Posted by Sam Leeson on Mon, Jun 21, 2010 @ 01:53 PM
I've been rolling this blog post around in my head for a week or so. I mean really, what can one say about on-line porn sites and security that hasn't already been said? Most of us know that if we decide to spend time surfing around in the "less desirable" areas of the internet then we are opening ourselves up to the risk of malware infiltrating our computer and infecting everyone we know with viruses.
If this information is understood and we know that we are putting ourselves at risk then it can't be a surprise, with all of the "free" adults-only websites there are out there, that "malware distribution itself appears to be the only profitable sideline for the adult industry." So, what do you need to know?
One group with collaborative efforts from members at Secure Systems Lab, Technical University Vienna, Institute Eurecom, Sophia Antipolis and University of California, Santa Barbara decided to create and operate two different "adult web sites." They performed a series of experiments and ran a "security analysis of data obtained from web site visitors," which allowed them to assess and evaluate "remote vulnerabilities of visitors and possible attack vectors."
One of the scariest parts of their findings was just how inexpensive, and therefore lucrative, it can be to take advantage of site visitors citing that they "could potentially exploit more than 20,000 visitors by spending only $160."
In short their research lead them to conclude that "many adult web sites try to mislead and manipulate their visitors, with the intent of generating revenue . . . [by employing techniques, which] range from simple obfuscation [like] blind links . . . to sophisticated redirector chains that are used for traffic trading. Additionally, the used techniques have the potential to be exploited in more harmful ways, for example by facilitating CSFR attacks or click fraud."
No one is suggesting you should remove any specific website content from your "favourites" menu, we are simply offering a gentle reminder that someone can always see what you are doing and where you have been as long as they have the know-how and access to your system.
At the end of the day, YOU might not catch anything while surfing around on-line porn sites, but your computer might! As with anything, vigilance is key; don't forget to practice safe surfing. Fill out the free form on the right side of your screen and have your first malware and vulnerability scan done now and see how safe your computer environment is.
Posted by Sam Leeson on Thu, Jun 17, 2010 @ 03:22 PM
While reading through blog posts this morning I was greeted with this one from
Acunetix indentifying reasons why consumers should be wary of "[hopping] aboard the Web Vulnerability Scanning bandwagon." Their article raises several valuable reasons as to why deciding to repair your own system may be more harmful than helpful. What the article did not describe was why services like ours at SiteSecurityMonitor.com are an essential tool for large and small companies alike.
When you register with SSM you can be sure that you are not only scanning for website vulnerabilities within your own system but also that you are seeking out and identifying malware that may have infected your entire network. Because the whole focus of SSM is to be able to identify malware and vulnerability issues within the sites of our clients we are able to direct all of our resources to continuously update and remedy the ever-increasing number of viruses set to damage a website.
Certainly I can support the idea that Acunetix raises about how easy it is to find, buy and use an "outdated, unproven, ‘free' scanner" and that's why we are here. There are so many options out there that it can feel overwhelming to know where to begin to look for help. That said, these days with the media outlining how easily hackers seem to be getting a hold of large companies like Adobe and Apple's iPad then why wouldn't you be anxious about the safety of your own website?
If you aren't sure about the services we offer then I encourage you to give us a try before you commit. Fill out the "Get A Free Scan" form on the right side of this page and let us tell you what we find. According to clients like Jack Summers, of Radioworld.ca, the research shows that "SSM earned high marks are the most community-oriented and helpful solution in the [malware and vulnerability scanning] industry." Let our service speak for itself.
Posted by Sam Leeson on Mon, Jun 14, 2010 @ 03:30 PM
If your day starts anything like mine then you open up your favourite RS
S feeder and filter through a significant number of blog posts and newspaper articles related to hacking, hacker, malware and website infection. In fact I am able to be specific enough with my reader to have it show me whenever people write to Google, Badware Busters, LinkedIn, etc. to ask what they should do when their site has been flagged as being harmful or potentially dangerous. And I am able to direct the infected parties toward the SiteSecurityMonitor's web site and free initial scan.
In the past SSM customers would register for the free scan, see what a boon having the protection and seal of protection was for their site and many would become members and pay to have a regular system analysis performed. Once they became our customers then they would receive a regular report to let them know where their site housed infections or vulnerabilities. We all know what happens when a website gets hacked. 
As Regina Smola, WordPress Security Expert, suggests, "it puts the webmaster in a tailspin, wondering what to do and what files have been infected. It puts the webmaster at risk of infecting their site visitors, getting blacklisted from search engines, and losing their website's trust and reputation. A hacked website requires an immediate response... detect, clean and close the vulnerabilities."
We have found our customers want the scan done and then, once they have made the necessary repairs to their content, they are interested in ensuring they have removed all of the malware. They want another scan done sooner rather than later. In the past SSM offered the scan to be completed on a regularly set schedule and the customer would have to wait to have a chance to see if they were in the clear. Now we have a new option for SSM service users; a rescan button right on your My Site Reports page.
This is just the latest way that we can meet the needs of our growing client base. Smola, an SSM customer since [date] continues to be a fan of our services too. She encourages WordPress users to have their "website scanned at Site Security Monitor" and adds that it is the "first step to a safer and successful website."
Posted by Sam Leeson on Mon, Jun 07, 2010 @ 11:18 AM
Everywhere we turn in the recent weeks we are reading articles, blog posts and social media updates about frustrations consumers are having with Adobe products. This comes in light of the Kaspersky Lab report titled "Information Security Threats In the First Quarter of 2010" indicating that Adobe products are the number one choice for hackers and virus writers around the world. Adobe went so far as to announce, late Friday, that they know about that holes being exploited in their Flash Player and indicated that, as yet, as patch was not available.
What I glean from the comments I've read is that individual consumers are surprised that their sites are being targeted just as frequently as the "big companies." Too often we make the assumption that because we are small, we are inconsequential and therefore uninteresting and unappealing to the hackers and malware-spreading individuals of the world. This is no longer the case. The people who are looking for targets generally have plenty of time and patience on their side 
so they can hit anyone with access to the internet through a blog posts, website visits, or click-through ads. Many of these sites utilize services offered through Adobe and other "big name" companies and so if there is already vulnerability there, you are unwittingly subjecting yourself and anyone who visits your site to an attack. J. Sadowsky, from http://www.partyinnovations.com/ thought he was protected by using McAfee security solutions but only managed to become completely free of site attacks when he began our program utilizing both the malware detection coupled with our vulnerability scanning services.
Regina, from WPSecurityLock, makes every effort to ensure that blog writers using the WordPress platform have all of the information they require to keep their posts safe from attack. Regular readers of her site will also note that she even writes about any potential exploitation she comes across.
Do not assume that simply because you are small, you do not have power. Be it good or bad, you wield more power than you think.
Posted by Sam Leeson on Thu, Jun 03, 2010 @ 03:41 PM
It's a sad statement to make that anyone can become a hacker with a few dollars and the right contacts. A simple email will allow anyone with the means access to credit card numbers, addresses, and all of your personal information. One blogger went so far as to label this industry as "fraud-as-a-service."
It's easy for individuals who have not been hacked to believe services like ours at SiteSecurityMonitor.com to be redundant. What started out on floppy disks in the 90's moved to email Trojans towards and through the move into the new millennium. These days websites are the most common place hackers target. Clients with ads and other additional click-through links are especially vulnerable.
We go out of our way to instil confidence in the consumers who use our services by generating regular reports for them letting them know exactly what malware their site has been infected with and where their site is vulnerable to future attacks.
In fact our customers are the first to let us know that the services we offer surpass what they thought was available to them.
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:28 AM
While I try and not to be so graphic with my comments, I can’t help but feel CSI-que lately with all of these hack attacks.
So here we go again. This time, its CITI. Just reported today by marketwatch.com, Citigroups stock sank significantly based on the rumor that Citigroup suffered a hack attack that lead to millions of dollars of client losses.
Now for the record, at this point, Citigroup denies the allegations. However, the Wallstreet Journal broke the story themselves earlier today.
Anyways, no matter who did what, when to whom, lets look at the splatter here..
1) stock drops
2) Customers start to call in
3) Customers who smell anything out of the ordinary will call in
4) Customer worry, risk and otherwise confidence in the internet and banking as a whole suffer
I’m sure the community will come up with more than my simple list above, but it is safe to say there is SOME impact, material or not, to Citigroup and the industry as a whole.
UPDATE: Now CNET reports it as well, but with denials from Citigroup