I guess I'm just questioning the merit in picking on one site for this, unless we know it's got a particular problem. eWEEK (who I don't write for anymore) got hit with this in February. It lasted maybe 8 hours, I forget, before we really blocked it. I was the one who tracked down the source. I'm pretty sure the ad in that case was a completely phony ad (for Lacoste, the clothing company - an ad on eWEEK?), a plant to get the malware out. The malware was a PDF that exploited a vulnerability that was patched last July.
So should eWEEK be banned? If you're going to ban anything, ban the domains of the ad networks. But what really has me concerned here is that the Justice Department's malware management technique is to tell their users not to surf to a specific web site. That can't be an effective answer. They can't deal with this at the gateway somehow? Larry Seltzer Contributing Editor, PC Magazine [email protected] http://blogs.pcmag.com/securitywatch/ -----Original Message----- From: Dan Kaminsky [mailto:[email protected]] Sent: Friday, May 15, 2009 8:10 PM To: Larry Seltzer Cc: Gregory Hicks; <[email protected]> Subject: Re: [funsec] U.S. Attorney's office tells employees not to log on to Drudge Report I have no details on this particular hack, but ad networks have been a problematic vector for a few years now. In 2007, Dan Boneh's team spent $50 to test the potential of a Flash-based networking exploit. He got into 100,000 networks. On May 15, 2009, at 4:38 PM, "Larry Seltzer" <[email protected]> wrote: > Has it? I'd like to learn more but nobody's reporting any details. > What > was the malware? Is it still on the network? I've seem malware through > ad networks lots of times; are there other domains besides Drudge that > they're not allowed to view at DOJ? > > Larry Seltzer > Contributing Editor, PC Magazine > [email protected] > http://blogs.pcmag.com/securitywatch/ > > > -----Original Message----- > From: Dan Kaminsky [mailto:[email protected]] > Sent: Friday, May 15, 2009 7:35 PM > To: Gregory Hicks > Cc: [email protected]; Larry Seltzer > Subject: Re: [funsec] U.S. Attorney's office tells employees not to > log > on to Drudge Report > > To be fair, this has been a real problem. > > > > On May 15, 2009, at 2:31 PM, Gregory Hicks <[email protected]> > wrote: > >> >>> Date: Fri, 15 May 2009 16:07:58 -0400 >>> From: "Larry Seltzer" <[email protected]> >>> To: <[email protected]> >>> Subject: [funsec] U.S. Attorney's office tells employees not to log >>> on >> to Drudge Report >>> >>> http://www.politico.com/news/stories/0509/22574.html >>> >>> "Asked why the conservative-leaning news aggregator and President >>> Barack Obama critic was flagged by Internet security officials, >>> Tracy >>> Schmaler, a Department of Justice >>> <http://www.politico.com/news/stories/0509/22508.html> spokeswoman, >>> said it was because "a malicious code was found contained in a Web >>> ad >>> on Drudge."" >>> >>> How come only the DOJ knows about this and nobody else? >> >> Because the DoJ needed some excuse to tell the workerbees... >> >> >> --------------------------------------------------------------------- >> Gregory Hicks | Principal Systems Engineer >> | Direct: 408.569.7928 >> >> People sleep peaceably in their beds at night only because rough men >> stand ready to do violence on their behalf -- George Orwell >> >> The price of freedom is eternal vigilance. -- Thomas Jefferson >> >> "The best we can hope for concerning the people at large is that they >> be properly armed." --Alexander Hamilton >> >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
