workie writes: Using data derived from website infections, RescueTheWeb.org has found several interesting link spam architectures. One architecture is where concentric layers of hijacked websites are used to increase the page rank and breadth of reach (within search engine search results) of scam sites. The outer layers link to the inner layers, eventually linking to a site that redirects the user to the scam site. Another architecture involves hijacked sites that redirect the user to fake copies of Google, having the appearance that the visitor is still within Google, but in reality they are on a Google look alike that contains only nefarious links.
workie writes: Comparing the PHP version used by 58,000 PHP websites to the public vulnerability data at the National Vulnerability Database (NVD) reveals that 80% of the surveyed websites have the worst possible Common Vulnerability Scoring System (CVSS) score of 10. PHP utilization data shows that website owners are not upgrading their software packages once they initially setup their website. Further data shows that nearly all versions of PHP (as well as most other software systems) are vulnerable. If all software has vulnerabilities (and it appears that they do), and no one (website owners and maintainers) are updating their software once they install it (which this data implies), then the result is that all websites that are more than one release cycle old are vulnerable.
workie writes: The health of the Web ecosystem depends on all it's participating websites. Yet, with the high number of website application insecurities (http://www.scmagazineus.com/web-apps-account-for-80-percent-of-internet-vulnerabilities/article/129027/) and the increase in website hacking (http://www.darkreading.com/document.asp?doc_id=148143&WT.svl=news1_2, http://www.guardian.co.uk/world/2008/nov/20/america-china-hacking-security-obama, and http://www.breach.com/resources/whitepapers/downloads/WP_TheWebHackingIncidents-2009.pdf), how could an average website owner know if their website is helping or hurting their customers and the Internet as a whole? Now a new non-profit entity (http://www.rescuetheweb.org/) has formed to find websites that have already been hacked, are leaking information, or are using highly vulnerable software. The entity then notifies the website owner and asks them to upgrade their website to more secure software or remove the leaked information.