Posted by Jason Remillard on Tue, Jul 13, 2010 @ 08:58 AM
Responding to increased attacks and more sophisticated
approaches by hackers, effective immediately ALL subscription packages from SSM will now be scanned for Malware at minimum TWICE a day.
Higher level packages will have the sites subjected to the scans three or more times a day. We are finding with external or even internally hosted ad networks, the prevalence of Malware insertions is increasing. As well, we are trying to confirm, but it looks like our friendly googlebot is getting more aggressive on the Malware detection stance as well, potentially putting your site at a higher risk of being 'caught' by Google.
So, at no extra cost, we've increased the frequency of all scanning options, and expect this to continue onwards.
PS> Don't forget to check out our latest product addition - The Secure WordPress Plugin - now with over 160,000 Direct INSTALLS!
Posted by Jason Remillard on Fri, Jul 09, 2010 @ 09:59 AM
--July 9, 2010.
SSM has officially taken over the support, stewardship and operational aspects of one of the leading security plugins for Wordpress today.
"As part of our community outreach program, we decided to work with Frank to transition the plugin to our development team. With over 150,000 downloads since he started it, we felt that this would make a significant addition to our service repertoire", stated SiteSecurityMonitor.com founder Jason Remillard.
"SSM is a leader in the web security space, and I've known 
Jason and his team for a while now. I feel comfortable that SSM will continue to develop the plugin and provide great customer support for it", added the original developer of the Secure Wordpress plugin - Frank Bueltge.
Financial terms of the deal were not disclosed. Product 
management details are still being worked out, primarily if this plugin code base will be merged with the original SSM plugin: WP Secure.
"Two things are certain in this deal: One, this plugin with continue to remain free to the community forever. Two, this plugin is an important step in protecting businesses from malware, security injections and other attacks. This product fits perfectly with our corporate mantra", continued Mr. Remillard.
Shortly the plugin will be revised to support two popular features from SiteSecurityMonitor.com - a free whole site Malware scan, and a complete Web Vulnerability and Penentration test. As well, all current and new customers will have access to the popular SSM Security Seal Program - this allows webmasters to put a security seal on their site demonstrating that it has (or is) being scanned and protected from Malware.
Existing and new customers may download the plugin directly at: http://wordpress.org/extend/plugins/secure-wordpress/ or learn more about it at: http://www.sitesecuritymonitor.com/secure-wordpress-plugin/
For more information or interview requests, email sales@sitesecuritymonitor.com, or call: 888-451-3338
Posted by Jason Remillard on Tue, Jun 29, 2010 @ 02:24 PM
In another recent posting of mine, I had mused about what BP could learn from our industry when we talk about issues like major security breaches, exposures, outages, etc. In essence, it was about – what is your communications, recovery and customer service plan in the event of an emergency.
Flash forward a few weeks and now looks like BP has a new figurehead in place of Mr. Hayward. I don’t know much, if anything about either gentlemen, but I do have this
concept about leadership and if they should be the ‘front man’ for the company. This is a challenge in many founder-oriented companies and I would offer has been an issue for many years.
The core question, put simply is: Can this person hand out hotdogs? As a concept, look at this person and could you see them behind the grill at the company barbeque (you have those right?), cooking and handing out hotdogs. He/she could also be cutting the cake, handing out ice cream, etc.
Skip past the mechanics of the operation for a second and look back through your past..
Can this leader ‘serve’ his employees with honour and dignity? Can she say thank you back, “No, THANK YOU!” to someone who says thanks for the crispy meat item. Does this person instil the true emotion of caring, thankfulness and appreciation for the people that make them possible?
In my career, its unfortunate to say, I’ve only met a few. The biggest claim to fame I suppose is the good Dr. Eric Schmidt when he was the CEO @ Novell.com. It’s a long story, but involves a couple of newly hired guys (me and another guy from Toronto), sushi and a mansion in San Francisco. Eric (I have a hard time not calling him Mr.) eschewed everything that a leader should be, and that I will always carry with me – both as a goal, and as a role model. Can I see Eric handing out hotdogs and saying thank you? You betcha, and this would be why he, and others like him are the leaders they are today.
Sit back and look at yourself. Maybe your board has said ‘you’re not the right guy to be front facing’. Maybe you ARE more of a techie. Or perhaps you are a gogetter sales gal without an appreciation for HR or Finance issues. It’s ok!
Again, I suggest you look at yourself, or your current leader, or the leader of the company you’re thinking of joining, and ask the simple question: Can he handle handing out hotdogs?
Posted by Jason Remillard on Tue, Jun 22, 2010 @ 11:14 AM
New pricing and offerings coming in July...
As you may know, we've been running pilots of our new scanning technology and implementations - plus rejigging the user interface for site management.
We're pleased to announce that we've completed our pilot testing and are now going to enter our official productized mode!
So this means that:
* Full telephone support is included
* A new setup fee (that includes up to 5 hours of coding/consulting)
* Bi-daily malware scans!
So, if you wish to get the jump on your security needs, now is the time.
We'll be adjusting all pricing and setup fees July 1st, 2010 at 1AM, so you have 7 days!
Signup directly here!
http://www.sitesecuritymonitor.com/plans-pricing/
Or call directly 888-451-3338
Posted by Sam Leeson on Mon, Jun 21, 2010 @ 01:53 PM
I've been rolling this blog post around in my head for a week or so. I mean really, what can one say about on-line porn sites and security that hasn't already been said? Most of us know that if we decide to spend time surfing around in the "less desirable" areas of the internet then we are opening ourselves up to the risk of malware infiltrating our computer and infecting everyone we know with viruses.
If this information is understood and we know that we are putting ourselves at risk then it can't be a surprise, with all of the "free" adults-only websites there are out there, that "malware distribution itself appears to be the only profitable sideline for the adult industry." So, what do you need to know?
One group with collaborative efforts from members at Secure Systems Lab, Technical University Vienna, Institute Eurecom, Sophia Antipolis and University of California, Santa Barbara decided to create and operate two different "adult web sites." They performed a series of experiments and ran a "security analysis of data obtained from web site visitors," which allowed them to assess and evaluate "remote vulnerabilities of visitors and possible attack vectors."
One of the scariest parts of their findings was just how inexpensive, and therefore lucrative, it can be to take advantage of site visitors citing that they "could potentially exploit more than 20,000 visitors by spending only $160."
In short their research lead them to conclude that "many adult web sites try to mislead and manipulate their visitors, with the intent of generating revenue . . . [by employing techniques, which] range from simple obfuscation [like] blind links . . . to sophisticated redirector chains that are used for traffic trading. Additionally, the used techniques have the potential to be exploited in more harmful ways, for example by facilitating CSFR attacks or click fraud."
No one is suggesting you should remove any specific website content from your "favourites" menu, we are simply offering a gentle reminder that someone can always see what you are doing and where you have been as long as they have the know-how and access to your system.
At the end of the day, YOU might not catch anything while surfing around on-line porn sites, but your computer might! As with anything, vigilance is key; don't forget to practice safe surfing. Fill out the free form on the right side of your screen and have your first malware and vulnerability scan done now and see how safe your computer environment is.
Posted by Sam Leeson on Thu, Jun 17, 2010 @ 03:22 PM
While reading through blog posts this morning I was greeted with this one from
Acunetix indentifying reasons why consumers should be wary of "[hopping] aboard the Web Vulnerability Scanning bandwagon." Their article raises several valuable reasons as to why deciding to repair your own system may be more harmful than helpful. What the article did not describe was why services like ours at SiteSecurityMonitor.com are an essential tool for large and small companies alike.
When you register with SSM you can be sure that you are not only scanning for website vulnerabilities within your own system but also that you are seeking out and identifying malware that may have infected your entire network. Because the whole focus of SSM is to be able to identify malware and vulnerability issues within the sites of our clients we are able to direct all of our resources to continuously update and remedy the ever-increasing number of viruses set to damage a website.
Certainly I can support the idea that Acunetix raises about how easy it is to find, buy and use an "outdated, unproven, ‘free' scanner" and that's why we are here. There are so many options out there that it can feel overwhelming to know where to begin to look for help. That said, these days with the media outlining how easily hackers seem to be getting a hold of large companies like Adobe and Apple's iPad then why wouldn't you be anxious about the safety of your own website?
If you aren't sure about the services we offer then I encourage you to give us a try before you commit. Fill out the "Get A Free Scan" form on the right side of this page and let us tell you what we find. According to clients like Jack Summers, of Radioworld.ca, the research shows that "SSM earned high marks are the most community-oriented and helpful solution in the [malware and vulnerability scanning] industry." Let our service speak for itself.
Posted by Sam Leeson on Mon, Jun 14, 2010 @ 03:30 PM
If your day starts anything like mine then you open up your favourite RS
S feeder and filter through a significant number of blog posts and newspaper articles related to hacking, hacker, malware and website infection. In fact I am able to be specific enough with my reader to have it show me whenever people write to Google, Badware Busters, LinkedIn, etc. to ask what they should do when their site has been flagged as being harmful or potentially dangerous. And I am able to direct the infected parties toward the SiteSecurityMonitor's web site and free initial scan.
In the past SSM customers would register for the free scan, see what a boon having the protection and seal of protection was for their site and many would become members and pay to have a regular system analysis performed. Once they became our customers then they would receive a regular report to let them know where their site housed infections or vulnerabilities. We all know what happens when a website gets hacked. 
As Regina Smola, WordPress Security Expert, suggests, "it puts the webmaster in a tailspin, wondering what to do and what files have been infected. It puts the webmaster at risk of infecting their site visitors, getting blacklisted from search engines, and losing their website's trust and reputation. A hacked website requires an immediate response... detect, clean and close the vulnerabilities."
We have found our customers want the scan done and then, once they have made the necessary repairs to their content, they are interested in ensuring they have removed all of the malware. They want another scan done sooner rather than later. In the past SSM offered the scan to be completed on a regularly set schedule and the customer would have to wait to have a chance to see if they were in the clear. Now we have a new option for SSM service users; a rescan button right on your My Site Reports page.
This is just the latest way that we can meet the needs of our growing client base. Smola, an SSM customer since [date] continues to be a fan of our services too. She encourages WordPress users to have their "website scanned at Site Security Monitor" and adds that it is the "first step to a safer and successful website."
Posted by Sam Leeson on Fri, Jun 11, 2010 @ 07:56 AM
Mention "the cloud" and many who are not heavily involved in the preparation and creation of internet-based resources will turn their heads skyward. To be fair, cloud computing can be a difficult concept to grasp even for those who work within the IT industry because it is something we can't see or even access in a physical space.
So what is cloud computing? Well, according the Wikipedia it is, "Internet-based computing, whereby shared resources, software and information are provided to computers and other devices on-demand, like electricity." And Wiktionary defines it as "computing in which services and storage are provided over the Internet (or "cloud")."
What does this mean for the average cloud consumer? It means lower overhead costs related to housing infrastructure onsite for meeting the demands and needs of customers. Not having to purchase and maintain hardware and software means
a financial savings for the company, which in turn is able to be passed along to the consumers as money left in their own pockets.
SiteSecurityMonitor.com's Jason Remillard took part in a Live Chat with Financial Post Executive Editor John Turley-Ewart on May 26, 2010 to answer questions about how "cloud computing is opening doors of opportunity for large and small companies alike." He, with Prof. Henry Kim, took the time to outline the financial, environmental and time-saving benefits of using the cloud as well as some of the potential challenges which may arise from use of such a service.
Posted by Jason Remillard on Thu, Jun 10, 2010 @ 09:03 AM
As I watch the debacle unfold in what is quickly becoming widely known 
as one of the worlds worst environmental disasters - I watch with interest the actions of Mr. Hayward - the CEO and pointman for the BP Company.
Since I've been working part/full/over-time on my Executive MBA for the past year, leadership and its attributes and different flavours has been a subject of interest for me recently. Watching Mr. Hayward, and his reactions will be fodder for business schools for the years to come and judging by the recent lashing he's receive from Harvard Press - it probably won't be pretty.
We can talk about the horrendous impacts on the environment, lifestyles and in some cases, the very being of many communities along the shore for hours. Being an amateur suba diver and lover of all things water-based, I'm aghast and personally very afraid for the aquatic ecosystem going forward.
However, the Harvard article tweaked something in me - more of a case of deja vu really. When we look at other 'wide spread' issues - such as massive data breached or widespread malware infections - we see alot of the same actions of management. To be sure, academia has done alot of work in this area - the 5 steps of disclosure - lie first, slowly admit, backpeddal, sweep, etc.
Just look at the current state of our own industry! Over the past 6 weeks, GoDaddy has been suffering massive attacks of malware and wordpress cracks. 100's per minute sometimes. Watching their actions on their forums, and how they've handled some of the customer issues reminds me of the need to have a proper disclosure procedure built into your operational processes. For sure not the first time, but GoDaddy should have some experience in this area and be a leader for others to follow in this regard. Everyone has problems. Sometimes the problems are too hard to fix, or hydrates get in the way and mess up great plans. Other times, you need to buy yourself time to let your experts settle in and figure out just what is going on.
Either way, the crisis consultants have methodologies for dealing with these sort of things (I'm sure Tigers' consultants are looking for work now) - and it's something we as professionals and service providers need to look more seriously at. Witness the recent activitiy around Adobe... They admit to the issues (finally), but as of yet, still don't produce a patch to potentially offset MILLIONS of infections around the world.
It saddens me to say, but perhaps what is really needed here is some good solid case law to remind vendors and service providers of their responsibilities. Sometimes it seems that the only way to get business to move in a more ethical and responsible manner is to add a financial metric to it. McDonalds reduced the high temperature of its coffee due to lawsuits. Tylenol introduced seals caps in the 80s due to the lawsuits there.
So do I think BP could learn from our industry on incident and emergency response? To be sure, they are very different industries, impacts and processes. However, for me, the responsibilty of business to be protective of their clients, supportive and acknowledging of client concerns and responsible for their actions. These actions set businesses apart from all others organizations apart from others - and in the long term - is a great sustainable business activity sure to pay dividends (monetarily and sociality) in the future.
Posted by Sam Leeson on Mon, Jun 07, 2010 @ 11:18 AM
Everywhere we turn in the recent weeks we are reading articles, blog posts and social media updates about frustrations consumers are having with Adobe products. This comes in light of the Kaspersky Lab report titled "Information Security Threats In the First Quarter of 2010" indicating that Adobe products are the number one choice for hackers and virus writers around the world. Adobe went so far as to announce, late Friday, that they know about that holes being exploited in their Flash Player and indicated that, as yet, as patch was not available.
What I glean from the comments I've read is that individual consumers are surprised that their sites are being targeted just as frequently as the "big companies." Too often we make the assumption that because we are small, we are inconsequential and therefore uninteresting and unappealing to the hackers and malware-spreading individuals of the world. This is no longer the case. The people who are looking for targets generally have plenty of time and patience on their side 
so they can hit anyone with access to the internet through a blog posts, website visits, or click-through ads. Many of these sites utilize services offered through Adobe and other "big name" companies and so if there is already vulnerability there, you are unwittingly subjecting yourself and anyone who visits your site to an attack. J. Sadowsky, from http://www.partyinnovations.com/ thought he was protected by using McAfee security solutions but only managed to become completely free of site attacks when he began our program utilizing both the malware detection coupled with our vulnerability scanning services.
Regina, from WPSecurityLock, makes every effort to ensure that blog writers using the WordPress platform have all of the information they require to keep their posts safe from attack. Regular readers of her site will also note that she even writes about any potential exploitation she comes across.
Do not assume that simply because you are small, you do not have power. Be it good or bad, you wield more power than you think.