Slashdot Mirror


Identifying Compromised Websites

linuxwrangler writes "'An infectious disease broke out recently in a number of communities. We'd like to tell which communities they were, just in case you were visiting one at the time, but we can't. It would be bad for business, after all.' Thus begins an interesting column in InfoWorld's Gripe Line in which Ed Foster discusses the astonishing secrecy surrounding the identity of the sites that were compromised by Scob/Download.ject and spreading malicious code to their visitors. As Foster notes, when food-poisoning is traced to a store or restaurant the health-department makes every effort to inform those who may be affected. Shouldn't we demand the same when a business's server poisons our computer?"

4 of 390 comments (clear)

  1. Fear of lawsuits by Ryu2 · · Score: 4, Interesting

    Yes, the organizations should disclose the info, and for them, they have nothing to lose, since they are just a third-party security organization. But you can bet they then would be the target of lawsuits. Blame America's litigation-happy society for this paranoia.

    --
    There's 10 types of people in this world, those who understand binary and those who don't.
  2. The analogy doesn't hold by Weaselmancer · · Score: 4, Interesting

    ...for two reasons. First, an infected website has never killed anyone. Second:

    when food-poisoning is traced to a store or restaurant the health-department makes every effort to inform those who may be affected.

    There is no such thing as a health department for your computer. There are virus tracking sites, spyware removal programs, sites that offer updates to your protection programs...lots of things to help kill active infections and keep you informed of current ones. But there is no "USDA stamp" for clean websites.

    Nor can there be. The internet has bounds beyond a single country. Any office claiming to have jurisdiction over all websites would be ridiculous.

    --
    Weaselmancer
    rediculous.
  3. P2P site monitoring system by G4from128k · · Score: 4, Interesting

    It seems like one could create a distributed site monitoring system for this purpose. A simple sandbox web app would periodically reload a list of sites and log a signature of either the contents or attempted actions encoded in the site. Each participant would offer to monitor a few sites in the background. A P2P comparison process would then correlate signature elements across sites -- peers would transmit their findings to other peers looking for something like Download.ject that appears as a new object/behavior across disparate sites. The peers could then alert each other across the mesh of the system when suspicious new objects show up.

    Lacking a central authority, the companies would be powerless to shutdown publication of these types of security breaches.

    --
    Two wrongs don't make a right, but three lefts do.
  4. Homeland Security by smclean · · Score: 5, Interesting
    Remember the article the other day about the secrecy surrounding cell phone outages because the Homeland Security folk believe it serves as a "terrorist blueprint"?

    Watch, as the internet becomes more and more part of the infrastructure of the worldwide information systems, companies in the future will lobby for a similar bogus-security rationalization for keeping internet-infrastructure compromises secret.

    Not that relevant to the article I suppose, but an interesting angle.

    --

    "'Yrch!' said Legolas, falling into his own tongue."