Identifying Compromised Websites
linuxwrangler writes "'An infectious disease broke out recently in a number of communities. We'd like to tell which communities they were, just in case you were visiting one at the time, but we can't. It would be bad for business, after all.' Thus begins an interesting column in InfoWorld's Gripe Line in which Ed Foster discusses the astonishing secrecy surrounding the identity of the sites that were compromised by Scob/Download.ject and spreading malicious code to their visitors. As Foster notes, when food-poisoning is traced to a store or restaurant the health-department makes every effort to inform those who may be affected. Shouldn't we demand the same when a business's server poisons our computer?"
Yes, the organizations should disclose the info, and for them, they have nothing to lose, since they are just a third-party security organization. But you can bet they then would be the target of lawsuits. Blame America's litigation-happy society for this paranoia.
There's 10 types of people in this world, those who understand binary and those who don't.
It sounds like a good idea for a moment, before you think about it. First of all, most web content is offered as free with no warranties or guarantees of anything. You surf at your own risk. Second, a person may go through hundreds of web sites in a day, and tens or hundreds of thousands of people may hit your site. Third, most people with any sense have some form of antivirus on their computers, and those that do not are either asking for it and they know it, or wouldn't know what to do if they did get a virus. In reality, virus protection is the responsibility of the user. True, it is absolutely insane that people have unprotected web sites out there, but since the web is a public forum, there is really no way to say who does what without limiting the "for all people" part of it. The web is a beautiful thing because it is open to everyone, regardless.
...for two reasons. First, an infected website has never killed anyone. Second:
when food-poisoning is traced to a store or restaurant the health-department makes every effort to inform those who may be affected.
There is no such thing as a health department for your computer. There are virus tracking sites, spyware removal programs, sites that offer updates to your protection programs...lots of things to help kill active infections and keep you informed of current ones. But there is no "USDA stamp" for clean websites.
Nor can there be. The internet has bounds beyond a single country. Any office claiming to have jurisdiction over all websites would be ridiculous.
Weaselmancer
rediculous.
It seems like one could create a distributed site monitoring system for this purpose. A simple sandbox web app would periodically reload a list of sites and log a signature of either the contents or attempted actions encoded in the site. Each participant would offer to monitor a few sites in the background. A P2P comparison process would then correlate signature elements across sites -- peers would transmit their findings to other peers looking for something like Download.ject that appears as a new object/behavior across disparate sites. The peers could then alert each other across the mesh of the system when suspicious new objects show up.
Lacking a central authority, the companies would be powerless to shutdown publication of these types of security breaches.
Two wrongs don't make a right, but three lefts do.
Tracing the ancestry of a bacterial strain that affected hundreds of people is relatively easy compared to tracking down the sites that affected millions. Disease outbreaks take hundreds of man-hours to actually track down, and frankly I don't think its possible to get to the root of a computer based problem that affects thousands (if not millions on a worldwide scale).
Maybe someday.. just not now.
Watch, as the internet becomes more and more part of the infrastructure of the worldwide information systems, companies in the future will lobby for a similar bogus-security rationalization for keeping internet-infrastructure compromises secret.
Not that relevant to the article I suppose, but an interesting angle.
"'Yrch!' said Legolas, falling into his own tongue."
Unlike the food example, where bad food could kill you, a computer virus in your home machine won't.
Explain that to the sailors on the USS Yorktown.
Yes, I know it wasn't a virus. It was bad SQL Server-based code. Sadly, Microsoft is equally vulnerable to both.
Ibsen wrote a play about it, that's how old it is. It was made into a movie with Steve McQueen. The plot seemed scarily current, like it was taking place today, not almost a century ago.