Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

To prevent such attacks, Cutts recommended that anyone running her own website regularly patch the Web server and any software running on it. “In the same way that you wouldn’t browse the Web with an unpatched copy of Internet Explorer, you shouldn’t run a website with an unpatched or old version of WordPress, cPanel, Joomla, or Drupal,” said Cutts. He also suggested that users hand over management of Web software. “Using a cloud-based service where the server software is managed by someone else can often be more secure,” he said.

During his talk, Cutts also explained that Google’s efforts to identify dubious Web sites now include parsing the JavaScript code that underlies pages. Code may contain hidden instructions that record users’ data, for example.

“It wasn’t obvious to me that Google can do this,” says Endeca’s Tunkelang. “And apparently some spammers were saying that Google can’t do that.”

Cutts noted that spammers and hackers are also finding new ways to spam, with the rise of social networking sites like Facebook and Twitter. These sites “bring identity into the equation, but don’t really have checks to verify that a profile or person sending you a message is who you think they are,” said Cutts.

“Authentication [across the Web] would be really nice,” says Tunkelang. “The anonymity of the Internet, as valuable as it is, is also the source of many of these ills.” Having to register an e-mail before you can comment on a blog is a step in this direction, he says, as is Twitter’s recent addition of a “verified” label next to profiles it has authenticated.

Danah Boyd, a Microsoft Research scholar who studies social media, suggests that spammers take advantage of the fact that people don’t always adhere to the rules on social-networking sites–for example, they sometimes provide fake information about themselves. “The variability of average users is precisely what spammers rely on when trying to trick the system,” says Boyd. “All users are repurposing systems to meet their needs, and the game of the spammer keeps changing. That makes the work that Matt does very hard but also very interesting.”

6 comments. Share your thoughts »

Credit: Technology Review

Tagged: Web, Google, security, hackers, spam, cross-site scripting

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me