StopBadware.org RSS
Regaining Control of Our Computers
 
Home About Us Our Reports Clearinghouse Fight Back About Badware FAQ Security Tips Blog

Happy Halloween from StopBadware

Posted by Erica George Wed, 31 Oct 2007 16:07:00 GMT

For some Halloween fun, check out InfoWorld reporter Matt Hines’ blog post today on geeky “costume” ideas for the hackers, coders, and badware-fighters in your life. Matt also shares some costume ideas from F-Secure of ways badware programs themselves have dressed up for a little Halloween trick-or-treat – with the emphasis on trick!

Posted in

StopBadware hosts Spyware Roundtable in DC

Posted by Erica George Tue, 30 Oct 2007 22:00:00 GMT

Yesterday, StopBadware hosted a Spyware Roundtable conversation in Washington, DC, gathering leaders in spyware research and policy to discuss emerging trends and potential remedies to badware threats.

With Federal Trade Commissioner Jon Leibowitz in attendance, much of the conversation centered on ways policy and legislation could better help the FTC keep spyware purveyors at bay. The FTC favors legislative solutions that would enable it to fine spyware purveyors.

The Roundtable was chaired by StopBadware co-director John Palfrey, Center for Democracy & Technology deputy director Ari Schwartz, and Ron Teixeira of the National Cyber Security Alliance in celebration of October as National Cyber Security Awareness Month.

You can read more about the Roundtable discussion at PC World and at CNet News.

Posted in  | Tags , , , , , ,

Congratulations, Cookie Crumbles Finalists!

Posted by Erica George Mon, 29 Oct 2007 21:31:00 GMT

The cameras have been put away, the frenzied video editing is complete, and out of 24 official entries, the five finalists for the Cookie Crumbles contest have been chosen.

The contest challenged video creators to explain what web cookies are and to explore their privacy implications in quick 2-minute videos, which were then posted to our YouTube group. We received some fantastic entries, from the serious to the hilarious, all of them creative. Our friends at Consumer Reports WebWatch then had the difficult task of narrowing the field to only five finalists.

The final five videos are:

“Cookies 101” by munkeefunkee
“Cookies” by clay10mograf
“What is a Cookie?” by AlaskaRobotics
“Got Cookies?” by Jschaack
“What’s A Cookie With Mari?” by madamelevy

The five finalists will travel to Washington, DC at the end of this week, where their videos will be presented as part of the United States Federal Trade Commission’s Town Hall workshop entitled “Ehavioral Advertising: Tracking, Targeting, and Technology.” At the workshop, a panel of judges will also choose one video creator to receive the contest’s $5,000 grand prize.

We’d like to extend a huge thank-you to everyone who participated in the contest! There were inevitably more excellent videos than we could choose, so we encourage you to take a look at all the videos in the YouTube group. You’re certain to laugh, and hopefully also to learn.

Posted in

Is your website at risk? Probably.

Posted by Liana Leahy Fri, 19 Oct 2007 17:02:00 GMT

This week Matt Hines and Victor Garza quoted a study from WhiteHat Security which stated that 90 percent of all sites one the web are at risk for being hacked. If that’s true, it would certainly help explain what StopBadware has found this year.

The majority of sites in our clearinghouse tend to be website owners of small businesses who have limited resources to devote to their online presence. Subsequently, we find that their sites have been hacked due to simple neglect issues such as outdated software, missing security patches and even weak passwords.

WhiteHat believes that vulnerability to cross-site scripting (XSS) hacks is the leading problem, through which attackers place malicious code on legitimate sites to trick end users into handing over their personal information or passwords.

Stopbadware will agree that the majority of hacks tend to be iframe and javascript code injected into website pages.

How secure is your site? Check our Security Tips.

Posted in  | Tags , , , ,

Cookie contest deadline extended

Posted by Erica George Tue, 16 Oct 2007 21:25:00 GMT

The Cookie Crumbles contest deadline has been extended! The contest to make a short YouTube video that explains web cookies to average internet users will now remain open to 11:59 pm Pacific time on Sunday, October 21. If you’ve been thinking about entering but just haven’t been sure, let this – and the $5,000 grand prize – be your incentive!

Posted in  | Tags , ,

Guest post: BadMal on "Man-in-the-Middle Exploits; what they are and how to STOP them"

Posted by Erica George Tue, 16 Oct 2007 20:40:00 GMT

StopBadware volunteer BadMal has been tracking a type of exploit that can affect sites on shared hosting services, and helping users in StopBadware’s discussion group learn about keeping their sites and computers clean. He graciously offered to share his analysis and advice here. (Please note that guest blog posts are independently written by members of our community, and do not represent official positions of StopBadware.org.)

“Man-in-the-Middle Exploits; what they are and how to STOP them” by BadMal

Most of us defend our PCs, websites and servers with an increasing variety of “anti” tools; however it is equally important to understand how or where an assault comes from. So when personally considering your own PC or Internet security this takes a proactive offensive view “I can do something to STOP…” rather than a passive “hiding in the bunker ” defensive position. The best form of defense is offence?

The main route for many web site hacks, defacement, and denial of service (DDoS) attacks is Man-in-the-Middle (MITM) exploits. It is a very easy concept to understand for all of us; consider an unknown person is able to read, insert and modify at will, messages between two parties without either party knowing that the link between them has been compromised. It has a very techie background for those who want to know more – check out Wikipedia for the background or definitions. Here I will solely deal with a pragmatic approach of what you can do to STOP any MTIM.

Firstly a healthy element of paranoia helps, consider from the PC you are reading this article with, what possible connections are there? Home or office network, local ISP, regional backbone routers, international re-routers, DNS servers, server farms, ad networks, web site host, and finally the web site, MITM could be lurking inside anyone of these connections, points or nodes, and as we know so well at StopBadware, within a script on a web site. Worried? Don’t be; just assume the MITM is there, you have the all the solutions at hand and mostly free. The answer is in the technical background “cryptography”, i.e. encryption, passwords, Chmod (website file permissions), and CAPTCHA (establishing the user is a human). Action checklist for all:

Email: use a digital ID or certificate (low cost), PGP encryption (pretty good privacy – free), and as a surprise for sensitive email I now use and recommend Gmail with HTTPS, less connections! All this STOPS any MITM from being able to read your emails.

Web Surfing: Only access online shops or other personal ID sensitive areas where there is HTTPS (SLL), look at the web address, use secure and change your passwords regularly. If you really want to be in control use Firefox with added extras e.g. No-Script (STOPS any script, unless you say OK), Key Scrambler (encrypts any login or password entry STOPS keyloggers), set your privacy options not to accept any cookie (STOPS unwanted and bad cookies from being stored on your PC), even consider using PHproxy (this STOPS a web site from even gaining your real IP address).

Webmasters: Only use FTPS to transfer files between your web site and the PC (this STOPS any MITM from intercepting data), use Chmod to restrict access to files, encrypt file directories where you can, apply different passwords to access cPanel, phpMyAdmin, use CAPTCHA for user logins and apply SSL for user data areas (these actions STOP any MTIM from gaining access to your files.

Blocking: Probably the best offensive action you can take, think of it like this “your PC is your home your website is your shop, club, bar, you have the total right to bar entrance to hooligans or thieves”. It is much easier to refuse entrance than to try and throw the unwanted visitor out. For example use OpenDNS on your router it is free, automatically STOPS phishing sites and many other blocking options. Use banning lists on cPanel, ban spammers on your forum, or ask your host for help.

Finally refuse to be a victim and hide in the bunker, STOP the MTIM you actually have all the tools at hand. But…. what if a MITM is already hiding inside before you go on the offensive? Check and clean your PC of any BadWare; for the webmaster does your webhost also host any bad guys? Easy to determine, check the latest block lists on the web.

- BadMal

Thanks, BadMal! StopBadware welcomes guest post ideas from members of our volunteer community. If there’s an issue in badware-fighting that you’d like to help us highlight here, contact us!

Posted in  | Tags , , , , ,

Announcing the Cookie Crumbles Contest!

Posted by Erica George Tue, 09 Oct 2007 19:54:00 GMT

StopBadware and our parent organization, the Berkman Center for Internet & Society at Harvard Law School, are hosting an online video contest to help explain web cookies to average internet users.

Help answer these common cookies questions:

  • What is a cookie?
  • How do cookies work?
  • How can cookies be used?
  • How is the data from cookies used with data collected in other ways, including from third parties?
  • How can cookies be misused?
  • What options does a user have to manage cookies and their use?

The top few submissions, as determined by a combination of YouTube viewers and Berkman Center staff, will earn their creators a trip to Washington, D.C., where their videos will be aired and discussed at the United States Federal Trade Commission’s November 1-2 Town Hall workshop entitled “Ehavioral Advertising: Tracking, Targeting, and Technology.” Several prizes will be awarded, including one grand prize of $5,000. The contest will run until October 20, 2007.

How do you enter? Just create a short video explaining cookies, upload it to YouTube and submit it to our YouTube group, and then officially enter the contest through our submissions form. Of course, be sure to read all the official rules and guidelines first!

More info about the contest is here.

Posted in  | Tags , ,

"Trends" report encourages caution; users need not panic

Posted by Maxim Weinstein Wed, 03 Oct 2007 12:45:00 GMT

Our “Trends in Badware 2007” report, released yesterday, has been picked up in a variety of blogs and news articles.

Reading through some of the coverage, a web user or site owner could be tempted to panic. After all, if one of the messages is that even legitimate sites and ad networks can be sources of badware, isn’t the web itself becoming less safe?

Not really. What we have seen is just the latest shift in how attackers do their dirty work, and the Internet community is adjusting quickly, as it typically does. Search engines, browser companies, security vendors, volunteers, StopBadware, and other organizations have taken steps—from identifying and blocking access to infected sites to spreading the word about how to protect your PC or your web site—to minimize the threats and keep the Internet safe.

Mass e-mail worms, floppy disk-borne viruses… new threats are developed, new ways of addressing them are created, and soon they become threats of the past, just as the current threats will. The Internet has shown the potential to be a self-correcting system, and we here at StopBadware aim to ensure it stays that way.

Tags , , ,

"Trends in Badware 2007" released

Posted by Erica George Tue, 02 Oct 2007 13:56:00 GMT

StopBadware is proud to release our 2007 update on the state of badware on the web – “Trends in Badware 2007: What internet users need to know.” The short report is a plain-English explanation of badware threats to user privacy and security, based on our research over the past year. It explains online security issues such as compromised websites, social networking scams, and other badware trends that pose significant risk to the average internet user.

For many visitors to StopBadware.org, threats such as legitimate websites that have been hacked to distribute badware may not be news. We’re hoping our security-conscious visitors will help us spread the word to those who aren’t yet aware of the dangers. “Trends in Badware” is written with nontechnical internet users in mind – folks who love using the internet, but who may not yet have learned about newer badware threats.

As StopBadware’s co-director John Palfrey says in our press release, “Now, users can get infected by simply browsing a reputable website or clicking on links posted to their favorite blogs or social networks. We want to make sure that consumers have up-to-date information on emerging trends so they know what to look for when online.”

StopBadware’s mission is to help educate consumers and average internet users about badware, and to help the community fight back. We hope that “Trends in Badware 2007” can help clear the fog around online dangers and empower ordinary internet users to take charge of their computers’ security.

You can download “Trends in Badware 2007” here.

Posted in ,  | Tags , , ,

 

Contact Us   |   Privacy Policy

Consumer Reports WebWatch is not receiving any corporate support for its participation in this program.

Copyright © 2006 - All content for this site is under a Creative Commons license