Posted by Sam Leeson on Thu, Jun 17, 2010 @ 03:22 PM
While reading through blog posts this morning I was greeted with this one from
Acunetix indentifying reasons why consumers should be wary of "[hopping] aboard the Web Vulnerability Scanning bandwagon." Their article raises several valuable reasons as to why deciding to repair your own system may be more harmful than helpful. What the article did not describe was why services like ours at SiteSecurityMonitor.com are an essential tool for large and small companies alike.
When you register with SSM you can be sure that you are not only scanning for website vulnerabilities within your own system but also that you are seeking out and identifying malware that may have infected your entire network. Because the whole focus of SSM is to be able to identify malware and vulnerability issues within the sites of our clients we are able to direct all of our resources to continuously update and remedy the ever-increasing number of viruses set to damage a website.
Certainly I can support the idea that Acunetix raises about how easy it is to find, buy and use an "outdated, unproven, ‘free' scanner" and that's why we are here. There are so many options out there that it can feel overwhelming to know where to begin to look for help. That said, these days with the media outlining how easily hackers seem to be getting a hold of large companies like Adobe and Apple's iPad then why wouldn't you be anxious about the safety of your own website?
If you aren't sure about the services we offer then I encourage you to give us a try before you commit. Fill out the "Get A Free Scan" form on the right side of this page and let us tell you what we find. According to clients like Jack Summers, of Radioworld.ca, the research shows that "SSM earned high marks are the most community-oriented and helpful solution in the [malware and vulnerability scanning] industry." Let our service speak for itself.
Posted by Sam Leeson on Mon, Jun 14, 2010 @ 03:30 PM
If your day starts anything like mine then you open up your favourite RS
S feeder and filter through a significant number of blog posts and newspaper articles related to hacking, hacker, malware and website infection. In fact I am able to be specific enough with my reader to have it show me whenever people write to Google, Badware Busters, LinkedIn, etc. to ask what they should do when their site has been flagged as being harmful or potentially dangerous. And I am able to direct the infected parties toward the SiteSecurityMonitor's web site and free initial scan.
In the past SSM customers would register for the free scan, see what a boon having the protection and seal of protection was for their site and many would become members and pay to have a regular system analysis performed. Once they became our customers then they would receive a regular report to let them know where their site housed infections or vulnerabilities. We all know what happens when a website gets hacked. 
As Regina Smola, WordPress Security Expert, suggests, "it puts the webmaster in a tailspin, wondering what to do and what files have been infected. It puts the webmaster at risk of infecting their site visitors, getting blacklisted from search engines, and losing their website's trust and reputation. A hacked website requires an immediate response... detect, clean and close the vulnerabilities."
We have found our customers want the scan done and then, once they have made the necessary repairs to their content, they are interested in ensuring they have removed all of the malware. They want another scan done sooner rather than later. In the past SSM offered the scan to be completed on a regularly set schedule and the customer would have to wait to have a chance to see if they were in the clear. Now we have a new option for SSM service users; a rescan button right on your My Site Reports page.
This is just the latest way that we can meet the needs of our growing client base. Smola, an SSM customer since [date] continues to be a fan of our services too. She encourages WordPress users to have their "website scanned at Site Security Monitor" and adds that it is the "first step to a safer and successful website."
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 08:22 AM
One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we’ve written quite alot about customer-specific impacts when they are infected… The ‘results’ run the gambit of 1000’s of dollars of losses over time, loss of SEO rank, customer reputation, etc. However, one part that has been missing is the true impact around the realm of supporting actors in these instances.
For example, if there is a site that is infected with a simple malware redirect. Instead of only looking at the impacts directly to the website owner (which are onerous enough!), we’re starting to look at the impacts to the service providers for that customer.
It's not just the webhoster. It's the affiliates for that site that may lose sales. It's the adnetwork that is presented on that site that receives negative feedback for the ads being present on an infected site. It's the content readers that also receive the infection, or are impacted by the reduction in traffic. It's the direct advertisers that are affiliated with the website, that are now also negatively impacted on either/or image, reputation or traffic perspectives.
So we here at SSM are undertaking a small series of end-user surveys (specifically those that were impacted) about their total ‘experience’ with the solution. Questions like: Who did you call first? How were you told? Did your SEO rankings take a hit? Was your webhoster helpful? Did you switch hosts/designers/products based on the infection. What other steps have you taken, etc.?
Thus far (early in our survey), some interesting facets have already arisen.
Primarily:
1) Clients learned of their defacement primarily through their customers or colleagues. Because they don’t regularly monitor their site, they had no idea that they were infected.
2) Their web host provider was NOT helpful, not beneficial during the resolution process. Surprisingly enough, only a small percentage ’switched’ providers due to this.
3) Google was their main source of information on this issue, but the information was confusing, not really related, and generally was unhelpful overall.
We will be publishing more results as the data becomes more solid. We are still running the survey, so if you (or someone you know) went through this very personal hell, please forward them this survey link URL: http://surveys.verticalresponse.com/a/show/527087/2a7f185d4a/0
(securely hosted by vertical response – anonymous is ok too!)
-Jason
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:32 AM
One big thing that is missing from this industry is empirical trend data that supports the TRUE risks and costs associated with hacking and malware infections. To date, we’ve written quite alot about customer-specific impacts when they are infected… The ‘results’ run the gambit of 1000’s of dollars of losses over time, loss of SEO rank, customer reputation, etc. However, one part that has been missing is the true impact around the realm of supporting actors in these instances.
For example, if there is a site that is infected with a simple malware redirect. Instead of only looking at the impacts directly to the website owner (which are onerous enough!), we’re starting to look at the impacts to the service providers for that customer.
Its not just the webhoster. Its the affiliates for that site that may lose sales. Its the adnetwork that is presented on that site that receives negative feedback for the ads being present on an infected site. Its the content readers that also receive the infection, or are impacted by the reduction in traffic. Its the direct advertisers that are affiliated with the website, that are now also negatively impacted on either/or image, reputation or traffic perspectives.
So we here at SiteSecurityMonitor.com are undertaking a small series of end-user surveys (specifically those that were impacted) about their total ‘experience’ with the solution. Questions like: Who did you call first? How were you told? Did your SEO rankings take a hit? Was your webhoster helpful? Did you switch hosts/designers/products based on the infection. What other steps have you taken, etc.?
Thus far (early in our survey), some interesting facets have already arisen..
Primarily:
1) Clients learned of their defacement primarily through their customers or colleagues. Because they don’t regularly monitor their site, they had no idea that they were infected.
2) Their web host provider was NOT helpful, not beneficial during the resolution process. Surprisingly enough, only a small percentage ’switched’ providers due to this.
3) Google was their main source of information on this issue, but the information was confusing, not really related, and generally was unhelpful overall.
We will be publishing more results as the data becomes more solid. We are still running the survey, so if you (or someone you know) went through this very personal hell, please forward them this survey link URL: http://surveys.verticalresponse.com/a/show/527087/2a7f185d4a/0
(securely hosted by vertical response – anonymous is ok too!)
-Jason
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:30 AM
Well folks, its been a crazy week online this week.. Is it part of the holidays, or simply that more vulnerabilities are going ‘unfixed’ and the hackers are finding more? You be the judge.. We definitely think that there is a ‘retribution’ slant to most of the major issues this week, specifically with Rockyou!
Rockyou.com Falls Victim to simple hack, Major exposure!
One of the more interesting facets of the story is RockYou’s failure to appropriately protect user’s login credentials. The hacker showed us an image containing the last few lines of a 32,603,388-line, seven-column dataset weighing in at 276 MB. All the data we saw was in plain text; any grade schooler could have used this information to log in to users’ accounts.
Link to Original Story
If you are interested, the most easterly point of North America
Long a fan of the ‘virtual google traveler’, I have found an interesting article using google maps to ‘visit’ locales. In this case, its the most easterly point of North America!
Link to Story
SEO Poisoning – 54f3.com responds
I came across and interesting question in LinkedIn that asked what was SEO poisoning. We recently had a customer that came to us with this nasty, nasty infection. Its ugly, and it hurts. Read all about it here.
US and Russia being cyber-SALT talks
This reminds me of the good old days of the SALT talks. Remember those? When we had nukes pointing at each other for MAD (Mutually Assured Destruction) needs? Well, now we’re in the Web 2.0 world, and the conversation has changed. 
Full Story here
SiteSecurityMonitor.com Malware Survey Continues
Our survey for the results and true impacts of malware on the general consumer, the hoster, and the other parties associated with a hacked site continues. To date, we’ve received an incredible response with some interesting results. Be a part of the feedback and please take a few seconds to respond to our survey HERE
All in all, a very busy week! I hope your preparations for the holidays are not too crazy for you, and wish you and yours a safe and joyous holiday (however you may celebrate it!)