It has been a while since the last Tweet Week. The main reason is I don’t tweet that often now to post my tweets every week and I don’t want to post old news here either.

So what happened? The answer is I can’t get used to Twitter web interface – it is so inconvenient. I had to use it when I had some strange problems with my Twitter client (twhirl). Thank’s god, I’ve finally made my twhirl work so I hope I will be able to tweet more often.

Anyway, here are some of the latest tweets.

November 15, 2011

[h-online] Joomla! updates close security holes – attackers can change Joomla passwords. Upgrade ASAP

[seoarmada com au] Webmaster’s story about how the recent WordPress attack affected his four sites

November 9, 2011

Unmask Parasites is on Google+ now — I’ll post things that are too long for Twitter and too short for blog

November 3, 2011

[TheRegister] Thousands of WordPress sites commandeered by Black Hole — not sure why it mentions my older article (G+)

November 2, 2011

Google will selectively crawl resources behind POST requests

October 31, 2011

RT @stopbadware: In May, @unmaskparasites discussed canonical hacks on our blog. Google announces protection today.

October 30, 2011

Mozilla updated my “Readable SafeBrowsing” extension to v0.2.5. — if you use FireFox and read SafeBrowsing diagnistic pages

October 26, 2011

[h-online] MyBB downloads were infected — download package for MyBB v1.6.4 contained a backdoor

October 21, 2011

[armorize] “jighui /urchin.js” script injection on ASP.NET sites. — Did hackers confused Breton with Brazilian?

If you want more real-time experience, you can follow @UnmaskParasites on Twitter or circle Unmask Parasites on Google +.

Related posts:

• Previous Tweet Weeks

August 22, 2011

RT @stopbadware: Q&A: @maximweinstein on We Stop Badware™ Web Host program: how responsible hosting providers can fight badware

August 23, 2011

[wordpress.org] two forum threads about the counter-wordpress attack 1 & 2 — timthumb again

[cio.com.au] Security and Google Apps — An interview with Google Enterprise director of security, Eran Feigenbaum

RT @stopbadware: Request for comments: public draft of new best practices for reporting badware URLs Please RT!

August 24, 2011

[sucuri.net] Mass infection of WordPress sites (counter-wordpress .com) via @sucuri_security

[blog.cnizz.com] Evil Hackers from Outerspace — finding and removing malware – webmaster’s story

@sucuri_security’s take on the @WooThemes / timthumb / googlesafebrowsing attack

August 25, 2011

Google Safe Browsing now flags GoogleSafeBrowsing .com and the company, incl. hacked sites. How to deal with warnings

August 26, 2011

RT @mattcutts: Scrapers getting you down? Tell us about blog scrapers you see We need datapoints for testing

August 27, 2011

The kwizhveo timthumb attack (GoogleSafeBrowsing com) now uses “statcounter . com” domain. WTF? Do they want Google to flag the innocent?

Screenshot of the hidden “statcounter .com” kwizhveo.php iframe in an Unmask Parasites report of an infected blog.

August 28, 2011

[h-online.com] phpMyAdmin updates close XSS hole

[h-online.com] Tool causes Apache web server to freeze – Update and “Rewrite” workaround

[cnet.com] How to check if a Web site is safe

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

August 8, 2011

[markmaunder.com] WordThumb is now TimThumb 2.0 — please upgrade if your WordPress theme/plugin uses old timthumb.php

August 9, 2011

[theregister.co.uk] Mass WordPress hijack poisons Google Image well — based on my Friday’s post

RT @threatpost: Hacked Wordpress Blogs Used to Poison Google Image Search

August 10, 2011

update on the “ciscotred .cz .cc” attack — new redirect destination and connection with “.bee .pl” attacks

If you only knew how many websites of small hosting providers are hacked! And I mean their own sites, not their clients’ sites…

update on the hacked WP blogs  1. Google removed doorways from index, 2. there are cloaked links in legitimate pages

August 15, 2011

[wpmu.org] What Lurks in the WordPress Plugin Repository? — via @SiobhanPMcKeown

Google PageRank 5 for a new domain in six months? Easy! – analysis of SEO progress of a poker site (black hat)

August 16, 2011

RT @stopbadware: StopBadware debuts We Stop Badware™ Web Host program for hosting providers committed to protecting users from badware

RT @teamcymru using botnets to search for 80k ‘Google Dorks’ to streamline hacker target selection

August 17, 2011

[lightbluetouchpaper.org] Measuring Search-Redirection Attacks in the Illicit Online Prescription Drug Trade

RT @stopbadware: Please help @sans_isc with a survey about the most dangerous (in terms of vulnerabilities/exploits) web platforms

RT @threatpost: New version of Firefox fixes 10 vulns, several of them critical flaws that could allow remote code execution.

[h-online.com] Rapid relief for osCommerce administrators — hardening outdated osCommerce sites

August 18, 2011

[Google Online Security] Four Years of Web Malware — analysis of Safe Browsing data

[armorize.com] k985ytv mass compromise ongoing, spreads fake antivirus — Windows version dependent scareware sites

August 19, 2011

Owners of WordPress blogs: check the series of articles about timthumb-related malware attacks on Sucuri blog 

RT @Xylit0l: MalwareIntelligence Black Hole Exploits Kit 1.1.0 Inside  [english] [Spanish]

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

July 25, 2011

Added the +1 button to http://www.UnmaskParasites.com/ – let’s see how it works

[h-online.com] phpMyAdmin updates close critical security holes — Upgrade! phpMyAdmin hacks lead to server-wide problems

RT @StopBadware: RT @DarkReading: Websites on average are attacked once every two minutes, new @Imperva study finds

July 29, 2011

[abuse.ch] How Criminals Defend Their Rogue Networks — FastFluxing, DGA, custom DNS

RT @spolsky: This wild story about a deeply incompetent security auditor has over 100,000 views already:

[serverfault.com] Our security auditor is an idiot, how do I give him the information he wants? — must read

August 1, 2011

[hostexploit.com] Implement Mitigation Strategies to Stop Cyber Intrusions — top 4 strategies prevent 85% intrusions

August 2, 2011

[journeyintoir.blogspot.com] Google the Security Incident Detector — using Google to find security issues on your site

August 3, 2011

Fake antivirus industry down, but not out. via @briankrebs . That’s a milestone!

[markmaunder.com] Zero Day Vulnerability in many WordPress Themes — buggy timthumb.php + follow up

RT @stopbadware: New insights on web hosting provider liability for malicious content

August 5, 2011

“Google just released the biggest refresh of their spam report form in, oh, say 10 years”  via @mattcutts

August 6, 2011

[armorize.com] willysy.com Mass Injection ongoing, over 6 million infected pages, targets osCommerce sites — osC holes

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

July 18, 2011

Python errors on a WordPress sites? Nonsense? No – a sign of a hack — via @sucuri_security

July 20, 2011

RT @mattcutts: Important: we’ve detected some specific malware. Go to google.com to see if you have it Please RT!

[google] G.CO, the official URL shortcut for Google websites — URL shortened by Google linking to Google’s own pages

Details about the Google’s “Your computer appears to be infected” warning via @briankrebs

July 21, 2011

RT @mattcutts: We updated the Google blog post about our malware notice:  Looks like it spread via fake antivirus pages.

July 22, 2011

[h-online.com] Joomla! 1.7 brings new update mechanism — finally one-click update! Will it work with customized sites?

July 23, 2011

[G+] Follow up on the yesterday’s post about “tattoo” spam in Google Image search

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

July 11, 2011

[searchengineland.com] Yahoo Shutting Down Site Explorer This Year — any other public tool for back link research?

[pressography.com] comment about some major hosting providers that are not ready for WordPress 3.2

July 12, 2011

Some sections of Avira’s basic guidelines provide good overview of prevalent threats. E.g. search results poisoning

[seozen.com] How to submit a compelling reconsideration request — dealing with spam and malware issues [Google]

July 13, 2011

RT @wordpress: WordPress 3.2.1 is now available. — maintenance release. No security fixes mentioned…

If you use @WordPress consider taking a short WordPress 2011 survey

July 14, 2011

Apparently, all CO.TV sites have also been removed from Google http://www.google.com/search?q=site%3Aco.tv

[h-online.com] Fresh PuTTY — v0.61 finally supports Windows 7 and SSH-2 authentication

In mid September, I will be in SF Bay area and, probably, in NY. Planning the trip. Anyone interested in meeting me? (you can contact me here)

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

July 4, 2011

RT @wordpress: Are you ready for WordPress 3.2? Better check! — new minimum requirements

July 5, 2011

[sucuri.net] WordPress 3.2 and PHP support – Security effect — 15% of WP blogs won’t be able to upgrade to v3.2

[h-online.com] Vsftpd backdoor discovered in source code — do your servers use recently installed vsftpd?

[h-online.com] Joomla! 1.6 update closes security holes — v1.6.4 closes 4 security holes. Update time!

RT @wordpress: Introducing WordPress 3.2, Gershwin — check new sys requirement before upgrading: PHP 5.2.4 mySql 5

July 6, 2011

[h-online.com] phpMyAdmin updates patch critical holes — that’s serious. I constantly see attacks against phpMyAdmin

RT @gcluley: Unpatched WordPress blogs rife with malware… — Sophos’ take on new WP minimum sys requirements

July 8, 2011

Yesterday’s reddit discussion with Google Images team — many comments about malware as a serious issue in Image search

July 9, 2011

RT @stopbadware: RT @GFILabs: Interested in getting porn and malware? Go to the Microsoft Safety and Security Center!

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

June 29, 2011

[reddit.com] Don’t trust Google Image Search — PC infection via poisoned Google image search results.

[milestone] This is my tweet #1000! Thanks to all followers who care about things that I write here!

Google reserves the right to take action on an entire freehost if it has a very large fraction of spam — via @mattcutts

[wordpress.org] WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions.

Update on why malicious domains point to Google’s IP address – any other ideas?

June 30, 2011

[wpmu.org] @SiobhanPMcKeown interviewed me about new minimal system requirements in WordPress 3.2 (security-wise)

July 1, 2011

[anniversary] 3 years ago today, I released the first public version of Unmask Parasites

RT @stopbadware: Google removes co. cc from search results — UNI .CC and CZ .CC are still in search results

RT @Jindroush: @unmaskparasites @stopbadware Also co.be got killed.

[technologyreview.com] The Perfect Scam — very comprehensive article about fake antiviruses. (It quotes my estimate on the number of poisoned Google Image search results)

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

June 15, 2011

All sites on UNI.CC have been blocked by Google — free domain names come at a price

June 16, 2011

Google has unblocked the UNI.CC as well as CZ.CC, which was also blacklisted yesterday

[sucuri.net] Blackhat SPAM SEO From Joomlapoject.net – Targeting Joomla — I can see cloaked spam on affected sites now

RT @stopbadware: @unmaskparasites Looks like cz. cc re-blocked

June 21, 2011

WordPress 3.2-RC1 requires PHP 5.2.4+. Many servers that still use #PHP v4 and <5.2.4 will be incompatible with new versions of @WordPress.

I anticipate even more outdated WordPress blogs because of the PHP 5.2.4+ requirement.

RT @gcluley: Security screw-up at Dropbox allows anyone to login as you – so check your files now!

@danielcid I wonder if WP auto-upgdate tool will warn that a server may be incompatible with the new version

RT @mattcutts: We’re alerting WordPress owners to out-of-date installs: Sign up 4 email alerts in our webmaster console!

June 23, 2011

[wordpress.org] Recently updated AddThis, WPtouch and W3 Total Cache plugins might have backdoors.

June 24, 2011

Protecting users from malware hosted on bulk subdomain services — the answer why CZ.CC and UNI.CC were blacklisted

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks

May 30, 2011

#GoogleImagePoisoning update: new malicious domain eozljijd .co.cc (not blacklisted yet) and new img URL pattern

May 31, 2011

RT @gcluley: See how scareware criminals disguise their latest attacks as a Firefox malware warning

[threatstop.com] IP Reputation to Reduce the Risk of Being Hacked

June 2, 2011

RT @threatpost: (#Mac Market Share)x(#Google Images SEO Poisoning)=Gold Rush video with @mikkohypponen & @FSLabsAdvisor

VirusTotal Faceoff: FakeAV Mac vs PC (this hour downloads) — PC wins: only 3 detections

Only Sophos and F-Secure detected both Mac and PC fakeAV (see my previous tweet)

June 7, 2011

Ready for the World IPv6 Day, June 8? http://ipv6test.google.com/

Mozilla has finally approved my “Readable SafeBrowsing” add-on for Firefox 4+. You can get it here: https://addons.mozilla.org/en-US/firefox/addon/readable-safebrowsing/

June 10, 2011

[securelist.com] Dangerous whitespaces — rogue CoreLibrariesHandler() function uses whitespaces as a cipher

June 12, 2011

RT @stopbadware: StopBadware happily announces the public debut of our first State of #Badware report!

If you want more real-time experience, you can follow @UnmaskParasites on Twitter.

Related posts:

• Previous Tweet Weeks