Jamie Oliver's Website Serving Malware

jones_supa writes While routinely checking the latest exploited websites, Malwarebytes came across a strange infection pattern that seemed to start from the official site of British chef Jamie Oliver. Contrary to most web-borne exploits we see lately, this one was not the result of malicious advertising but rather carefully placed malicious JavaScript injection in the site itself. This, in turn, has been used to serve visitors a delicious meal consisting an exploit kit downloading the Dorkbot trojan. Malwarebytes has contacted the administrators immediately upon discovery of this infection.

Ok

Sites should be LIABLE for third party ads they serve.

Re:Ok

Users should be liable for their idiocy. Everyone should be using ScriptSafe or NoScript or similar instead of just opening up their browser to every single script out there.

Is javascript dangerous?

It seems that javascript is a common factor in most malware infection mechanisms. Is there a way to make javascript safe?

Re:Is javascript dangerous?

NoScript?

Re:Is javascript dangerous?

I dunno... make it so that someone reviews the code before it is put on the internet?

And then make it so that the javascript is read-only so that random visitors can't visit your wildly popular website and change the code?

I mean, surely it wasn't an employee of Jamie Oliver's that deliberately placed a virus on his website. That is something that only a chav, a wog, or a filthy criminal would do, and those sorts of things are simply not employed by Jamie Oliver. Jamie Oliver is too proper to allow such offensive things to contaminate his presence or image.

Re:Is javascript dangerous?

NoScript?

We all know about NoScript. In fact I mostly only use browsers which allow me to turn it off (old Opera). But some websites don't work well, or at all, without javascript. My question remains: is there a way to make javascript safe? Like a browser plugin that would run javascript in a truly safe container, VM, etc. Block access to filesystem and any other critical resources.

Re:Is javascript dangerous?

[ihtoit]

uh... bollocks. Look up "Barbecoa".

Re:Is javascript dangerous?

[hcs_$reboot]

Javascript is not dangerous in itself. Functions (APIs) access is very limited (in a browser where JS engine is not compromised), and JS cannot directly impact your disk (or slightly, cookies, swap, ...) or other programs (maybe DoS to some extent). However, being able to change some JS in a page makes you able to change the site behavior. And, for example, when it comes to downloading something initially safe, in a supposedly well known safe website, the bad JS may have you download something dangerous. Or steal a session cookie that makes the attacker login to the site on your behalf, or have you perform some administrative tasks on your behalf etc... But, the real difficulty for the attacker is to inject some JS into a page in the first place. This is (usually) not easy!

Re:Is javascript dangerous?

[pspahn]

But, the real difficulty for the attacker is to inject some JS into a page in the first place. This is (usually) not easy!

Why are we not able to lock down our javascript files before they get sent to the browser? Sure, inline scripts could be exposed, but anything served as .js should have a header that tells the browser whether to give me all the juicy bits of the javascript running on the page ... or not.

Really, why should someone be able to see all the javascript on your site just by hitting F12? Shouldn't we be able to turn this off, ala a header in .js files, so that we can use it for debuggings/development, but disable it in production?

More importantly, why should this content be exposed to various nefarious "plugins" when an infected user visits your site?

Re:Is javascript dangerous?

[Dahamma]

Shouldn't be up to the Javascript website developers to make sure it's safe (OBVIOUSLY!)

It's up to those implementing the browsers with Javascript engines. It should be no more dangerous than any basic HTML if they got the security right.

Re:Is javascript dangerous?

[Dahamma]

Your post is a hot mess.

So, you want Javascript to be secure, but not allow the user downloading it to be able to see what they are running? Do you even understand how Javascript works in a browser beyond "hitting F12?" For the love of WTF, they are not "seeing the Javascript on your site", you are letting them DOWNLOAD the Javascript to their computer and then run it.

How, precisely, do you expect an interpreted text file to be hidden from a web browser that downloads and executes an interpreted text file? And more importantly, WHY would a browser want to let you do that, unless to obscure what you are trying to run on a user's computer?!?

The sum total of Javascript exploits is a browser that allows Javascript exploits. If they were implemented correctly there would be no problem.

Re:Is javascript dangerous?

[hcs_$reboot]

Aaah. Thank you!

Re:Is javascript dangerous?

[hcs_$reboot]

Oh and I even have a car analogy: the GPS guidance system [JS] in your car [OS] has no much power - it cannot impact directly your speed, wheel direction, breaks, etc... However if someone happens to inject some code into your GPS, and have it give wrong directions, your car is still not directly impacted by that hacking. However, the system may change your itinerary and guide you to a dangerous place you were not supposed to go would the GPS work normally.

Re:Is javascript dangerous?

[DarkTempes]

Browser Javascript is already limited in what it can do and access.

And in this case even if you had NoScript installed (which is different from turning Javascript off entirely in your browser) and the main Jamie Oliver website whitelisted you'd still have been protected because what the JS was doing was creating an iframe to another site and loading Flash/Silverlight/Java exploits inside of that.

And note that even with a compromised site where they were able to inject their own JS that they still had to rely on Flash/Silverlight/Java rather than just Javascript to download and run the trojan.
So to answer your question: No, Javascript isn't really dangerous. Poorly written browser plugins are.

Re:Is javascript dangerous?

[gl4ss]

well yeah you know it's not supposed to be able to install random stuff on your computer any more than a html element can. so is there a way to make javascript safe? yes.

the question you should be asking is can you make the browser safe though.

Re:Is javascript dangerous?

[IamTheRealMike]

So to answer your question: No, Javascript isn't really dangerous. Poorly written browser plugins are.

No, what's dangerous is software that doesn't silently auto update.

JavaScript vs Java vs ActionScript is largely irrelevant. Web browsers routinely ship fixes for dozens of JS sandbox escapes in every update they release. Web sandboxes aren't made of magic that is unavailable to other technologies. The reason most exploit kits still target Flash and Java is that modern web browsers keep themselves up to date a lot more aggressively than those plugins do/did - typically not asking for permission any more. If you dig in you'll usually find these exploit kits are exploiting bugs that were found and patched years ago. But they still work because some non-trivial fraction of the userbase always dismisses auto update requests.

In case you don't believe me, consider that in 2014 Java had no zero day exploits at all. But some people are still vulnerable to bugs from 2012. The ask forgiveness not permission auto update policy was pioneered by Google and unfortunately took a long time to become accepted as the standard due to the old mindset, especially amongst tech geeks, of "my computer is my castle".

Re:Is javascript dangerous?

As a non developer I sincerely thank you. That made sense.

Re:Is javascript dangerous?

Yeah, STOP ENABLING JAVA$CRIPT, usability sheeple!

If your website doesn't look like it was designed in 1995, you're doing it wrong.

Re:Is javascript dangerous?

  even if you had NoScript installed (which is different from turning Javascript off entirely in your browser)

Care to share what the difference is? NoScript doesn't disable JS?

Re:Is javascript dangerous?

[Lumpy]

Yes. Block all ads and then disable javascript.

Re:Is javascript dangerous?

Perfect. Sad thing is this would work.

I must be the last person on the planet to study my route and destination on a map before leaving and keep a paper map in the glovebox just in case.

Re:Is javascript dangerous?

[tehcyder]

NoScript?

That has the added advantage of making 99% of websites unusable, thereby forcing you to do some work instead.

Re:Is javascript dangerous?

[GTRacer]

Unless I miss GP's point, it's that NoScript blocks JS /per site/, so that scripts tied to external domains (often ad and content delivery networks) can be blocked while leaving the primary vendor's sites functional. By default, everything is blocked. You visit a new site and if something doesn't work, you pull up the menu and work your way from the core site's domain to as far as you think you need to go. You can whitelist or grant temporary session access.

I use it and love it. It's not perfect by itself but it doesn't take long to figure out what minimum is needed, and just how pervasive some ad networks are.

Re:Is javascript dangerous?

[kent_eh]

In case you don't believe me, consider that in 2014 Java had no zero day exploits at all. But some people are still vulnerable to bugs from 2012. The ask forgiveness not permission auto update policy was pioneered by Google and unfortunately took a long time to become accepted as the standard due to the old mindset, especially amongst tech geeks, of "my computer is my castle".

On the other hand, where I work several of the Java apps that the business runs on are (stupidly or lazily) coded to work on specific versions of Java. Auto-updating java can (and has) break one application while improving how another works.

It's frustrating as hell not being able to trust an update, just in case it might break the payroll time tracking application again.

Re:Is javascript dangerous?

So quit using stupid brittle Java apps!

Re:Is javascript dangerous?

If you take the "my computer is my castle" mindset away you'll end up leasing an apple device and having to ask the real owners what you can do with it all the time.

I think better warnings about not updating would be good, something in the line "there are currently X known ways of compromising your system, please update to fix".

Re:Is javascript dangerous?

[IamTheRealMike]

Yes, that seems like a remarkably common problem and I'm not sure how people manage that. Serializing objects to the database? I guess if vendors get enough customer pressure to work better with Java updates they might put some effort into it, eventually.

But then the Java security holes are all sandbox escapes. You aren't using the sandbox for some enterprise time tracking app. So the need to update is less.

Re:Is javascript dangerous?

[IamTheRealMike]

I think better warnings about not updating would be good, something in the line "there are currently X known ways of compromising your system, please update to fix".

It was tried. Doesn't work. Lots of people don't even read security alerts. They just immediately find the X or close or cancel button and click it without even reading the thing they are dismissing.

The amount of time your average user wants to spend on maintaining their computer is zero. They have no notion that a computer is a thing that must be maintained and failing to do so can damage the internet. They just want to achieve their task.

The only correct way to do auto updates is automatically, silently, and not giving the user any choice in the matter. Everyone who has failed to accept this reality has ended up with their users running obsolete and insecure versions of their apps, and getting reamed in the court of public opinion as a result. If the Java team fixed their auto updater to be entirely silent and scrapped the Ask Toolbar malarky they'd have a pretty compelling platform still. But for as long as browsers are managing themselves and Java is asking permission, it will always lose.

Re:Is javascript dangerous?

[kent_eh]

So quit using stupid brittle Java apps!

As a lowly drone in this massive corporate machine I don't really have that option.

Re:Is javascript dangerous?

NoScript?

What's your question?

How does NoScript help when literally millions of useful websites use Javascript for entirely legitimate purposes and would therefore?

I don't expect an answer from someone too illiterate to know how to use a question mark properly.

Re:Is javascript dangerous?

[Khyber]

" it cannot impact directly your speed,"

Bullshit, poorly-done JS can damn near freeze your computer.

Re:Is javascript dangerous?

[phorm]

" you are letting them DOWNLOAD the Javascript to their computer and then run it"

In a simple form, yes. Sometimes, however, that involves a rats-nest of includes, "minified" files (all whitespace stripped, sometimes variables stripped of any useful naming as well), etc.

It wouldn't be hidden from the browser, but obscuring Javascript isn't exactly hard, and "exploit" could just mean something that's a useful situation in situation X but bad in situation Y (accessing a microphone/camera, for instance).

Re:Is javascript dangerous?

[sexconker]

It seems that javascript is a common factor in most malware infection mechanisms. Is there a way to make javascript safe?

0: Don't write and host your own malicious javascript.
1: Don't host third-party javascript.
2: Don't host third-party content without sanitizing it to ensure it doesn't cause users to load other third-party shit.

1 & 2 can be combined into a simpler, more secure rule: Don't host third-party content.

Re:Is javascript dangerous?

[RyoShin]

The reason that they don't offer auto-update is that, if they did, Adobe/Oracle wouldn't be able to offer you crapware along with your update, pre-checked for your convenience (Norton something and Ask.com Toolbar, respectively.)

Re:Is javascript dangerous?

[hcs_$reboot]

" it cannot impact directly your speed,"

Bullshit, poorly-done JS can damn near freeze your computer.

No. Poorly implemented browser. Eg chrome gives you a way to calm down abusive JS scripts.

Re:Is javascript dangerous?

[Khyber]

Chrome fails more than 50% of the time when it crashes on JS on anime sites I view. Whole browser locks up. Chrome can't even deliver a warning.

Also, Chrome's default security sucks.

Re:Is javascript dangerous?

consider that in 2014 Java had no zero day exploits at all

If they're zero-day they're unknown, so how can you count them?

Plus, perhaps people might accept java (which has stuff all to do with javascript) updates automagically if java didn't have a historical preference for security through breaking backwards compatibility and being impossible to update without a QA/test process for business installations.

Re:Is javascript dangerous?

[Dahamma]

Not sure what the point of your post was. Clearly you and I understand how Javascript works but the OP doesn't. Read the OP. I assume he doesn't know about Javascript obfuscation, etc, or how a browser executes Javascript in general. Maybe you meant to reply to him.

And your example of using a camera is as I said all up to the browser implementation. As in, if it asks you very clearly and without the possibility of the JS code to obscure it if you want to let the code use a camera, it's implemented correctly. To go on a tangent, iOS does this pretty well. Android does not. (Better to ask at the time it wants to USE a feature than make you agree to 20 permissions when you install the app. Context is key, as you basically said.)

Re:Is javascript dangerous?

[IamTheRealMike]

Zero day means the bad guys find out before the good guys do.

Web site gets hacked...

[Frosty+Piss]

...news @ 11...

Re:Web site gets hacked...

[hcs_$reboot]

While, always, 11, ... ?

Re:Web site gets hacked...

[hcs_$reboot]

*why
NB /. : we should be able to edit for 1 minute or so. f.

Re:Web site gets hacked...

Why not?

Re:Web site gets hacked...

I have to wait 1 minute for each page to load, you insensitive clod! Think of the less-fortunate on slow connections, you broadband-having bastard.

Re:Web site gets hacked...

[mjwx]

Why, always, 11, ... ?

Because most ordinary news goes to 10, our news goes to 11.

Re:Web site gets hacked...

[tburkhol]

Why, always, 11, ... ?

In the US, the traditional time for networks to show their nightly news is 11pm, after the 'prime time' entertainment and kids have gone to bed. Any unsold prime-time commercial slots are filled with teasers for these news programs, generally of the form "Shocking ways that Foo can kill you! Details at 11," or "Weird tricks to save you money! News at 11."

Re:Web site gets hacked...

Correction: In the eastern time zone of the US... That's 10 central and 9 mountain. If I'm not mistaken, the west coast is far enough behind that they just tape-delay (but not with tape anymore) until 10 or 11.

Growing up in the midwest and being used to evening news at 10 PM, it took me a moment to figure it out the first time I heard the sarcasm-at-11 joke on Slashdot. Not growing up in the US at all might present an even larger disconnect.

Re:Web site gets hacked...

[mrchaotica]

You can! You just have to hit "Preview" to enable that functionality.

Re:Web site gets hacked...

pacific time zone operates on a prime time schedule same as eastern, 8-11pm, delayed 3 hours from the east coast. central and mountain time zones run 7-10pm, making central the same 'time' as eastern (so half the country sees stuff during primetime, even 'live' stuff, at the same time) and mountain delayed an hour from that. sports and presidential speeches are about the only 'live' event that's aired 'live' across the country, other things like award shows and reality bullshit are still delayed on the west coast so they can air during the more lucrative 'primetime' period.

Re: Web site gets hacked...

Local news comes on the networks in the USA at that time. So it's a common phrase to hear advertised during the 8-11pm TV shows to scare viewers to watch.

Re:Malware is NEWS NOW

Well, on the positive side, at least Slashdot waited until the website had removed the threat before linking to it. Which is a definite improvement over how they handled numerous other stories on similar subjects.

Sometimes people don't actually WANT to get up close and personal with Typhoid Mary, Slashdot.

Re:Malware is NEWS NOW

[nehumanuscrede]

Meh.

If you're perusing the net without some form of basic protection, you're doing it wrong anyway :D

( Bare minimum being: NoScript, Ghostery and Adblock, or their equivalents )
( Paranoia level being: The above plus some flavor of Linux in a VM via a Tor relay, VPN service or proxy and a dozen other addons )

Re:Malware is NEWS NOW

Pedorist drug dealer detected. I shall away to alert the local constabulary. Or perhaps the internet police.

one word: Barbecoa

[ihtoit]

That should be familiar to any Oliver fans and hardcore critics alike. For those in neither camp, Barbecoa was Oliver's butchery that was shut down last June after receiving an "A Hazardous" rating from the Food Standards Agency following complaints of food poisoning form several of his restaurants that also received poor FSA ratings for general hygiene. Oliver was also fined £17,000 over this scandal, consisting of just one specimen charge of violating the Food Safety Act, which is pretty fucking disgusting after his ironically calling the US fast food industry out for unsafe kitchen practices. He should have been shut down altogether. Oh, semi-insider info: I have it on very good authority that his restaurants have a higher staff turnover than practically every other sector. They are hellish places to work in. Certainly not worth the wage slavery. The management expect new staff to already know how it all works (in Oliver's eclectic kitchen system!?), training is not only nonexistent it's an inside joke that "training" is a curse word. Most of his staff are school leavers. The only ones over the age of 18 are upper management.

Re:one word: Barbecoa

[hcs_$reboot]

yes I am bitter because at 36 I applied and was told I was too old for *any* position within Jamies Italian Kitchen.

Cooks read Slashdot, that's good news!

Re:one word: Barbecoa

[rogoshen1]

isn't that profoundly illegal?
I mean, overtly stating that you are 'too old' ? I don't think even a 36 year old woman would be told that if she applied at Wet Seal.

Re:one word: Barbecoa

[hcs_$reboot]

That should be familiar to any Oliver fans and hardcore critics alike. For those in neither camp, Barbecoa was Oliver's butchery that was shut down last June after receiving an "A Hazardous" rating from the Food Standards Agency following complaints of food poisoning form several of his restaurants that also received poor FSA ratings for general hygiene. Oliver was also fined £17,000 over this scandal, consisting of just one specimen charge of violating the Food Safety Act, which is pretty fucking disgusting after his ironically calling the US fast food industry out for unsafe kitchen practices. He should have been shut down altogether. Oh, semi-insider info: I have it on very good authority that his restaurants have a higher staff turnover than practically every other sector. They are hellish places to work in. Certainly not worth the wage slavery. The management expect new staff to already know how it all works (in Oliver's eclectic kitchen system!?), training is not only nonexistent it's an inside joke that "training" is a curse word. Most of his staff are school leavers. The only ones over the age of 18 are upper management.

[ citation needed ]

Re:one word: Barbecoa

[ihtoit]

google "Jamie Oliver food safety", I'm not doing all the fucking legwork because you're too fucking lazy.

Re:one word: Barbecoa

[ihtoit]

yes but what are you going to do when you have no money and it costs a fucking fortune to file a claim in the employment tribunal?

Re:one word: Barbecoa

[hcs_$reboot]

too **** lazy.

Indeed, some posters here omit the anchor tag that enhances the discussion.

Re:one word: Barbecoa

[Nikademus]

That should be familiar to any Oliver fans and hardcore critics alike. For those in neither camp, Barbecoa was Oliver's butchery that was shut down last June after receiving an "A Hazardous" rating from the Food Standards Agency following complaints of food poisoning form several of his restaurants that also received poor FSA ratings for general hygiene. Oliver was also fined £17,000 over this scandal, consisting of just one specimen charge of violating the Food Safety Act, which is pretty fucking disgusting after his ironically calling the US fast food industry out for unsafe kitchen practices. He should have been shut down altogether. Oh, semi-insider info: I have it on very good authority that his restaurants have a higher staff turnover than practically every other sector. They are hellish places to work in. Certainly not worth the wage slavery. The management expect new staff to already know how it all works (in Oliver's eclectic kitchen system!?), training is not only nonexistent it's an inside joke that "training" is a curse word. Most of his staff are school leavers. The only ones over the age of 18 are upper management.

[ citation needed ]

http://www.dailymail.co.uk/new...

Re:one word: Barbecoa

[Sooner+Boomer]

I think that's serving up a different kind of "virus"...

Re: one word: Barbecoa

Ah, yes, that gospel of truth, The Daily Mail.

Re: one word: Barbecoa

[Nikademus]

Ah, yes, that gospel of truth, The Daily Mail.

http://www.thetimes.co.uk/tto/...
http://www.independent.co.uk/n...
http://www.telegraph.co.uk/foo...
http://www.standard.co.uk/news...
http://www.theguardian.com/lif...
http://www.news.com.au/enterta...

Re: one word: Barbecoa

[mjwx]

Ah, yes, that gospel of truth, The Daily Mail.

Every now and then, even the Daily Fail gets something right.

Re:one word: Barbecoa

Yes, but Jamie is a genius at one thing, marketing.

He sold the whole political class a lie that his food is healthy, but the salt content is through the roof and most of his meals are less healthy than your typical supermarket own-brand microwave meal - the sort of thing he was long berating.

So whilst his ideas were getting pushed into schools and he was being turned into Saint Jamie he was busy becoming noticably overweight on his own supposedly healthy options.

Then we find out about his butchers, serving only the best and healthiest cuts of meat, that is, if you can ignore the mould and rat droppings on it.

Jamie Oliver is a fraud, but he's become untouchable because the political class fell for his bullshit hook, line, and sinker, and there's no way the political class will admit to being wrong or gullible, so good luck holding anything against him.

Re:one word: Barbecoa

Apply for legal aid. Really. You probably qualify.

Re:one word: Barbecoa

I read an interview with him where he said he'd only recently been able to finish reading a novel because of his dyslexia.

Telegraph story

Why is this an issue? Because he's apparently written 20+ best selling cookery books singlehandedly. Hmmm...

Re:one word: Barbecoa

[drinkypoo]

[ citation needed ]

[ this is slashdot you monkey, learn to use google ]

Re:one word: Barbecoa

[hcs_$reboot]

Ok, maybe I should google "google" to learn how to use it

Re:one word: Barbecoa

[guises]

Actually, no it isn't illegal. Not in the US at least, though Jamies Italian Kitchen is probably in the UK.

People over forty are a protected class in the US, and can't be legally discriminated against (there are exceptions to this, like the military). But a thirty six year old person can be openly discriminated against without legal repercussion.

Re:one word: Barbecoa

[rogoshen1]

Ah, thanks for pointing that out, had to look it up.. You'd think the young would suffer from age discrimination just as much as the 40 and up crowd.

(also, yep.. it would make sense that the gentleman is in the UK. Even before mentioning 'tribunal' :) )

Re:one word: Barbecoa

Here you go!

Re:one word: Barbecoa

[BVis]

A 36-year old going for a minimum wage job? Age discrimination? Legal aid? What planet are you from?

Nobody gives a fuck.

Re:one word: Barbecoa

[ShaunC]

You'd think the young would suffer from age discrimination just as much as the 40 and up crowd.

When it comes to employment in the US, the young are expected to work for peanuts in exchange for gaining experience. They also tend to be mostly part-time, owing to other responsibilities like schoolwork, and therefore aren't eligible for those pesky socialist expenses like vacation time or health insurance. The 40 and up crowd faces discrimination because they already have the experience to demand fair compensation (and benefits) for their time.

Employers love young workers. If more companies could figure out how to run their entire operation on the backs of teenagers working 20 hours a week, they'd gladly do so.

Ain't surprised

[ls671]

This doesn't surprise me. I run modsecurity WAF and iptables, yes I know but iptables does the job for now, with custom rules and logging policies and it is amazing to see how many so called legitimate sites have been owned.

I used to contact site admins and participate in exchanges of offending IPs but I gave up a long time ago to run my own countermeasure system.

Boy we went a long way since the beginning with regards to that.

Re:Ain't surprised

[hcs_$reboot]

iptables does the job for now, with custom rules and logging policies and it is amazing to see how many so called legitimate sites have been owned

Hmm so with iptables you can detect and block JS injections in a page...?

Re:Ain't surprised

[ls671]

yes but it is much easier to to it with mod_security, as mentioned in my OP, for my users and to make sure we ain't serving any.

Re:Ain't surprised

[CastrTroy]

One of the hosting companies I used a decade ago got hacked, causing every page to contain maláfare. I tried contacting them to get it fixed but nothing worked. I ended up having to switch hosting companies because of that problem. But I learned a good lesson. It's not a good idea to go with bargain basement hosting companies. I wonder if this is a similar issue.

Re:Ain't surprised

[Lumpy]

A lot of people hate GoDaddy for good reasons, but they do respond to that kind of stuff fast. I have had far more trouble with the little guys than the big behemoth.

Better Than His Usual Slop

Quite possibly the only edible thing he's ever served.

Re:Better Than His Usual Slop

[ls671]

That's a good one! ;-)

I am a French chef from France and it dates back to around 1500; we used to say that all an English chef could cook was oxtail and the like. Of course, this is full of BS but hey, this constitute sane competition.

 

Re:Better Than His Usual Slop

[hcs_$reboot]

all an English chef could cook was oxtail and the like. Of course, this is full of BS

You mean an English chef cannot even cook an oxtail?

Re:Better Than His Usual Slop

[PolygamousRanchKid+]

all an English chef could cook was oxtail and the like

Actually, before Jamie Oliver meddled in, the English chefs at schools could serve up a wonderful meal of Turkey Twizzlers, Heinz baked beans, fresh, right out of the can, and chips (UK), French Fries for the rest of the world. "French" Fries were actually invented in Belgium, which any Belgian will tell you, again and again. And then one more time, again. Eating fries in Belgium is quite a treat, because they offer different sauces that you can have on top. Not just the mundane ketchup or mayonnaise, but something like a Tex-Mex salsa . . . with mango!

Well, anyway . . . Jamie Oliver fueled an anti Turkey Twizzlers campaign, an they are gone now. And instead, the children in the UK get fed boiled Brussels sprouts and spinach.

"Mopsy! Flopsy! Cottontail! . . . your dinner is ready!"

So I could imagine that some angry UK school kids were the culprits behind this hacking. They wanted Turkey Twizzlers . . . but they got Jamie Oliver cattle feed instead!

Re:Better Than His Usual Slop

[Teun]

Hmm, an oxtail full of BS, that Shit must have been from before the Bull was castrated and became an Ox :)

Luckily you mentioned 'around 1500' so we knew this was Old Shit.

Re:Better Than His Usual Slop

[Ol+Olsoc]

That's a good one! ;-)

I am a French chef from France and it dates back to around 1500; we used to say that all an English chef could cook was oxtail and the like.

Since we're here in the offensive zone.......

In an ideal world ...

the policemen would be English

the car mechanics would be German

the cooks would be French

the innkeepers would be Swiss,

and the lovers would be Italian

In a living hell ... the policemen would be German

the car mechanics would be French

the cooks would be English

the innkeepers would be Italian

and the lovers would be Swiss

How will Morrissey comment this?

[ZeRu]

I think that he's dancing somewhere right now.

Worm:Win32/Dorkbot.A Description ..

[lippydude]

"Once executed, Worm:Win32/Dorkbot.A .. modifies the certain registry entry to execute the malicious file every time Windows is started" ref

Re:Worm:Win32/Dorkbot.A Description ..

[LMariachi]

Pretty rude to name malware after a well-established series of tinker meetings/presentations (that's been going on since before anyone started using the word "maker.")

Re:Worm:Win32/Dorkbot.A Description ..

[LMariachi]

(in a non-Dune related context that is)

Re:Worm:Win32/Dorkbot.A Description ..

[Registered+Coward+v2]

Pretty rude to name malware after a well-established series of tinker meetings/presentations (that's been going on since before anyone started using the word "maker.")

Sounds like dorkbot has a legal course of action for trademark infringement and tortuous interference with business since no one would want to go to their meetings for fear of catching some virus.

BTW - what is the HTML tag for sarcasm for the humor impaired?

Re:Worm:Win32/Dorkbot.A Description ..

[ArcadeMan]

Once executed, Worm:Win32/Dorkbot.A .. modifies the certain registry entry to execute the malicious file every time Windows is started"

Great, no support for Mac and Linux. Again.

Re:Malware is NEWS NOW

[malditaenvidia]

Please stop recommending Ghostery, it is made by an advertising firm.

missed opportunity

Should have redirected to mcdonalds.com

Link (very odd criticisms, too)

[bradley13]

Jamie Oliver's butcher's forced to close after hygiene inspection

Key bits from the article: "the score for the January 8 inspection is listed as of 1 out of five with the comment: 'major improvement necessary'." and "one of only 19 out of 1,659 food outlets in the City to receive an 'A hazardous' rating".

This sounds pretty damning and pretty embarrassing. That said, there are some odd things. One of the complaints was mold on aging beef, but - depending on what you are doing - mold is part-and-parcel of the process (and the butchery claims that this was the case). Another funny point: the butchery voluntarily closed following the inspection to fix the issues mentioned. It reopened "several hours" later. If the issues could be fixed in a few hours, they were pretty much cosmetic problems.

So what to think? I figure it's 50/50 whether there were real problems, or whether this was a politically motivated inspection. Or maybe the inspector didn't get his free steak.

Re:Link (very odd criticisms, too)

Or you could think that they voluntarily closed, did some cosmetic things, and opened the moment the inspectors left, but it's still a health hazard?

Re:Link (very odd criticisms, too)

Oliver has pissed off a lot of people in the processed food industry both sides of the Atlantic.

The butchery voluntarily closed down for less than 24 hours before it was given the all clear again. But that doesn't stop the processed food industry shill and celeb-hating people dragging the same thing up to discredit the man.

It doesn't matter whether your like the cockney twat or not, the shit served in schools is disgraceful and the 35p budget per kid is terrible, especially when the same dinner is charged out at £1.75 to the parents that don't get benefits or have kids above year 2 for the exact same fucking food.

Re:Malware is NEWS NOW

[drinkypoo]

Please stop recommending Ghostery, it is made by an advertising firm

What do you contend that it does wrong?

Re:Malware is NEWS NOW

[hawkinspeter]

Is there anything wrong with the way it works or is it just the advertising firm that you don't like? I've been using Ghostery for ages and haven't encountered problems with it, so I'm curious.

Tsk...

After the recent news from Russia about HDs having Trojan from our dear NSA (disclaimer: I'm not from the USA), expect more news about infections from French, English cooks, the Swedish Kennel Club and even those pesky kids from the Mystery Club.

citation *not* needed

[QuasiSteve]

[citation not needed]

The citation isn't needed not because that rant-with-a-personal-slant didn't require citation, but because it's off-topic. I'm not sure how his comment got modded 'Informative' - unless this is not Slashdot, but Buzzfeed, or Us magazine or some other gossip rag.

Without defending whatever nastiness went on in his restaurants, how does that relate to malware being on a website? It's highly unlikely that he personally oversees the restaurants, and even less likely that he personally oversees the website. At best one can fault him for having certain ideas about how to run things, that in turn lead to both restaurateurs and webmasters cutting corners and dropping the ball.

What's next? A report comes out about Forbes being hacked ( http://www.forbes.com/sites/th... ) and we point out how they let an article that was then vastly criticized by its subject ( The Oatmeal - http://theoatmeal.com/blog/tes... ) through as some sort of 'goes to character and general reputation'?

Re:citation *not* needed

[Lumpy]

You are new here so you don't understand the fact that Buzzfeed and all the rest got their commenter styles from Slashdot.

This place is the birthplace of all that. Learn your history N00b!

And if we catch you reading the article again before posting, there is going to be trouble with Taco and the gang giving you a visit...

Wait, we don't have Taco and the gang anymore.... Damn this place has gone down hill....

The modern web runs on javascript

Blocking scripts is deeply problematic. The modern web runs on javascript. Luddites who say things like "block all javascript" are attempting to hide in a simpler time when the web was straight HTML and images.

I for one like my online applications, HTML5 awesomeness and the promise of the new web.

So how would you advise say, my mom, on which scripts to block?

Re:The modern web runs on javascript

He wouldn't. He's a typical computer nerd who can only think in terms of his incredibly narrow, 0.001%, view point.

Re:The modern web runs on javascript

Blocking scripts is deeply problematic. The modern web runs on javascript. Luddites who say things like "block all javascript" are attempting to hide in a simpler time when the web was straight HTML and images.

It's a fucking recipe for a pork roast.

It doesn't need to be anything more than HTML and images.

Javashit may be secure, but it's a fucking malware vector that is used to deliver attacks via less-secure technologies like Flash, Silverlight, and Java. Fuck your modern web.

Re:The modern web runs on javascript

[sexconker]

It's a fucking recipe for a pork roast.

It doesn't need to be anything more than HTML and images.

What if I want to convert to/from metric units? With Javascript I can click a button and have the page change all the values. Without Javascript I'd have to click a link instead!

What if I want to adjust the number of servings? With Javascript I can type in a value for servings and have the page tell me I need 2 and a half eggs. Without Javascript I'd have to type in a value and then hit the Enter key or click a Submit button!

What if I want to read user comments about the recipe? With Javascript, I can click a "Show Comments" "link" and just wait for the page to load comments. Without Javascript I'd have to click a "Show Comments" link and wait for the page to load comments!

What if I want to rate the recipe? With Javascript, I can give it a thumbs up or thumbs down, or give it 3.5/5 stars or little chef hats or whatever cutesy icon they want. Without Javascript, I'd have to click a button or use a drop down!

Re:The modern web runs on javascript

[spazzmo]

So you have nothing to offer?

But How Long

How long does it take to infect the visitors machine? 15 minutes, 30 minutes, or the lengh of a whole program slot of 45 minutes? Is there a timer available, or seasonal theme song?

ad block?

People still browse websites without updated anti-virus software, Ad Block and No Script for Firefox? I'm shocked.

GCHQ in motion

Britain is the land of the Orwellian Nightmare, and GCHQ makes the NSA look like the pikers they are.

The filthy Jamie Oliver is a front-man propagandist for Tony Blair, and has been instrumental in Blair's 'Academy School' project. Millions of children and their parents face daily, in-your-face, abuse of their personnel choices via 'NANNY STATE' methods directly promoted by Oliver. It is a standard method of PSYCHOLOGICAL GROOMING where a citizen, like a prisoner, purposely has all their decision making rights removed.

Snowden revealed the unthinkable extent of the West's TOTAL SURVEILLANCE activities. The Russians recently proved that every piece of PC hardware is designed to allow unblockable government spying (the GCHQ malware that hides in your HDD only works because Intel ensures all PC bus protocols give ANY computer attached to ANY bus (USB/SATA/IDE/PCI) the ability to master any other device in the PC).

To counter the truth, the filth in power in the USA and UK employ legions of TROLLS to flood forums like this with the old 'tinfoil' crap. They rely on the fact that you BETAS have the memory of a goldfish, and even if you bothered to read revelations from peeps like Snowden, you've forgotten all the proven details a few months later.

Talking about that Demonic War Criminal FILTH, Tony Blair- to show how sick the world really is, that bastard has just got a contract to 'promote' Serbia- the same Serbia where Blair gave the instruction to MURDER an entire civilian TV centre full of civilian workers. But then again, how many of you Bets here ever recall when Blair butchered a TV Centre, because he didn't like what they were broadcasting about his bombing of civilians in Kosovo and Serbia? You are probably too busy dribbling about 'Charlie Hebdo', and those 'horrid free-speech-hating Muslims' to recall how Blair and NATO handles the issue of 'free speech'.

Jamie serves up malware

[DanielOom]

Do you want fries with that?

Mobile permissions

[phorm]

The sad part is that Blackberry, which preceeds both iOS and Android devices, did the permissions/request model best. Unfortunately they underestimated the power of "apps" and a touchscreen, and for whatever reason the other vendors went with a more lax permissions model (that said, Android is decent when rooted with some 3rd party stuff, but it's hardly an option for the average person).

Re:Mobile permissions

[Dahamma]

Yeah, but saying Blackberry in the distant past did permissions best is like saying your toaster did permissions best of all your kitchen appliances. With great features comes great responsibility...

Re:Mobile permissions

[phorm]

Except that BB STILL has one of the best permissions models...

And my toaster DOES have the best permissions. Toast goes in, it toasts. No internet access :-)

There's no reason other smartdevices couldn't have used a similar permissions model to BB.

Re:Mobile permissions

[Dahamma]

And my toaster DOES have the best permissions. Toast goes in, it toasts. No internet access :-)

I wouldn't know, I dumped my "feature toaster" years ago for a toaster oven...

Re:Mobile permissions

[phorm]

Ironically, the one thing that I've toaster ovens don't do quite very well is make toast. The only one I saw that did toast half decently was my grandmother's toaster oven that actually had a toast slot that popped open in the top (and the burners tilted when it was in "toast mode").

Re:Mobile permissions

[Dahamma]

My toaster oven makes toast almost as well as my iPhone makes phone calls. Which, with AT&T, usually burns everyone involved most of the time...

Hosts files to the rescue... apk

Adding these sites to your hosts file stops this threat cold:

0.0.0.0 www.jamieoliver.com
0.0.0.0 jamieoliver.com
0.0.0.0 antkai.com
0.0.0.0 rkgizp.lioretasoped.xyz
0.0.0.0 lioretasoped.xyz
0.0.0.0 bestwaytosearch.com
0.0.0.0 xml.2x2click.com
0.0.0.0 2x2click.com
0.0.0.0 jmpdirect01.com
0.0.0.0 www.advconversion.com
0.0.0.0 advconversion.com
0.0.0.0 jmpdirect01.com
0.0.0.0 b.scorecardresearch.com
0.0.0.0 scorecardresearch.com
0.0.0.0 fugupdates112.com

---

SOURCE = https://blog.malwarebytes.org/...

* :)

(Enjoy!)

APK

P.S.=> For the best possible hosts file vs. this threat & others like it, & for adding more speed, security, reliability + more?

APK Hosts File Engine 9.0++ SR-1 32/64-bit -> http://start64.com/index.php?o...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl... & MalwareBytes = BEST antivirus http://www.av-test.org/en/news...

... apk

Hmmm

Is that with fries or rustic potatoes

Hmmm

[ericjlawson]

Is that with fries or rustic potatoes