Wednesday, February 23, 2005
Spyware Sneaks In Through Blogging Software

CNet reports: Spyware infiltrates blogs:
    Hackers are using blogs to infect computers with spyware, exposing serious security flaws in self-publishing tools used by millions of people on the Web.

    The problem involves the use of JavaScript and ActiveX, two common methods used to launch programs on a Web page. Security experts said malicious programmers can use JavaScript and ActiveX to automatically deliver spyware from a blog to people who visit the site with a vulnerable Web browser.

    Spyware tools also have been hidden inside JavaScript programs that are offered freely on the Web for bloggers to use to enhance their sites with new features such as music. As a result, bloggers who use infected tools could unwittingly turn their sites into a delivery platform for spyware.
Well, when you're not technical and you're cutting and pasting code from unknown Web sites into your blog templates, you're assuming that the code's author hasn't put a little something extra in it.

This is not new; remember when I uncovered that Bravenet counters were delivering pop-up ads when used on blogs?

No? My moment in the investigative sun, and there was a solar eclipse that day.

To say Noggle, one first must be able to say the "Nah."