Link Spam

Polls are easy target for automation abuse. You can usually participate anonymously and the poll operator has an interest in drawing as many participants as possible, but as demonstrated by previous incidents such loose security enables hackers to distort the results.

This time a hacker succeeded in manipulating Time's poll for most influential people in 2009.

Twitter reports in a blog entry that 750 accounts were hacked. The hacker posted messages linking to a porn webcam. While Twitter did not disclose how the attack was carried out, the suggested remediation hints that the account passwords were guessed, probably using a brute force attack.

Insufficient Anti-Automation is fat becoming the #1 threat to web sites. Since Captcha has been proved practically useless, especially when there is a financial gain from automating access to the site, sites are pretty much defenceless against harmful automation. Techdirt's story about Craigslist losing the battle against automation tool is a very good example of this serious problem.

Read the comments, they are enlightening. As usual, one of the problem when spam is involved is defining if and what is a wrong doing and what is a  valid action. Some commenters say that Craigslist has become useless due to the spam, while others say that Craiglist is the worst censors on the Internet not letting small time businesses work. Other argue about whether this is a crime or not. 132 comments, and they keep coming 8 months after the article has been published.

In an incident very similar to the Al Gore Hack, the personal blog of IT journalist Tim Anderson was also hacked. Unlike Mr. Gore, Tim discusses the breach and its origins.

Additional information:

• The day my web site was hacked [IT Week, Dec 17 2007]

Whether comment spam by itself is an application failure or a necessary evil for site allowing rich comments is an open question. However it is reported that in this case vulnerability in WordPress allowed the spammers to actually penetrate the site and modify pages and not just abuse comments.

Additional information: