Subversion, Software and Security
It’s been a while since any individual virus, trojan or other Web-based nasty made the news, so you might be forgiven for thinking that perhaps the scam merchants, hackers and crackers have gone away. Not a bit of it!
As regular readers of our newsletter will know, we’ve spent quite a lot of the last few months developing other websites – as well as keeping British Expat updated, of course. Many of these new sites are run using blog software. (For those of you who don’t know, a “blog” – short for web log – is something like an online journal where the owner can hold forth on pretty well any subject that takes his or her fancy. They’ve become immensely popular; so much so that mainstream websites like the BBC, The Guardian and even the FCO now have several bloggers publishing regularly.)
One big innovation that makes the blog format so attractive is that blog sites are designed to interact with each other. So if Alice decides to write a blog entry about widgets, and discovers that Ben has already blogged about widgets, Alice can include a link to Ben’s blog entry. Her blog software sends an automatic message to Ben’s blog software, which automatically adds a link to her entry (and a brief excerpt of it) to Ben’s blog entry in return. That way, anyone interested in widgets who finds one of the two articles can find the other article more easily and thus gets more information readily to hand. These links are known as “trackbacks”. Pretty neat, eh?
Er, no. Unfortunately some unscrupulous bloggers have taken this facility and subverted it, so that they can get a free link to their site without actually writing a full article. So, for instance, Damian can spoof an article by writing a little snippet of an article and adding a link to his own site, send it off to Gabriel’s blog software, and thus get a one-way link to his own site. Needless to say, the people who use this tactic generally aren’t doing it to provide a useful service to the Web user – they’re doing it to try to make money. Of course there are ways to prevent these spammy links from appearing, but it takes time to wade through them. One of our sites, British Newspapers Online, has had well over a thousand automated link requests in the six months following its relaunch in October 2007. Guess how many of them were genuine? (Clue: you can count them on the fingers of one foot.)
It gets worse. There are many popular blog applications which can be used to run a blog. Unfortunately, the most popular ones are the ones most likely to attract efforts to defeat their security measures – in other words, “crack” them. (Contrary to popular belief, people who do this are “crackers”, not “hackers” – “hackers” are interested in rewriting programs, not breaking into websites, although the two often work together.) This means that the owners of all but the most straightforward, simple websites face an ongoing battle to keep their site software as up-to-date as possible so that “crackers” don’t exploit known flaws in the software to take over the site. The problem doesn’t just affect newbies, either – even experienced webmasters have been caught out when they’ve failed to update their software as soon as a new version has been released.
The moral? If you get an annoying message popping up on your monitor warning you that a new version of some program or other that you use is available, don’t ignore it. Check first to make sure that it’s genuine (never assume it is – there’s always the possibility that somehow you’ve picked up a virus or some other internet nasty!), then install the new version as soon as you conveniently can. It might save you a lot of hassle later on.