Good work, Douglas! Best,
Jerry Daniels Use tRev's buy link during your free trial to get 20% off: http://reveditor.com/tag/shouldiswitch On Apr 7, 2010, at 7:07 PM, Douglas <[email protected]> wrote: > OK, the subject got your attention. (or perhaps it just put this straight > into your spam or trash?) > > Honest, it's not quite what you think! It is quite a long story, but it DOES > have something to do with using RunRev - please bear with me. > > Britain's biggest cable network supplier VirginMedia had a little problem > last weekend, but they don't want anyone to know. > > Last Friday (2nd April) I discovered their website (virginmedia.com) was > littered in scripts that would start a malware trojan download on to users > computers. > I put in a report through their "security" system and expected it to be > looked into quite quickly. > Then, 5 hours later, as nothing at all had happened on site and users were > presumably still getting infected I put a 2nd report. > Then the next morning a 3rd report. > Finally, I started informing the anti-virus companies in the hope that they > would force Virgin into action. > > I managed to get the warning systems for the Firefox and Safari browsers > which use Google info for blocking bad sites to block parts of the site after > getting Google to scan the site. > See the Google report at > http://google.com/safebrowsing/diagnostic?tpl=safari&site=help.virginmedia.com&hl=en-us > - out of the pages scanned, 18 had bad scripts! > I then sent a 4th report to virgin "security" stating that I had to go to the > community due to their inaction. > A few hours later, "closed for maintenance" notices started to go up on large > bits of the site. > > It took virgin "security" 5 days to reply to my reports! (After the site has > now been cleaned and the bad pages rewritten.) > I am now in the process of discussing security with the "security" team. - > possibly lucrative? > > Obviously, VirginMedia do not use any form of auditing software on their > website or they would have known that the infected pages had a different > checksum than the last time they were checked. > > I realise that there must be some form of proper auditing software available > for exactly this purpose. > There are obviously complexities involved to allow for authorised editing, > adverts etc., but the basic framework would be fairly simple wouldn't it? > I don't want to start working on this if it has already been done a thousand > times already! > > Hence the reason for this post - has anyone already done a similar app that > you know of? > > Douglas > > ps. McAfee were rubbish, even having reported this to them and the fact that > their anti virus/malware system allowed the malware/trojan to infect PC's. I > sent them the URLs of infected pages, signed up as a"SiteAdvisor" and > reported the site. > They STILL reported the site as safe all the way through on their > siteadvisor.com! > > > > _______________________________________________ > use-revolution mailing list > [email protected] > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-revolution _______________________________________________ use-revolution mailing list [email protected] Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-revolution
