Blog spam

I don’t listen to Radio 1 very much now (not live at least, although I download a few of their podcasts) but I’m not so sure they’ve got the hang of this Facebook thing yet...

If I’m honest I’m not entirely sure why the Webbists at Radio 1 feel it’s necessary to pick an arbitrary gig to promote on Facebook: surely that’s the Kings of Leon’s responsibility? But the biggest irritant is their apparent need to notify me for every Radio 1 page I become a “fan” of.

What’s more irritating (which is Facebook’s problem) is that I can’t mark a specific update as spam. I don’t mind receiving updates Chris Moyles’ or Scott Mills’ shows as I quite like them, but I don’t want to receive the same thing three (or more) times.

It gets worse though, as both shows have had events in the past two weeks that should have, but weren’t broadcast as updates.

It’s not a big thing I know, but what is the point of having a presence on a social network you don’t understand if you’re not going to engage with it.

While checking through the UK Business Forums today I found the following post which has subsequently been deleted:

There is a gadget out there that is totally new and unique - I Love mine and could not live without it.

It is called the MiShake and you can see it at w w w.MiShake.com

It is a media player like the IPOD or Creative Zen, but better with more features and it has a motion device built in - you have to see it to believe it. The best part is that it is more cost effective than anything in its class at under £100.00. Also they have a great game on their website where one lucky winner once a month with the highest score wins a MiShake. I understand that demand for these little devices is so high you may struggle to get one - however on the website it looks like they have stock for the moment.

I think the important lesson to learn here is: if you’re going to join a forum, post a spam message bigging up a third-party product within the same day without introducing yourself, don’t set your username to the name of the company you’re promoting.

Obviously both you and I clocked it the minute we saw it - this is obviously self-promotion - but I just love the lemming-like idiocy of a person who writes “hey, have you heard of this company?” from that company’s forum account.

Never underestimate the power of stupidity.

Every so often little corners of the Web come alive to the tune of the latest security flaw to be discovered in a browser, operating system or in a recent case the entire Internet.

It’s very much in vogue at the moment to point the finger at Microsoft, who are seen as the “establishment” and without getting into a whole debate it’s worth mentioning that sometimes even what people perceive as the “good guys” get it wrong too.

Google are still widely held - albeit probably by mass consumers rather than niche social Internet users - as being a company quite incapable of evil or indeed incompetence, but it’s good to see that, like anyone else they make mistakes too.

The one I is quite a small flaw really, that means anyone with access to Google Calendars can find out the name behind an email address. This isn’t a massive problem if, like the blogger I’ve linked to suggests, you just want to find out who’s taken that mail name you were after, but if you’re a spammer this is potentially pay dirt.

One of the ways spam filters know what’s legit and what’s not is by knowing your own name; information which the spammers don’t have. But by addressing you by your full name which they can now find out through Google Calendars, they increase the likelihood of their messages being read, either because they’ve slipped through the net or because you’ve checked your Junk Mail folder and taken the messages as legit.

This vulnerability has seemingly only just been discovered, however a recent study shows a 27% rise in unwanted email actually originating from Google Mail (Gmail everywhere else but the UK).

I’m not writing this to gloat at another company’s mistake - and let’s be honest, it is just that - but as a reminder that complacency is fraud’s fuel, and if we stop looking for security holes or we assume they aren’t there because the software is open source or the company isn’t evil, is the moment someone else finds that hole and exploits it.

This is Mark Steadman, pushing your paranoia buttons in Birmingham. Now back to the studio.

I’m sure this is a sore fact for many web developers, but websites don’t always work. CAPTCHA images are often badly compiled so that meaningless symbols look like legitimate characters, or verification emails fail to reach the registrant’s inbox. As someone who likes to try out lots of different social media sites (among many others) this can become an increasing source of frustration, because web developers are making their lives easier by making users’ lives harder.

But this isn’t the problem for me: as an experienced web developer who works on big enterprise projects (thus projects that may lure in spammers, harvesters and other bots) I’m well aware that there are necessary steps that need to be taken to ensure the people using these sites are people, and not mechanical creatures of the digital underworld.

No, what really gets my goat is that when these systems fail (when CAPTCHA imags don’t validate or verification emails just don’t get sent), you’re completely locked out of that website if the webmaster has seen fit to make all contact with either him/herself or the company completely impossible.

Every site that has an element of interactivity must have a point of contact, whether it be an icky contact form or a direct email link. Don’t be swayed by the arrogance of your developer - we all think our stuff works all the time and we’re often wrong, although we’ll never admit it -and don’t disadvantage your users in order to put less strain on your spam filter: you can always upgrade your mail server, but a user who has been spurned by your site will never come back.