Identifying Compromised Websites

linuxwrangler writes "'An infectious disease broke out recently in a number of communities. We'd like to tell which communities they were, just in case you were visiting one at the time, but we can't. It would be bad for business, after all.' Thus begins an interesting column in InfoWorld's Gripe Line in which Ed Foster discusses the astonishing secrecy surrounding the identity of the sites that were compromised by Scob/Download.ject and spreading malicious code to their visitors. As Foster notes, when food-poisoning is traced to a store or restaurant the health-department makes every effort to inform those who may be affected. Shouldn't we demand the same when a business's server poisons our computer?"

Re:Of course

[John+Hurliman]

Excellent timing of this; the Spokesman Review had an article a few days ago about how grocery store names in Washington state who got shipped potentially bad meat from the Mad Cow epidemic are being withheld, and the newspapers were denied their information requests on some obscure grounds. I'd say the website attacks are being treated like any similar situation.

Re:An odd analogy.

[TomServo]

Well, this isn't quite the same, but UCSD recently found that some of their machines were compromised. They sent out notices that, while there was no evidence to show that anyone's information had been taken, the compromise did put the attacker in a position where they could get ahold of students' and people who applied to be students' personal information, including social security numbers.

They sent notices to everyone who was in the system with instructions on how to protect themselves, and reported it to the local media. A San Diego Union-Tribune Article is here.

Admittedly, it's not the same, as a state-run university isn't the same as a traded company running a website, but they obviously felt it important to inform anyone who was potentially hurt by this.