We are all aware of the spam-bots that infest our systems via comment and trackback spam. For the most part, whatever software used, it can be defeated through various hacks, plugins, and htaccess tricks.
I have a question for you. How many blogs do you visit that include enhancements to their sites with features such as music? Any feature that requires JavaScript and ActiveX is suspect.
Let the Blogger beware, I warned you, with the help of ZDNet:
The problem involves the use of JavaScript and ActiveX, two common methods used to launch programs on a Web page. Security experts said malicious programmers can use JavaScript and ActiveX to automatically deliver spyware from a blog to people who visit the site with a vulnerable Web browser.Evil bastards aren’t they? Just another reason to avoid blogs that contain “music” for my pleasure. Not that I ever intentionally visited any, or searched for them either. With thousands of dollars I have invested in CD’s what’s the point? To have some knucklehead offer me his/her choice in music? Thanks, but no thanks!Spyware tools also have been hidden inside JavaScript programs that are offered freely on the Web for bloggers to enhance their sites with features such as music. As a result, bloggers who use infected tools could unwittingly turn their sites into a delivery platform for spyware.
Get your “shocked” antidote at the ready. The IE browser is the most vulnerable to be infected, and Google’s Blogger in none to safe either:
The problem only affects Web surfers using Microsoft’s Internet Explorer who fail to choose the highest IE browser security settings, security experts said.OK, so you weren’t shocked and saved your “antidote” for another day. Here’s my advice, go here and get the hell off IE. After completing that task go here and get a better blogging system.The blog vulnerability has cropped up most visibly in Google’s Blogger, the most widely used blog-publishing tool. But it could affect other services as well.
Visitors to Blogger’s Blogspot.com network have complained that they were exposed to infected sites when they used the “Next Blog” link. The feature was designed to help people discover new journals and takes Web surfers to a random Blogspot site.
UPDATE: The 2nd Annual Workshop on the Weblogging Ecosystem: Aggregation, Analysis and Dynamics, will be held in Chiba Japan [A prefecture near Tokyo] in May. Guest speakers include Ethan Zuckerman, Eytan Adar, Natalie Glance and Matthew Hurst co-creaters of BlogPulse. Among the many topics to be covered are “applications built on top of blog data” and “Alternative blog forms (podcasting, moblogging, photoblogs, etc.).” Both topics should address the current JavaScript and ActiveX problems.
Cross posted within the Cranial Cavity
i use Firefox for OSX on my mac. no problemos
Comment by Mr. Bingley — 23 Feb, 2005 @ 23:08
Opera or Firefox. I use IE only for checking websites I’ve built (where I know what is in there).
Nice thing about Opera is there’s a handy little clickable ‘enable sound in web pages’ that comes up when you hit the F12 button. It remains unchecked almost all the time.
Comment by Kathy K — 24 Feb, 2005 @ 06:48
I use Safari & Firefox for OSX. I have always absolutely loathed sites that imbed audio or music in their site. Its usually badly done and a pain in the rump. If this encourages people not to do this then we should send this info out to all asap.
Comment by Andrew — 24 Feb, 2005 @ 08:40