Slashdot Mirror

← Back to Stories (view on slashdot.org)

Identifying Compromised Websites

Posted by timothy on from the or-not dept.

linuxwrangler writes "'An infectious disease broke out recently in a number of communities. We'd like to tell which communities they were, just in case you were visiting one at the time, but we can't. It would be bad for business, after all.' Thus begins an interesting column in InfoWorld's Gripe Line in which Ed Foster discusses the astonishing secrecy surrounding the identity of the sites that were compromised by Scob/Download.ject and spreading malicious code to their visitors. As Foster notes, when food-poisoning is traced to a store or restaurant the health-department makes every effort to inform those who may be affected. Shouldn't we demand the same when a business's server poisons our computer?"

6 of 390 comments (clear)

  1. Re:Its just not possible.. by gkuz · · Score: 2, Informative
    Tracing the ancestry of a bacterial strain that affected hundreds of people is relatively easy compared to tracking down the sites that affected millions

    Bullshit. Most of the very high-profile worms/viruses of recent years were traced back to specific individuals fairly quickly. It's a lot easier than forensic microbiology.

  2. Re:Of course by John+Hurliman · · Score: 4, Informative

    Excellent timing of this; the Spokesman Review had an article a few days ago about how grocery store names in Washington state who got shipped potentially bad meat from the Mad Cow epidemic are being withheld, and the newspapers were denied their information requests on some obscure grounds. I'd say the website attacks are being treated like any similar situation.

  3. Etrade by Anonymous Coward · · Score: 1, Informative

    I think Etrade is one of the compromised sites.
    On their site they say "A new security threat is currently circulating on the Internet. It is in the form of a Trojan Horse program called Download.Ject." you see this as an alert when you log in, but you can also see it without logging in. Take a look here

  4. Re:An odd analogy. by TomServo · · Score: 3, Informative

    Well, this isn't quite the same, but UCSD recently found that some of their machines were compromised. They sent out notices that, while there was no evidence to show that anyone's information had been taken, the compromise did put the attacker in a position where they could get ahold of students' and people who applied to be students' personal information, including social security numbers.

    They sent notices to everyone who was in the system with instructions on how to protect themselves, and reported it to the local media. A San Diego Union-Tribune Article is here.

    Admittedly, it's not the same, as a state-run university isn't the same as a traded company running a website, but they obviously felt it important to inform anyone who was potentially hurt by this.

  5. frivolous? not! by Macgrrl · · Score: 2, Informative

    IF you are referring to the McDonalds Hot Coffee lawsuit, perhaps you need to read up on the facts of the case, the coffee wasn't merely hot, but was scalding.

    From the link: The sweatpants Liebeck was wearing absorbed the coffee and held it next to her skin. A vascular surgeon determined that Liebeck suffered full thickness burns (or third-degree burns) over 6 percent of her body, including her inner thighs, perineum, buttocks, and genital and groin areas. She was hospitalized for eight days, during which time she underwent skin grafting. Liebeck, who also underwent debridement treatments, sought to settle her claim for 20,000, but McDonalds refused.

    --
    Sara
    Designer, Gamer, Macgrrl in an XP World
  6. Other interesting facts about the case... by ??? · · Score: 2, Informative
    • McDonald's served their coffee at about 40 degrees F hotter than is standard in the industry, and didn't inform its customers of this fact.
    • The McDonald's quality assurance manager admitted in discovery that at the temperature at which it was served, the coffee was not fit for consumption
    • Liebeck's unchallenged expert witness (expert in thermodynamics applied to human skin burns) testified that had the coffee been served at a temperature consistent with the rest of the industry, the coffee would have cooled before inflicting third-degree burns.
    • McDonald's assertion that they keep the coffee so hot because customers intend to take the coffee home or to work to drink it is contradicted by their own market research indicating most customers intend to drink the coffee in the car.
    • There were 700 previous cases where complaints were filed and McDonald's made no changes to their policies