Posted by Maxim Weinstein
Thu, 29 Nov 2007 15:28:00 GMT
Wired has an article about the U.S. government’s lack of a transparent, responsive process for individuals who are on the terrorist watch list to request removal if they are innocent. According to the article, even the process they do have, which only addresses a subset of the people affected, has resolved only half of its cases since February. Others are left confused, with little information about the process or the individual’s current status.
BBC columnist Bill Thompson recently raised questions about the responsiveness of StopBadware’s own review process that helps site owners flagged by Google get their sites removed from Google’s list. He even suggested that perhaps the authorities should be the ones keeping a URL blacklist and managing the appeals process.
Apart from the jurisdictional issues, which Mr. Thompson acknowledges as being a show-stopper, the example set by the U.S. government isn’t exactly an encouraging sign for the future of a government-run blacklist.
At StopBadware, we believe that transparency and responsiveness are key to the success of our efforts. This is why we explain our review process in our FAQ. It’s why anyone who submits a request for review of their site can return to our site at any time while the review is in progress to see its status. And it’s why the average time for a review to be completed is under three days (typically shorter for sites that are, in fact, clean when they are submitted for review and a bit longer for those that are not).
There’s still more to be done, of course. We encourage all security vendors and blacklist providers to offer a transparent and responsive process. We continue to improve our own process and communications to provide the most information as clearly and quickly as possible. And, over the next several months, we’ll be doing even more to involve the community in our efforts.
Meanwhile, millions of users are being protected from badware every day, all without the bureaucracy that often comes with government security efforts.
Posted in all | Tags bbc, government, stopbadware
Posted by Maxim Weinstein
Wed, 28 Nov 2007 21:41:00 GMT
Traffic to StopBadware.org recently reached the one million unique visitors per month mark, a major milestone in our two-year history. The majority of our visitors come to us through Google’s warning pages, while many others find us through blog posts, articles, reports, and other references from around the web.
We are thrilled that the message is getting out that the internet community can work together to stop the spread of badware while protecting providers who are doing their part to keep their sites and applications safe.
We are especially grateful to those who, after their initial visit, have continued their involvement by joining our mailing list, reading our blog, telling their stories, and participating in our online discussion group. You are part of StopBadware and its success, and we will be offering new ways for you to contribute over the next several months.
Thank you all, and here’s to continued growth and, more importantly, continued success in stopping badware!
Posted in all | Tags milestone, stopbadware
Posted by Erica George
Wed, 21 Nov 2007 19:18:00 GMT
As our readers in the United States will know, this Thursday is the Thanksgiving holiday. StopBadware, along with the rest of Harvard University, will be closed Thursday and Friday this week in observance of the holiday. We will reopen on Monday, November 26.
For website owners concerned about their review requests, we recommend also logging in to Google’s Webmaster Tools console and filing an additional review request there. Also, don’t forget that the StopBadware discussion group can be a great resource if you’re having trouble discovering problems on your website.
For all of our readers who celebrate it, have a Happy Thanksgiving, and we’ll see you on Monday!
Posted in all | Tags stopbadware
Posted by Maxim Weinstein
Wed, 21 Nov 2007 19:04:00 GMT
The U.S. Federal Trade Commission and the National Cyber Security Alliance have released a set of “ 10 Tips for Safe Holiday Shopping Online.” Click the link for the full version, but here’s a summary of the tips:
Check out the seller.
Read return policies.
Know what you’re getting.
Don’t fall for a false e-mail or pop-up.
Look for signs a site is safe.
Secure your computer.
Consider how you’ll pay.
Know the full price and check out incentives.
Keep a paper trail.
Turn your computer off when you’re finished shopping.
On a related note, PC World is reporting that website hacks, phishing, and other online scams are expected to rise with the kickoff of the holiday shopping season, so stay alert.
Posted in all | Tags shopping, stopbadware
Posted by Maxim Weinstein
Thu, 15 Nov 2007 20:18:00 GMT
On CNet yesterday, Chris Soghoian blogged an interview with Mike Shaver at Mozilla. In it, StopBadware’s role is mischaracterized. It turns out it was nothing more than a misunderstanding, and we’re happy to be working with Mozilla to set the record straight.
Mozilla, Google, and StopBadware are all expected to play a role in ensuring that the needs of both users and web site owners will be addressed in Firefox 3. Mozilla is working with Google to provide a list of potentially harmful URLs that will be used by Firefox to warn users before they browse to a site that may contain malware. This data comes from Google’s own scanning and research, not from StopBadware, as reported. (Our Clearinghouse allows users to search for a site to see if it is currently on Google’s warning list.)
StopBadware’s role will be (as it is now) to ensure that users and web site owners receive as much information as possible about the warning and to provide a transparent review process to assist site owners in understanding why a site was flagged and/or notifying Google that it has been cleaned.
By working together, we help protect users from potentially dangerous web sites while ensuring that owners of legitimate sites have a way to understand the warnings, clean up their sites, and remove the warnings.
Posted in all | Tags cnet, firefox, Google, mozilla, stopbadware
Posted by Maxim Weinstein
Tue, 06 Nov 2007 16:12:00 GMT
Over on Sophos’s blog, there is a post about a “household name” web site delivering infected third-party content through a marketing relationship. This is consistent with what we have seen lately in our web site work, where infected ads pop up on an ad network, causing an otherwise “clean” site to appear infected.
I disagree with the author’s assertion that the responsibility lies entirely with the hacker and the marketing company, though he does temper that by saying:
Remember, adding third party content can be a risky business. You have to make sure that their security policies match yours, otherwise you lose your reputation.
Beyond just your reputation, you endanger the privacy and security of your customers/visitors if you allow infected third party content onto your site. So, be sure to very carefully learn about the security practices of advertisers (or other third party content providers) before allowing them to serve content on your site.
Posted in all | Tags advertising, malware, stopbadware, web
Posted by Maxim Weinstein
Wed, 03 Oct 2007 12:45:00 GMT
Our “Trends in Badware 2007” report, released yesterday, has been picked up in a variety of blogs and news articles.
Reading through some of the coverage, a web user or site owner could be tempted to panic. After all, if one of the messages is that even legitimate sites and ad networks can be sources of badware, isn’t the web itself becoming less safe?
Not really. What we have seen is just the latest shift in how attackers do their dirty work, and the Internet community is adjusting quickly, as it typically does. Search engines, browser companies, security vendors, volunteers, StopBadware, and other organizations have taken steps—from identifying and blocking access to infected sites to spreading the word about how to protect your PC or your web site—to minimize the threats and keep the Internet safe.
Mass e-mail worms, floppy disk-borne viruses… new threats are developed, new ways of addressing them are created, and soon they become threats of the past, just as the current threats will. The Internet has shown the potential to be a self-correcting system, and we here at StopBadware aim to ensure it stays that way.
Tags analysis, press, stopbadware, trends
Posted by Erica George
Tue, 02 Oct 2007 13:56:00 GMT
StopBadware is proud to release our 2007 update on the state of badware on the web – “Trends in Badware 2007: What internet users need to know.” The short report is a plain-English explanation of badware threats to user privacy and security, based on our research over the past year. It explains online security issues such as compromised websites, social networking scams, and other badware trends that pose significant risk to the average internet user.
For many visitors to StopBadware.org, threats such as legitimate websites that have been hacked to distribute badware may not be news. We’re hoping our security-conscious visitors will help us spread the word to those who aren’t yet aware of the dangers. “Trends in Badware” is written with nontechnical internet users in mind – folks who love using the internet, but who may not yet have learned about newer badware threats.
As StopBadware’s co-director John Palfrey says in our press release, “Now, users can get infected by simply browsing a reputable website or clicking on links posted to their favorite blogs or social networks. We want to make sure that consumers have up-to-date information on emerging trends so they know what to look for when online.”
StopBadware’s mission is to help educate consumers and average internet users about badware, and to help the community fight back. We hope that “Trends in Badware 2007” can help clear the fog around online dangers and empower ordinary internet users to take charge of their computers’ security.
You can download “Trends in Badware 2007” here.
Posted in homepage, all | Tags badware, consumer, education, stopbadware
Posted by Maxim Weinstein
Fri, 28 Sep 2007 13:30:00 GMT
PC World has an article about some new malware tricks. The lead sentence is right on the money:
If the crooks behind viruses, Trojan horses, and other malicious software were as stupid as they are scummy, we’d have a lot less to worry about.
Some of the tricks are pretty clever and interesting to read about. In the end, though, the defenses are the same as always: keep software up to date, use security software from a trusted source, and exercise caution when using your PC (or, even more so, others’ PCs).
Tags article, malware, stopbadware
Posted by Maxim Weinstein
Wed, 26 Sep 2007 19:34:00 GMT
Microsoft has released a new service pack (service pack 3) for Microsoft Office 2003, the pervasive suite of applications that includes Word, Excel, PowerPoint, and Outlook. This service pack reportedly fixes a long list of security vulnerabilities in these applications. While we have not seen a lot of Office-related attacks lately, these apps represent a potential attack vector that home and business users alike should be trying to block by installing updates like this latest service pack.
Despite popular belief, the Automatic Update feature in Windows does not download updates for Office and other applications, but only for Windows and Internet Explorer. (There is a free download known as Microsoft Update that extends Automatic Update to include Office products.) Therefore, you may need to follow the link above for instructions on how to download and install the service pack.
Tags microsoft, office, stopbadware
|
