Nu är jag äntligen tillbaka och bloggar. Förra veckan var jag bra hängig tack vare en förkylning, men den är på väg bort nu. Skönt! Det hände dock lite grejer förra veckan som jag ska ta och skriva om.

I onsdags ringde hon som jag praktiserade hos i somras och sa att det var något konstigt med hennes webbsida som jag gjorde åt henne. Jag gick in för att kolla detta och då hade Google stoppat trafiken till hennes sida och skrivit att webbplatsen du vill besöka kan skada din dator. Jag började kolla upp detta och laddade hem alla filer till min dator och öppnade upp dem i dreamweaver. Jag behövde inte leta länge förrän jag hittade den skadliga koden i html och javascriptsfilerna. Det hade även lagts in en php-fil som man inte kunde ta bort. Det visade sig att någon/några jävla idioter har hackat och kapat sidan. Det hjälpte inte att jag laddade upp sidan igen utan den skadliga koden, för efter ett par timmar var skiten tillbaka igen. Så fort man går in på hennes webbsida ser man hur statusen laddar vidare till en annan webbsida. Jag läste på om detta via en webbsida som Google länkar till StopBadware.org. Idioterna som ha kapat sidan har tydligen öppnat en bakdörr på webbhotellet som hon har sin webbsida på och styr sidan via en server någonstans i Ryssland eller Asien. Det scriptet som idioterna har lagt in kan vara så illa att det lägger sig på datorn och loggar lösen och inloggningsuppgifter för att sedan skicka vidare.

Jag ringde upp henne och förklarade vad hon skulle göra. Idag fick jag svar från henne och hennes webbhotell har rensat hennes utrymme, gett henne nytt lösen och förhoppningsvis stängt alla bakdörrar. Det jag gjorde efter att jag laddat upp hennes sida på nytt var att logga in på Google och verktyg för webbansvariga. Dör skickade jag in en begäran att de ska granska hennes sida på nytt för att se att allt står rätt till nu och att de kan häva blockeringen. Men än har Google inte hävt den och runt 18-tiden idag laddade jag hem hennes webbsida igen för att kolla koden och då såg den ut som vanligt. Nu är det bara att hålla tummarna för att detta förbannade problem är löst.

***************

I fredags fick jag svar på jobbet som jag sökt och gjort en presentation för. Det var negativt. Svaret jag fick var att just nu har de inget behöv av mina tjänster, men om det dyker upp något i framtiden kommer de höra av sig. Så kan det gå. Nu är det bara att leta vidare. Nu på onsdag ska jag iväg och träffa min kontaktperson på arbetsförmedlingen och diskutera min situation. Det är så att jag kollade med henne som jag praktiserade hos i somras om hon ville ta emot mig igen. Hon kan tänka sig att låta mig praktisera hos henne i fyra veckor och detta ska jag ta upp med arbetsförmedlingen. Jag ska även kolla med AF om deras starta eget kurs då jag har börjat tänka i de banorna nu när det är så förbannat svårt att hitta ett jobb. Det är bara att köra.

***************

Nu börjar silly-season ta lite fart inför att transferfönstret öppnas i januari. Det ryktas om att den turkiska storklubben Galatasaray vill köpa Iván Óbolo från AIK. Om det ligger något i detta får man nog veta inom en snar framtid. Just nu är AIK:s mästartränare Micke Stahre och AIK:s sportchef Björn Wesström i Brasilien och scoutar spelare. Om de nu skulle hitta någon spelare där blir det inget köp nu då de bara är där för att titta på några namn som verkar intressanta, och om någon spelare visar sig vara av intresse blir det förmodligen en resa till för Micke och Björn.

När det gäller andra spelare som är på väg bort från Gnaget sägs det att AIK:s succémålvakt Daniel Örlund är klar för den norska klubben Rosenborg och att AIK:s högerback Markus Jonsson kan vara på väg bort till den norska klubben Molde. När det gäller Örlund tror jag att han har spelat sin sista match för AIK, men när det gäller Jonsson får man ha lite is i magen om nu ryktena stämmer.

DUBBLA MÄSTARNA ÄR HÄR – AIK!!!

Det var allt för idag.

Adios!

30 minutes each week on data security, privacy, and the law….(plus or minus five)

On this week’s program:

* A double whammy…. two critical zero day attacks hit users of Microsoft products.

* A non-profit security group has a plan to fight web drive-by downloads.

* Our take on this week’s news.

–>NEW! Stream This Week’s Show with our Built-In Flash Player:

This week’s show is 28.5 minutes

–> Stream, subscribe or download Episode 61 – Listen or subscribe to the feed to automatically get the latest episode sent to you to your Google, Yahoo, iTunes, or other popular sites.

–>Tune into the show directly on iTunes, you can also subscribe to the program on iTunes.

–> A simple way to listen to the show from with stricter firewalls: Listen from Odeo. This site works better if you are behind a more restrictive enterprise firewall.

Please visit our sponsors, and be sure to let them know you heard about them on The Data Security Podcast:

• Vipre Anti-Virus, the complete Antimalware solution by Sunbelt Software. If you TRY the enterprise version, you get the home version for FREE! Go to: http://www.testdrivevipre.com .

• GamaSec Web App Scans: Spots cyber-hazards on your web site, and has advanced zero-day protection. GET YOUR FREE BASIC WEB APP SCAN, plus a special offer just for listeners to The Data Security Podcast. Go here to sign up, and add the offer code: Podcast.

• SonicWall;  Get the super fast UTM firewall that’s rated Five Stars (the Best rating) by Secure Computing Magazine.  Data Clone Labs is the premier SonicWall Medallion Partner for all your security needs.

• DeviceLock; Software that controls, manages and helps encrypt USB drives and other removable media. Get a free trial on their site, and be sure to let them know you heard about them on The Data Security Podcast.

Show Notes for Episode 61 of the Data Security Podcast

* Conversation:  StopBadware.org is a non-profit security group with a plan to fight web drive-by downloads. We spoke with Maxim Weinstein, the Executive director of the project. They will help you if your site is blacklisted, and they are looking for help from the security community in uncovering and fighting web drive-by downloads.

* Tales From The Dark Web: Two Zero Day Attacks in the news this week-

ActiveX  Video Flaw.  Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution. Option 1, apply the work around in the Microsoft Advisory, or upgrade all systems to Microsoft Internet Explorer 8. This Zero Day impacts users of Windows XP and Windows 2003 running IE6 or IE7. UPDATE: Microsoft’s “patch tuesday” (monthly patch cycle by Microsoft) includes a fix for this issue

Microsoft Office. Read the detailed SANS Internet Storm Center Alert: Vulnerability in Microsoft Office Web Components Control Could Allow Remote Code Execution.  There is a long list of Windows products impacted by this flaw. Be sure to go through the Microsoft Advisory.

* From The News: Does Google Know Too Much About You?  Read the details in Ian Paul’s story in PCWorld.

* From The News: Point; at Foxnews: Wireless Cybercriminals Target Clueless Vacationers.  Counter Point;  Summer Time, and Wireless Fear Mongering Is in the Air by Glenn Fleishman at WifiNetNews.

Parece que los chicos del “algoritmo mágico”, tuvieron ayer un fallo de los gordos, cualquier resultado de una búsqueda en Google mostraba una lista de URLs con el mensaje “Advertencia, si visitas este sitio web tu equipo puede resultar dañado”, en cada uno de los resultados mostrados.

Normalmente este mensaje lo muestra google para los sites que tiene marcados como sites maliciosos, esta lista de sites maliciosos la generan a partir de los datos suministrados por la organización sin ánimo de lucro StopBadWare.org, pero esta vez parece que alguien añadió una ‘/’ a la lista proporcionada por StopBadWare.org, provocando que se marcarán todas los sites como maliciosos, el fallo se prolongó aproximadamente durante 40 minutos.

Lo bueno de la noticia es la total transparencia de Google comunicando el error y las causas que lo generaron por parte de su VP, Search Products & User Experience, Marissa Mayer colgando un post en el Blog Oficial de Google , transparencia que contrasta con la de otras empresas, como el fallo que tuvo la web de BBVA el pasado viernes y del cual no se ha oído y/o escrito absolutamente nada.

(Vía Rafa Romero.)

It was bound to happen sooner or later.

How will Google, famed for being a great place to work, handle this internally?

GOOGLE’S GAFFE

—————-
LOS ANGELES — Google placed the Internet on a blacklist on Saturday, after
a mistake caused every website in the search engine’s result pages to be
marked as potentially dangerous.

The problem affected Internet pages across the whole planet, and lasted
for around 40 minutes before engineers were able to fix it. By then,
millions of users had been affected. The site receives several hundred
million queries each day.

The glitch centred on Google’s malware detector, designed to keep Internet
users from visiting sites Google believes may install malicious software
when browsed.

Google blamed “human error” when an engineer tried to add one web address
to the list of those deemed suspicious, and mistakenly added them all.
Google promised it would investigate the incident “and put more robust
file checks in place to prevent it from happening again”.

The incident occurred at around 2.40pm GMT (10.40pm Singapore time). The
simple typing error brought Google’s search engine to a halt, preventing
millions of people from finding web pages on the Internet.

Apart from lost advertising revenue — which an expert estimated at between
US$2 million ($3 million) and US$3 million — the incident is embarrassing
for Google, known for its reliability.

So popular is Google that it earned £3 billion ($6.6 billion) in
income last year.

Computer World gives a more detailed account:

January 31, 2009 (IDG News Service) Human error caused a search results glitch that returned the message “this site may harm your computer” for about an hour Saturday on Google’s Web site, the company said. The mistake was Google’s, not StopBadware.org’s, as was originally thought.

Google said it released an update Saturday morning to its list of URLs known to install malicious software and “unfortunately (and here’s the human error), the URL of ‘/’ was mistakenly checked as a value to the file and ‘/’ expands to all URLs,” Google Vice President of Search Products & User Experience Marissa Mayer wrote in an official Google blog post explaining the glitch. “Fortunately, our on-call site reliability team found the problem quickly and reverted the file.”

Mayer’s original blog posting about the incident made it sound like StopBadware.org was responsible for the error. StopBadware.org is a nonprofit organization that Google and other IT companies and academic institutions use to warn Internet users about sites known to install malware on computers that visit those sites. Mayer later posted an update clarifying that the problem was on Google’s end.

Mayer initially wrote that Google periodically receives updates to the URL list and had received such an update Saturday morning. Her revised blog post said instead that “we periodically update that list and released one such update to the site this morning,” and then spelled out the ‘/’ mistake.

After the first Google explanation went out publicly — and was circulated to reporters — StopBadware explained its side of the story on its own blog: “Google generates its own list of badware URLs, and no data that we generate is supposed to affect the warnings in Google’s search listings.”

Users who clicked on Google results during the glitch got an “interstitial” warning page saying that there could be malicious software at the site they were trying to reach and referring them to StopBadware.org for more information, the organization’s blog said. “This led to a denial of service of our website, as millions of Google users attempted to visit our site for more information,” it said.

StopBadware operates as a partnership among academic institutions, IT companies and volunteers. It is operated out of Harvard Law School’s Berkman Center for Internet & Society. Its site was back up and running Saturday, if slowly at times, given how many people were trying to obtain information from the organization.

In both the initial post and the update, Mayer apologized in her post to anyone who was inconvenienced by the glitch and to site owners whose pages were incorrectly labeled as being malicious. “We will carefully investigate this incident and put more robust file checks in place to prevent it from happening again,” she wrote.may be harmful to your computer.”

Some news reports earlier in the day said that Google had also stopped flagging known bad sites, but according to StopBadware that wasn’t the case and Google was correctly flagging those sites as malicious.

I have to qualify at this point that I like Google and what it stands for. But I question whether the true gaffe was the typo or fingering the wrong party.

Ieri pomeriggio (31 gennaio),  il motore di ricerca più grande e più importante al mondo è andato in tilt disorientando e allarmando tutti i suoi utenti nel mondo. Subito si è pensato a una grave azione di hacking o a un virus, ma dal blog ufficiale di Google (in un post scritto da Marissa Mayer, responsabile della Search Products & User Experience) si apprende che si è trattato di un banale errore umano.

Per impedire l’accesso a siti sospetti, Google adotta da anni un sistema di diagnostica che avverte gli utenti sui possibili rischi che corrono navigando in questi spazi web. Oltre ad avvertire il navigatore, il motore di ricerca blocca l’accesso diretto al sito. Ieri, per circa 40 minuti a partire dalle 15:30, chiunque avesse fatto una qualsiasi ricerca, avrebbe trovato una lista di soli risultati pericolosi.  Ogni link, infatti,  era accompagnato dalla frase “Questo sito potrebbe arrecare danni al tuo computer” e tutti i link erano bloccati. Per la prima volta dalla sua nascita Google ha avuto un black-out.

Ma perché è successo tutto ciò? La spiegazione è semplice: Google lavora in collaborazione con un ente no-profit,  Stopbadware, che si occupa  di compilare delle lunghe liste di siti pericolosi in base alle segnalazioni di varie fonti. Nell’ultimo aggiornamento di queste liste all’interno dell’algoritmo del motore di ricerca è stato commesso un errore e di conseguenza tutti i siti sono stati considerati come potenzialmente pericolosi.

L’indice di Google conta oltre 8 miliardi di pagine ed è considerato il più grande e affidabile del Web. Si occupa, infatti, di servire oltre il 70% delle ricerche effettuate su Internet a livello mondiale. Visti i numeri,  il black-out di ieri è stato uno shock per tutti e soprattutto per quanti identificano ormai in Google il Web stesso facendo del motore di ricerca il canale di accesso per ogni singola richiesta.

Tutti, quindi, sono rimasti perplessi e confusi di fronte a quei strani risultati, ma sopratutto si rimaneva increduli nel vedere che ogni sito Web era considerato pericolo da Google: uno scenario apocalittico si è aperto negli occhi di tutti gli internauti.

Adesso che è passata la paura, possiamo pure riderci sopra, ma per molti è stato traumatico pensare che il Web fosse totalmente e globalmente bloccato. Chissà che sorte spetterà al povero dipendente che ha causato tutto cio!?

Parece que los chicos del “algoritmo mágico”, tuvieron ayer un fallo de los gordos, cualquier resultado de una búsqueda en google mostraba una lista de URLs con el mensaje “Advertencia, si visitas este sitio web tu equipo puede resultar dañado”, en cada uno de los resultados mostrados.

Normalmente este mensaje lo muestra google para los sites que tiene marcados como sites maliciosos, esta lista de sites maliciosos la generan a partir de los datos suministrados por la organización sin ánimo de lucro StopBadWare.org, pero esta vez parece que alguien añadió una ‘/’ a la lista proporcionada por StopBadWare.org, provocando que se marcarán todas los sites como maliciosos, el fallo se prolongó aproximadamente durante 40 minutos.

Lo bueno de la noticia es la total transparencia de google comunicando el error y las causas que lo generaron por parte de su VP, Search Products & User Experience, Marissa Mayer colgando un post en el blog official de google , transparencia que contrasta con la de otras empresas, como el fallo que tuvo la web de BBVA el pasado viernes y del cual no se ha oído y/o escrito absolutamente nada.

…sind laut Google sämtliche Suchergebnisse, zumindest waren sie das Heute Nachmittag.

Die Ursache…

…ist die Liste mit Bruchstücken schädlicher URLs, die Google offenbar führt, und gegen welche alle Suchergebnisse geprüft werden. Aufgrund eines `menschlichen Fehlers` hat beim heutigen Update ein einzelner Slash (`/`) seinen Weg in die Blacklist gefunden – ein leider nicht seltener Bestandteil vieler gültiger URLs, vor welchen als Folge lauthals gewarnt wurde. Vollkommen unabhängig davon, ob nun Google selbst, die Wikipedia oder eine beliebige andere Seite das Ziel war, jede Webseite `kann ihren Computer beschädigen` und jeder Besucher bekam die Google-eigene Vorschaltseite vorgesetzt, auf der ausdrücklich vor dem Besuch der betreffenden Seite gewarnt wird. Nun, generell mag ja gesunde Vorsicht im Internet angebracht sein, besonders, wenn es sich um Google handelt…

…und die Wirkung…

…war letztlich nicht nur ein leichter Image-Verlust seitens Google und verwunderte, zuweilen entsetzte Äusserungen einiger Google-User in diversen Boards. Auch die Webseite des gemeinnützigen Projekts StopBadware.org, mit dem Google kooperiert, wurde für Stunden ausser Gefecht gesetzt – der Grund dafür war ein Link auf StopBadware, der auf der zwischengeschalteten Warnseite zu finden war und weiterführende Informationen versprach. Angesichts dessen, dass es wohl einige Besucher interessiert hat, warum die Webseiten ihrer Bank oder die Wikipedia urplötzlich ihren Computer gefährden sollen, war StopBadware.org in Folge einem typischen – nur `etwas` stärkeren – Slashdot-Effekt ausgesetzt, einem Besucheraufkommen, mit dem die Betreiber wohl schwer rechnen konnten.

Generell scheint fraglich…

…in wie weit die Erkennung `böser` Seiten seitens Google überhaupt wünschenswert ist – und das nicht erst seit diesem Vorfall. Jeder sollte wissen, dass man seinen Browser und die verwendeten Plugins auf dem neusten Stand halten sollte und von bestimmten, nicht näher zu erwähnenden Browsern, die in der Vergangenheit immer wieder durch über längere Zeit offene und währenddessen auch aktiv ausgenutzte Schwachstellen aufgefallen sind, Abstand nehmen soll – nicht weniger klar ist, dass man das seltsam anmutende Binary, welches einem eine Webseite automatisch zum Download anbietet, nicht herunterladen und schon gar nicht ausführen sollte. Für viele User ist dies selbstverständlich – für alle anderen besteht eine Gefahr ähnlich derjenigen bei der Verwendung von Malwarescannern oder Desktop-Firewalls: Aus einer Implikation kann stillschweigend eine Äquivalenz angenommen werden; warnt Google, ist die Webseite vermutlich `böse` (was man auch immer darunter verstehen mag…), warnt Google allerdings nicht, bedeutet dies selbstverständlich nicht, dass man nun jedes Binary, das einem die Webseite anbietet, blind herunterladen und ausführen soll. Ausserdem besteht die Gefahr einer `Brandmarkung` von Webmastern und ihren Webseiten durch falschpositive Treffer – was das bedeutet, muss nach dem heutigen Vorfall vermutlich nicht näher erörtert werden.

Tidligere i dag, oplevede rigtig mange af os brugere af google at hver gang man søgte, fik man resultatet:  ”This site may harm your computer” eller “denne side kan skade din computer”.

Google har nu i et blogindlæg forklaret hvad der skete. Der er sket en menneskelig fejl i opsætningen af deres “malicious software” bekæmpelse, og i opsætningen af denne, var der en medarbejder der var kommet til at får tegnet / til at stå på listen over de sider, som kan være skadelige.

Er du interesseret i at læse mere om googles ”malicious software” bekæmpelse, som de udvikler i samarbejde med stopbadware.org kan du læse om det på googles blog eller på blog.stopbadware.org

Sometimes you may have noticed “This site may harm your computer” appearing under individual search results on Google. Today I noticed it appearing under every search result, no matter what I searched for.

Some kind of hiccup down at the Google server farm? There was a generic error message that came up later, and now it all seems to be back to normal.

It’s reassuring to see that even Google can screw things up.

Update: as reported in The Register and LifeHacker

Google later put out the official explanation of what happened: human error. They’d entered / into their list of bad sites, which equalled all websites. Oops!

While cleaning out my old feeds yesterday, I came across an article from May about a new group which hopes to become “the CDC of cyber security.”

“The group calls itself the International Multilateral Partnership Against Cyber-Terrorism (IMPACT), and its advisory board features tech luminaries like Google’s Vint Cerf and Symantec CEO John Thompson.”

As the Ars Technica writer points out, this CDC-like approach of cooperating and sharing information and strategy to avoid catastrophic network-based attacks is probably a smarter approach to cybersecurity than the “nation-state-centric “cyber warfare” paradigm that is also emerging.” Although I’m still wary that an organization like IMPACT, which doesn’t include China and Russia, will be too centralized, it is certainly closer to the “rough consensus and running code” approach which characterizes the net.

Another approach to Internet security I recently learned about is OpenDNS which aims to speed up web-surfing and block malware sites. Unfortunately, because it is marketed as a solution to businesses, libraries and schools, administrators can also block innocuous sites like popular social networks. However, they have had great success so far (commercially) and use an intriguing community-based model to label suspicious websites – something which is much better than the secret blocklists of many filtering companies.

Finally, another approach which has gained some traction is StopBadware.org which is a partnership between academia, private enterprise and non-profits to identify “badware sites.” Most interesting is their partnership with Google who now warns search users that they may be visiting a badware site. In the coming months, expect more out of StopBadware.org, including the Herdict project which seeks to crowdsource security.

[See previous thoughts on cybercrime here.]

Update: See Cory Doctorow’s word of caution regarding unintended consequences of fighting malware (in this case spam).

Update II: More news on Federal involvement in cybersecurity.

Udah lama ngeh kl blog saya yang lain ada ‘badware’ nya.

Dulu  ‘udah ngadu’ untuk di rehabilitasi tapi ternyata baru di tanggapi sekarang dan akhirnya.

Dapat surat cinta dari stopbadware :

We have received and processed your request for review of your website, rasyid.net/.  Google’s most recent test of your website found no badware behaviors on the site.  As such, the Google warning page for your site has either already been removed or should be removed shortly.  In addition, if your site has been listed in our Badware Website Clearinghouse, we will remove your site from the Clearinghouse list.

Sometimes website owners are confused about why Google placed a warning in the search results for their site.  In many cases, a website run by an innocent site owner has been hacked by a malicious third party, causing the site to distribute badware without the site owner’s knowledge.  If your site was distributing badware because it has been hacked, then simply removing the bad code from your site is not enough to keep your site clean in the future.  You will also need to work with your hosting provider to fix all security vulnerabilities associated with your site.

Please note that we will be retesting your website at periodic intervals in order to monitor that it remains free from badware.  If we find that you are hosting or distributing badware in the future, the reviews process may take considerably longer than the original review.

Answers to commonly asked questions from site owners who are the subject of Google warnings can be found at:  http://stopbadware.org/home/faq#partnerwarnings
For tips on keeping your website clean and secure, please visit:  http://stopbadware.org/home/security

The StopBadware Team

Efek yang terasa visitor dari google gak sungkan lagi tuk berkunjung hehehehe.

kembali ke server.

Şu linke tıklayın ve Google’ın söylediğine bakın. Google, zararlı içerik barındıran siteleri işaretliyorve kullanıcılar bu sitelerden birine, Google üzerinden girmek istediğinde bir uyarıyla karşılaşıyorlar. “Kötü Amaçlı Yazılım Uyarısı” adı verilen bu sistem ile, zararlı içerik yayınlayan sitelerden koruma sağlanmaya çalışılıyor.

Eğer yukarıdaki resimdeki uyarıyı dikkate almadan linke tıklayıp devam etmek isterseniz de aşağıdaki gibi bir sayfa karşılıyor sizi.

Tabiki uyarılara aldırış etmeden, linke tıklayıp siteye gidebilirsiniz de, ancak Google bunu önermiyor. StopBadware ile beraber çalışan Google, kullanıcılardan gelen geri bildirimler ile bu siteleri test ediyor ve hakikaten bu sitelerden zararlı yazılımlar yayılıyorsa, bu siteleri arama sonuçlarından ya tamamen çıkarıyor, ya da bahsettiğim gibi bir uyarı ile kullanıcıları korumaya çalışıyor. Ayrıca, söz konusu site eğer bu uyarıyı dikkate alır ve zararlı içeriği sitesinden kaldırırsa, Google bunu da, yapılan geri bildirimler ile takip ediyor ve gerekirse siteyi “zararlı” kategorisinden çıkartabiliyor.

You can choose to continue to the site at your own risk. However, please be aware that malicious software is often installed without your knowledge or permission when you visit these sites, and can include programs that delete data on your computer, steal personal information such as passwords and credit card numbers, or alter your search results. For more information on these types of sites, please visit StopBadware.org

Eğer bu şekilde zararlı yazılımlar (virüs, trojan v.s) yayan sitelere rastlarsanız şuradaki form ile bu durumu Google’a bildirebilirsiniz. Ayrıca, bu rapor ile spamdan içerik hırsızlığına kadar bir çok konu hakkındaki şikayetlerinizi de Google’a iletebilirsiniz. En azından insanlık vazifemizi yapmış oluruz ki başka kullanıcıların canları yanmasın. Bu gönderilen raporlar biraz geç incelense de kesinlikle dikkate alınıyor. -zamanında içeriğimi copy-paste şeklinde çalan bir web sitesini bu şekilde raporlayarak 1 ay içinde SandBox’a girmesini sağladım-