Posted by Sam Leeson on Mon, Jun 14, 2010 @ 03:30 PM
If your day starts anything like mine then you open up your favourite RS
S feeder and filter through a significant number of blog posts and newspaper articles related to hacking, hacker, malware and website infection. In fact I am able to be specific enough with my reader to have it show me whenever people write to Google, Badware Busters, LinkedIn, etc. to ask what they should do when their site has been flagged as being harmful or potentially dangerous. And I am able to direct the infected parties toward the SiteSecurityMonitor's web site and free initial scan.
In the past SSM customers would register for the free scan, see what a boon having the protection and seal of protection was for their site and many would become members and pay to have a regular system analysis performed. Once they became our customers then they would receive a regular report to let them know where their site housed infections or vulnerabilities. We all know what happens when a website gets hacked. 
As Regina Smola, WordPress Security Expert, suggests, "it puts the webmaster in a tailspin, wondering what to do and what files have been infected. It puts the webmaster at risk of infecting their site visitors, getting blacklisted from search engines, and losing their website's trust and reputation. A hacked website requires an immediate response... detect, clean and close the vulnerabilities."
We have found our customers want the scan done and then, once they have made the necessary repairs to their content, they are interested in ensuring they have removed all of the malware. They want another scan done sooner rather than later. In the past SSM offered the scan to be completed on a regularly set schedule and the customer would have to wait to have a chance to see if they were in the clear. Now we have a new option for SSM service users; a rescan button right on your My Site Reports page.
This is just the latest way that we can meet the needs of our growing client base. Smola, an SSM customer since [date] continues to be a fan of our services too. She encourages WordPress users to have their "website scanned at Site Security Monitor" and adds that it is the "first step to a safer and successful website."
Posted by Jason Remillard on Tue, Mar 09, 2010 @ 12:35 PM
A note about transparency and a Special Offer to ControlScan Customers
By now, many have become aware of the settlement between the Federal Trade Commission and ControlScan.
From companies specifically created to sell seals without doing ANY scanning or verification what so ever, to individuals and businesses misrepresenting their status at the Better Business Bureau ; there is long and sorry history of this type of deceptive practice. It is refreshing to see the FTC finally catching up to some of these people. The deceptive and fraudulent actions of a few tarnish the hard work and honesty of the rest of us. Rarely does a day go by that I don't have to answer a question in one form or another about whether we're for real, and can we prove that we actually do scans. These are honest inquiries that I can not fault.
The FTC ruling against ControlScan for their past activities and inactivity, will not help us with this.
Adding to the questions about our legitimacy, there will now be lingering doubt in some people's mind about scanning frequencies. To clarify, yes we really do scan for Malware every single day. We really do scan for Web Vulnerabilities at preset schedules. For most of our customers, that's everyday too. In your Control Panel, you can see when the last Malware scan was completed and also when your last Web Vulnerability scan was completed.
For those of you reading this that are ControlScan customers who still have some natural lingering doubts about the service you're getting, we'd like to help set your minds at ease. To be clear, we have no reason to doubt that ControlScan is providing you with scans. We do know that they scan only for known vulnerabilities and not for the lastest and fastest growing segment of security challenges, Malware.
So to ControlScan customers we'd like to offer you 50% off the package of your choice, with no obligation. Simply contact me either by phone at 717-704-0061 or email and I'll be happy to answer any questions that you might have, to get your sites enrolled immediately and to hopefully restore for you some peace of mind.
Doug McDonald
VP Sales & Business Development
SiteSecurityMonitor.Com
Posted by Jason Remillard on Fri, Feb 05, 2010 @ 04:06 PM
Recently - security and accessibility issuies -have become an important topic to me. Although I had always considered accessibility and more specifically usability important in my designs, since I'm now down to one active hand two to a surgery on the other hand, I am now much more sensitive to the issue of accessibility. Call a subjective I suppose, but digress.
Two weeks ago was speaking to a product manager for a product that most of us
use each and every day , and the issue of usability and accessibility came up. We were discussing how usability affects the success or failure of products in general. Something as important a security itself should have a large focus on usability and accessibility.
Lately for me, I've been doing a lot of research in the area of accessibility of tools and I'm happy to say actually that Microsoft has done a very good job with his speech recognition system built into windows 7. After spending just a few minutes training it, I plugged in my headset on off I went! I would say the speech recognition system has worked at about a 97% effective rate. Although right now I am using it mainly for dictation, to save on my typing efforts, obviously there are a lot of other functions like switching between windows, launching browsers, etc. At this point I'm using it just to save my good hand from too much work
On the mobile front I found a solution called VLinglo which works on the blackberry (of which I am a very heavy user of). It performs the same function as the speech recognition system in windows 7; essentially translates your voice phrases and commands into blackberry lingo and executes them on the platform. Again in this case I'm using it primarily to save my good hand from too much work. I wonder if people are utilizing the platform for true medical conditions like carpal tunnel syndrome or other issues. I would suspect that systems like this allow them to utilize technology in a much easier and more effective fashion.
So what does SiteSecurityMonitor have to do with usability and accessibility, specifically with windows or blackberry? Not much specifically to the platforms. However, I've realized that as a founding missions statement, SSM is providing very specific detailed security information in accessible and usable formats. We've always prided ourselves on our simple to use, and easy to understand reports - specifically the high, medium, low priority issues that come out of our reports by default. We've always heard comments from customers about the reports. Specifically they appreciated the delineation between issues which helps obviously managers and webmasters to understand where the priority issues are, and which to address right away. More importantly, from my perspective - putting the vulnerabilities into this criterion of issues, does a lot more for the business than the customers are actually telling us.
In this case we are actually helping you to prioritize your expenditures, manage resources, a truly focus on what's important. When we added Malware detection scanning services to our offering about six months ago, this also made the reporting more valuable. By combining their reporting were able to give the site owner of a holistic and whole site overview of their enterprise from a security perspective -perhaps in this case making it more accessible, but definitely more usable.
So, not to detract from any other true research or breakthroughs on the accessibility and usability front, we feel that we have done our own little part in the security side to provide this information to business owners in the format and fashion that one can understand and appreciate - and more importantly action!
Posted by Jason Remillard on Tue, Jan 26, 2010 @ 12:05 PM
Malware… Yes, its been around for many years. However the attack vector has changed. Long ago the primary distribution method was by sharing dirty data (yes, exchanging floppy disks….remember those days?! 
Then it went onwards into distributing viruses and malware via email (this is the early days of outlook express!). Then, came the solutions to block this (antivirus on your email, desktop solutions that block installs on your PC, etc.)
Now however, it is much more sophisticated. As unfortunately some of you have experienced, the hackers are now cracking PCs and websites to inject malware. Hence the term ‘drive-by malware’. By infecting your website the hackers are now able to enjoy a free distribution method for their wares – your website. Target any sized website, inject your bad code, and watch the infections grow by the minute!
Consider this scenario… we have a customer who came to us (name not mentioned of course), that had been injected my malware. The alerts went up in Google HQ. His site was dropped from search engine rankings immediately. So, boom – there goes all of his google traffic (in this case, responsible for about 2,000 unique visitors a day).
Worse yet, now that Google was aware to his sites problems, the browser vendors now pick up on this and start warning ALL people visiting his site with this nice little alert:
Malware Reported Attack Site
So now, he has -0- traffic from Google. ALL of his users are now getting told this is ‘an attack’ site. All bookmarked entries, links from other sites, etc. ALL reflect that this site is now worse than the worse of worse! You are evil! You are spreading the scourge of the earth! How could you!
Now, this guy is in a panic. He’d just started a major campaign (offline and online), and had paid for alot of advertising that was non refundable. He was loosing 
1000’s of dollars a day, and his business was evaporating before his eyes.
Personnally, I don’t like to scare monger my customers into solutions. I think it is a disservice that many of our competitors do. However, I do like to highlight true to life stories, and their true impacts.
In this case, we were able to quickly shut down his site to stop the spread. Taking the site offline also minimized any infections he was spreading (because, in reality, he was). After stripping out the hacked code, we scanned all of his site (100’s of pages) and plugged up any holes the web vulnerability scanner found (there were more than one in his shopping cart and forum systems). Turns out, some of the lovely little hit counters and subscriber forms he had on his site were wide open as well.
Anyways, after the cleanup, and a few runs through our malware scanner to ensure we were clean, we stood the site backup and asked please, please please!
Google, please allow his site to be back in your good graces…
After about 36 hours, Google’s scanners had verified that he was now indeed clean, and reincluded him in the indexes. Luckily, since we caught it quick enough, this did not affect his PR rankings and his SEO work he’d invested so much into was saved.
Now, the browser alerts were another problem. Firefox released their warnings within a few hours of Google. Microsoft IE shortly thereafter. Safari and a few other smaller footprint browsers took a few days.
All in all, this attack cost him well over $10,000 in immediate losses due to his PPC campaign and offline media buy losses. Of course, now he had a perception problem with his customers (yes you are safe, no I’m not a hacker, etc.), and on top of that, one very long, long weekend on the phone with customers.
How to protect from these effects? Well, since nothing is 100%, regular scanning is your best defense, since you’ll know before the hackers do that there is a problem with your site. Even more important, since we now test each and every URL on your site with over 120,000 attack patterns (yes, that many!), you are getting great coverage and risk mitigation from the standpoint that you know more, on a daily basis, about what the outside knows about your site.
This, all told, allows him to sleep better at night
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 08:24 AM
SiteSecurityMonitor.Com Now Scans for Malware
Launched quietly last week, we are now scanning all websites for malware. What does this mean to you? Well, we now test each and every URL on your site for malware. How? Well, we use over 98,950 (count at this point!) malware patterns for our testing. We can test your code, your servers and even more importantly, your ad networks. As you know, the attack patterns are changing, and now the ‘bad guys’ are injecting malware on adnetworks. Google and others have been hit with this in recent weeks. We hope you enjoy the new service (reporting available in your online reports at: SiteSecurityMonitor.com Online Reporting).
Facebook users – Update your Security Settings ASAP!
Funny, but serious… ASAP – Review your Facebook Security Settings: Zuckerberg pictures exposed by Facebook privacy roll-back
- CEO shown ‘plastered’, possibly while devising new policy
- Illuminating pictures of Facebook chief exec Mark Zuckerberg have been exposed by Facebook’s privacy roll back
Full Story Here
True Story on Fixing a Customer's Infection – and What It Means to Web Developers and Hosters
Cross posted to thewhir.com – Hey all…I figured I would re/cross post a recent article I did on managing a customer's problems with respect to a recent malware infection. In this case, the add-on to the story that was not published was that the webhost he was on, didn’t help much. One of those ‘you’re on your own buddy’ kind of things.
Full Story Here
Amazon EC2 Used as a Safe Habor for Hackers
Security researchers have intercepted a new variant of the Zeus crimeware, which is using Amazon’s EC2 services for command and control purposes of the botnet. The cybercriminals appear to be using Amazon’s RDS managed database hosting service as a backend alternative in case they lose access to the original domain, which would result in the complete loss of access to the compromised financial data obtained from the infected hosts.