Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission Summary: 0 pending, 2 declined, 1 accepted (3 total, 33.33% accepted)

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


+ - Several Link Spam Architectures Revealed->

Submitted by workie
workie (1754464) writes "Using data derived from website infections, RescueTheWeb.org has found several interesting link spam architectures. One architecture is where concentric layers of hijacked websites are used to increase the page rank and breadth of reach (within search engine search results) of scam sites. The outer layers link to the inner layers, eventually linking to a site that redirects the user to the scam site. Another architecture involves hijacked sites that redirect the user to fake copies of Google, having the appearance that the visitor is still within Google, but in reality they are on a Google look alike that contains only nefarious links."
Link to Original Source

+ - Survey of 58K PHP sites: 80% highly vulnerable->

Submitted by workie
workie (1754464) writes "Comparing the PHP version used by 58,000 PHP websites to the public vulnerability data at the National Vulnerability Database (NVD) reveals that 80% of the surveyed websites have the worst possible Common Vulnerability Scoring System (CVSS) score of 10. PHP utilization data shows that website owners are not upgrading their software packages once they initially setup their website. Further data shows that nearly all versions of PHP (as well as most other software systems) are vulnerable. If all software has vulnerabilities (and it appears that they do), and no one (website owners and maintainers) are updating their software once they install it (which this data implies), then the result is that all websites that are more than one release cycle old are vulnerable."
Link to Original Source

+ - Watchdog group tells you if your website is hacked->

Submitted by workie
workie (1754464) writes "The health of the Web ecosystem depends on all it's participating websites. Yet, with the high number of website application insecurities (http://www.scmagazineus.com/web-apps-account-for-80-percent-of-internet-vulnerabilities/article/129027/) and the increase in website hacking (http://www.darkreading.com/document.asp?doc_id=148143&WT.svl=news1_2, http://www.guardian.co.uk/world/2008/nov/20/america-china-hacking-security-obama, and http://www.breach.com/resources/whitepapers/downloads/WP_TheWebHackingIncidents-2009.pdf), how could an average website owner know if their website is helping or hurting their customers and the Internet as a whole? Now a new non-profit entity (http://www.rescuetheweb.org/) has formed to find websites that have already been hacked, are leaking information, or are using highly vulnerable software. The entity then notifies the website owner and asks them to upgrade their website to more secure software or remove the leaked information."
Link to Original Source

Computers will not be perfected until they can compute how much more than the estimate the job will cost.