Monthly Archives: July 2011

OneSheet Exploits (How to Edit Any Band’s OneSheet and/or Use XSS)

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , , , , 2 Comments

WarningIMPORTANT: DANGER! DANGER! DANGER! Proceed with reading this article and/or partaking in any action on OneSheet with extreme caution. I highly recommend that you DO NOT visit OneSheet.com directly. By the time you read this someone else may have already used this information to create a OneSheet JavaScript worm. YOU HAVE BEEN WARNED!

So, remember that OneSheet site all the bloggers have been talking about (it’s basically a site for Bands to aggregate all their social media into one page and then add a background or bio for a little extra flavor)? Since those articles were written they’ve amassed over 1000 followers on Twitter. Well, I tried it out and the security is completely piss poor. Any respectable band that does not want their reputation tarnished should absolutely stay away from this site until they fix the glaring security holes. Continue reading to see why this site’s security is ridiculous.

Continue reading

Xanga Cross Domain Redirection Exploit

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , Leave a comment

WarningAnd while I’m on the subject of security, I thought I’d point out the silly cross domain redirect exploit that exists on Xanga. This exploit has existed for quite a long time–dare I say, years?–but I don’t actually use Xanga so I’ve never bothered with it.

Continue reading

Google Analytics for WordPress 4.1.2 XSS Exploit

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , Leave a comment

WarningOne of my hobbies is to verify the security and integrity of various software platforms and websites that I use day-to-day. Sometimes I spot some glaring insecurities, other times I don’t. Recently I discovered some cross-site scripting (XSS) exploits in the Google Analytics for WordPress plugin (version 4.1.2). Apparently some others noticed this as well and it was reported to the author who subsequently fixed the issue in the next revision (4.1.3). Now that all the responsible administrators have updated their websites–if you haven’t, please update immediately–I thought I’d explain how the exploit works.

Continue reading

Google Launches Page Speed Service, Wants to Rewrite Your Webpages to Make Your Pages Load Up To 60% Faster

Posted on by Posted in News, Performance Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

GoogleIt’s not a joke. Google just launched their new Page Speed Service and according to their tests the average performance improvement is between 25% and 60%!

Page Speed Service (Tech Blog is Tech)
(click to enlarge)

Continue reading

How to clean up a hacked site (or how to restore your place in Google’s web results)

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Leave a comment

Help, Google says my website is infected! The ominous “Reported Attack Page!” and “Something’s Not Right Here” are phrases every webmaster dreads to see. Unfortunately cleaning up a hacked site can be a nightmare for webmasters, but in this article we’ll tackle the steps you can take to remedy the problem and get your site back into Google’s favor. If you’re seeing one of the below images, continue reading to understand where to go from here.

Firefox Malware Warning

Chrome Malware Warning

In a hurry? If you have no time to spare, just contact Sucuri Security for instant help resolving your problems.

Continue reading

Scanning your websites for malware? Here are 5 free tools that can help!

Posted on by Posted in Security Tagged , , , , , , , , , , , , , , , , , , , , , , Leave a comment

Whether you’re a webmaster whose site has been flagged by Google or just a curious and careful internet browser, you may need some help in identifying potential threats on the web. Here are some useful tools I’ve used to help identify threats and a few ways to report threats to protect other users as well.

Footnote: Has Google flagged you as a “reported attack site”? Check out my guide on hacked sites to clean up your site and get back in business with Google! In a hurry? If you have no time to spare, just contact Sucuri Security for instant help resolving your problems.

Continue reading

Google Search Now Warning Users of Malware-infected PCs

Posted on by Posted in Security Tagged , , , , , , , , Leave a comment

GoogleGoogle has been fighting against malware-infected sites for a long time with Google Safe Browsing. More recently however, Google has started alerting users of malware-infected PCs!

After noticing “unusual search traffic while performing routine maintenance on one of [their] data centers, engineers at Google worked with security researchers and concluded “that the computers exhibiting this behavior were infected with a particular strain of malicious software.” After making this discovery they decided to fight back by putting a notification on any Google search made from an infected PC.

Google Malware Notification

Google’s Damian Menscher writes, “[w]e hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections.”  Whether or not this will become a regular practice at Google for newer strains of malware is unknown.  Technical limitations could also prevent Google from recognizing some forms of malware without requiring the user to install a plugin or use a web applet (which would be unconventional for traditional search).  Only time will tell.

Click here to perform a Google search and ensure you’re not infected (Windows OS only, Mac/Linux users are not affected).

Get the full details at The Official Google Blog.

OS X Lion Will Debut on the Mac App Store Tomorrow!

Posted on by Posted in News Tagged , , , , , , Leave a comment

Mac OS X LionWhat a day for Apple and their fans!  First the Google+ app hits the iPhone app store, then Apple announces record-breaking sales during Q3 2011, and then during this announcement CFO Peter Oppenheimer says that OS X Lion will hit the Mac App Store July 20th for $29.99!  And if that isn’t ringing clear enough, that’s TOMORROW!  The latest release will include 250 new features, including plenty of changes to make it look and feel more like iOS.  If this all sounds good, you can visit the Mac OS X homepage to learn more about Lion or check out the hands-on preview over at Engadget.

Mac OS X Lion

Google Plus for iPhone Released!

Posted on by Posted in Mobile, Social Tagged , , , , , , , , , , , , , , , , , , Leave a comment

iPhoneiPhone users: your time has arrived! The Google+ app is now available in the app store! If you’re mobile browsing right now, you can click here to go straight to the download page. This makes the iPhone the second mobile device capable of running the G+ app, behind Google’s very own Android. The news was first leaked by Google employee Vic Gundotra and the first screenshots are available below.

Google Plus on iPhone 1Google Plus on iPhone 2

The features available for iPhone match those available for Android devices and include the group messaging Huddle capability. For a closer look at what the mobile app can do, take a look at the video below.

Google Plus Tips

Posted on by Posted in Social Tagged , , , , , , , , , , Leave a comment

Gplus IconIt’s only been a short time since the launch of Google Plus (Google+/g+) on June 28th, but it’s already amassed a substantial amount of users. Several publications are speculating that it will reach 20 million users this coming week! With so much excitement about this latest service from Google I thought I’d take a moment to share some cool thing I’ve seen floating around the web. Rather than reinvent the wheel I’ll just point you to the original authors where necessary. :)

If you don’t need any tips or tricks, why not visit Awesome Blog is Awesome to read some Google Plus Comics!

Continue reading