incrediBILL - 1:04 pm on May 16, 2011 (gmt 0)
@mattcutts tweeted about it so it's really happening:
A recent spam trend is hacking websites to insert rel=canonical pointing to hacker's site. If U suspect hacking, check 4 it.
Allowing cross-domain canonical is just stupid IMO, what PhD didn't see this exploit coming?
If you allow it, it should be between registered domains in the same Google account only pretty much solves the problem.
Besides, the hacker could just as easily 301 redirect your pages elsewhere, other things they can do, this is just less obvious.