsoft released a patch to fix the bug. Heise Online estimated that it had infected 2.5 million PCs by January 15, 2009, while The Guardian estimated 3.5 million infected PCs. By January 16, 2009, an antivirus software vendor reported that Conficker had infected almost 9 million PCs making it one of the most widespread infections in recent times. Conficker is reported to be one of the largest botnets created because 30 percent of Windows computers do not have a Microsoft Windows patch released in October 2008.

The virus can spread through websites and USB drives, like flash drives, cameras, portable hard drives, and other USB connecting devices that trigger AutoRun, so Microsoft is recommending people upgrade their Windows programs and turn off AutoRun. read more