Posted by Jason Remillard on Tue, Jul 13, 2010 @ 08:58 AM
Responding to increased attacks and more sophisticated
approaches by hackers, effective immediately ALL subscription packages from SSM will now be scanned for Malware at minimum TWICE a day.
Higher level packages will have the sites subjected to the scans three or more times a day. We are finding with external or even internally hosted ad networks, the prevalence of Malware insertions is increasing. As well, we are trying to confirm, but it looks like our friendly googlebot is getting more aggressive on the Malware detection stance as well, potentially putting your site at a higher risk of being 'caught' by Google.
So, at no extra cost, we've increased the frequency of all scanning options, and expect this to continue onwards.
PS> Don't forget to check out our latest product addition - The Secure WordPress Plugin - now with over 160,000 Direct INSTALLS!
Posted by Sam Leeson on Mon, Jun 07, 2010 @ 11:18 AM
Everywhere we turn in the recent weeks we are reading articles, blog posts and social media updates about frustrations consumers are having with Adobe products. This comes in light of the Kaspersky Lab report titled "Information Security Threats In the First Quarter of 2010" indicating that Adobe products are the number one choice for hackers and virus writers around the world. Adobe went so far as to announce, late Friday, that they know about that holes being exploited in their Flash Player and indicated that, as yet, as patch was not available.
What I glean from the comments I've read is that individual consumers are surprised that their sites are being targeted just as frequently as the "big companies." Too often we make the assumption that because we are small, we are inconsequential and therefore uninteresting and unappealing to the hackers and malware-spreading individuals of the world. This is no longer the case. The people who are looking for targets generally have plenty of time and patience on their side 
so they can hit anyone with access to the internet through a blog posts, website visits, or click-through ads. Many of these sites utilize services offered through Adobe and other "big name" companies and so if there is already vulnerability there, you are unwittingly subjecting yourself and anyone who visits your site to an attack. J. Sadowsky, from http://www.partyinnovations.com/ thought he was protected by using McAfee security solutions but only managed to become completely free of site attacks when he began our program utilizing both the malware detection coupled with our vulnerability scanning services.
Regina, from WPSecurityLock, makes every effort to ensure that blog writers using the WordPress platform have all of the information they require to keep their posts safe from attack. Regular readers of her site will also note that she even writes about any potential exploitation she comes across.
Do not assume that simply because you are small, you do not have power. Be it good or bad, you wield more power than you think.
Posted by Sam Leeson on Thu, Jun 03, 2010 @ 03:41 PM
It's a sad statement to make that anyone can become a hacker with a few dollars and the right contacts. A simple email will allow anyone with the means access to credit card numbers, addresses, and all of your personal information. One blogger went so far as to label this industry as "fraud-as-a-service."
It's easy for individuals who have not been hacked to believe services like ours at SiteSecurityMonitor.com to be redundant. What started out on floppy disks in the 90's moved to email Trojans towards and through the move into the new millennium. These days websites are the most common place hackers target. Clients with ads and other additional click-through links are especially vulnerable.
We go out of our way to instil confidence in the consumers who use our services by generating regular reports for them letting them know exactly what malware their site has been infected with and where their site is vulnerable to future attacks.
In fact our customers are the first to let us know that the services we offer surpass what they thought was available to them.
Posted by Jason Remillard on Fri, Feb 05, 2010 @ 04:06 PM
Recently - security and accessibility issuies -have become an important topic to me. Although I had always considered accessibility and more specifically usability important in my designs, since I'm now down to one active hand two to a surgery on the other hand, I am now much more sensitive to the issue of accessibility. Call a subjective I suppose, but digress.
Two weeks ago was speaking to a product manager for a product that most of us
use each and every day , and the issue of usability and accessibility came up. We were discussing how usability affects the success or failure of products in general. Something as important a security itself should have a large focus on usability and accessibility.
Lately for me, I've been doing a lot of research in the area of accessibility of tools and I'm happy to say actually that Microsoft has done a very good job with his speech recognition system built into windows 7. After spending just a few minutes training it, I plugged in my headset on off I went! I would say the speech recognition system has worked at about a 97% effective rate. Although right now I am using it mainly for dictation, to save on my typing efforts, obviously there are a lot of other functions like switching between windows, launching browsers, etc. At this point I'm using it just to save my good hand from too much work
On the mobile front I found a solution called VLinglo which works on the blackberry (of which I am a very heavy user of). It performs the same function as the speech recognition system in windows 7; essentially translates your voice phrases and commands into blackberry lingo and executes them on the platform. Again in this case I'm using it primarily to save my good hand from too much work. I wonder if people are utilizing the platform for true medical conditions like carpal tunnel syndrome or other issues. I would suspect that systems like this allow them to utilize technology in a much easier and more effective fashion.
So what does SiteSecurityMonitor have to do with usability and accessibility, specifically with windows or blackberry? Not much specifically to the platforms. However, I've realized that as a founding missions statement, SSM is providing very specific detailed security information in accessible and usable formats. We've always prided ourselves on our simple to use, and easy to understand reports - specifically the high, medium, low priority issues that come out of our reports by default. We've always heard comments from customers about the reports. Specifically they appreciated the delineation between issues which helps obviously managers and webmasters to understand where the priority issues are, and which to address right away. More importantly, from my perspective - putting the vulnerabilities into this criterion of issues, does a lot more for the business than the customers are actually telling us.
In this case we are actually helping you to prioritize your expenditures, manage resources, a truly focus on what's important. When we added Malware detection scanning services to our offering about six months ago, this also made the reporting more valuable. By combining their reporting were able to give the site owner of a holistic and whole site overview of their enterprise from a security perspective -perhaps in this case making it more accessible, but definitely more usable.
So, not to detract from any other true research or breakthroughs on the accessibility and usability front, we feel that we have done our own little part in the security side to provide this information to business owners in the format and fashion that one can understand and appreciate - and more importantly action!
Posted by Jason Remillard on Sun, Jan 24, 2010 @ 11:55 AM
Malware Infection, Cleanup and Vulnerability Analysis and Consulting Services…
ALERT: TRUE STORY BELOW..
Want to understand how simple it is to secure your site? Sure, we’ll take a real customer example from this week to document the story.
(Names and Certain Elements removed to protect confidentiality)
Context:
Large financial news information site that was recently infected several times. Running an older (but not so old) version of WordPress. Established site, running for years, great following.
Attacks:
Several different approaches, including a desktop infection, which then infected the site. Infections spread internally from there.
Impacts:
Malware was being distributed to its 2000+ unique viewers a day. Due to the depth of the attack, google has reindexed the site with all of the pornographic and male-enhancement site links, meta tags, etc. Effectively, the site (and business) is in bad shape, SEO results are suffering.
The Approach:
Customer signed up for a free scan, which resulted in the 1st metric on the chart below (roughly 1,640 High and Medium Vulnerabilities) – Keep in mind, this is a fairly large site.
The customer took the recommendations and executed some of them (upgrading Wordpress being the first). After contacting our support group, we went through the rest of the report, and summarized the findings, and recommendations.
Luckily the Malware Alert Attack Site! flags have been removed from most browsers..
Conclusion:
As a result, we’re now down to 2 high severity issues, and about 70 medium severity. Direct Malware injections were removed. Now we’re going through the last steps to remove the last stragglers of the infection, (some things are set to reinfect after removal, etc.), and CLOSE THE DOORS on the site.
We’ll wrap up the work in a day or so, and the customer will be free from the existing hacks, and we will be monitoring his site on a daily scan basis (for both vulnerabilities and Malware) for the next few months.
Actual Screenshots from the Reporting Tool @ SiteSecurityMonitor.com
We have summarized the vulnerabilities detected over time (added medium and high priority issues) in order to give you a snapshot of your performance over time
Total Issues: Below are the issues detected on this scan, and the last scan.
| Previous scan ( 2009-11-30 xxxxxx AM ) 
|
|
Latest scan ( 2009-12-03 xxxxxx AM )
Posted by Jason Remillard on Thu, Jan 21, 2010 @ 11:32 AM
I came across a great question in LinkedIn a few weeks past, and took the opportunity to document basically what it is, in a simple version: (and it was voted the best answer! :)
Question:
What is an ‘SEO poisoning attack’?
SEO poisoning attacks are primarily attacks on popular websites using XSS or cross server scripting. IFrame viruses also act like this. Iframe are the most dangerous viruses that attack websites online through low server or FTP password leakage. These viruses then target different websites which contain some exploit matters, images and content.
Answer:
This is a sophisticated attack that is being perpetrated on a daily basis. (We just had one of these this week).
Basically, the hacker includes a script (in apache config, in your Wordpress blog, htaccess), etc. That says, if the incoming user agent = googlebot, etc. SEND THEM here. If its not, display that site.
So in my customer's example, all of his SEO rankings were showing porn, Viagra, etc. But to end users, the site worked just fine. So when Google crawled his site, Google was redirected to other content. Google indexes it, and moves on. So now, ALL of your SEO for your site is showing indexed data for the porn site. Keep in mind as well, the Google Malware alert was NOT displayed to end users. So they tricked Google twice here - once on the SEO rankings, secondly the Google Malware detection system. Seems they don't test the malware NOT using the googlebot user agent - otherwise it would've been detected. 
Even worse now, the one we dealt with last week, was operating a ‘webring’ of sorts. That is, the sites referred to each other as well. These cracked sites were thus increasing the SEO value of the porn links exponentially as the ring grew (as more infected sites were added). This was growing at approximately 30 sites a day.
The main ‘benefit’ here is that Google indexes this hacker's site, using your backlinks, etc. to your site to grow his SEO value.
Seems like everyone wants a good ranking from Google :-/
Unfortunately, this is a sophisticated attack, and usually has many layers (in this case, the redirects were in 4 different places, and took us hours to find).
Posted by Jason Remillard on Wed, Jan 20, 2010 @ 07:40 AM
For some light humor!
1) You really enjoy waking up in the morning with your coffee, hitting your homepage, and finding a new page marketing ‘special offers’ for ‘enhancement’ products… You spill your coffee, burn…ouch.
2) You just love getting a hosting bill showing your site had somehow managed to use 4 terabytes of data last month, even though your site is actually just 3 small pages.
3) You appreciate the Friday afternoon calls from 2 of your largest customers, saying that they are switching to your competitor due to some aggressive marketing they’ve received… Hmm, wonder how your competition knew how many kitty trinkets your biggest customer ordered last week?
4) You relish the thought of not being able to send your weekly newsletter to your regular customers, since, for some reason, no emails are getting through and your hosting provider says you sent 1,540,098 emails in the past hour marketing Acai Beans. You sell catnip toys… Interesting.
5) You’ve had approximately 38.56 different people help you with your website, you’ve changed hosters 6 times, and attempted to change the registrar of your domain three times but gave up. You know what they say about too many cooks…
6) That great freeware guest- book system written by a kid in Slovakia with a name you can’t even pronounce you thought was really neat in 2003 is actually still on the site, but you’ve long forgotten about it being there. Google and the scammers didn’t forget though…
7) One of your designers installed a patch for your shopping cart 2 years ago and had problems. After googling for a solution for a few hours with no results they decided to chmod 777 * a few large directories. Voila, it works! And that’s the way it’s been for 2 years now. Lovely.
8 ) You enjoy explaining to your customers how their private information is now front page news, or worse, with their ex-wife’s lawyer!
9) The thought of having the marketing list you paid $10k for last year available to anyone is something you enjoy. Sharing and collaborating, that’s what the net is all about, right?
10) You enjoy negotiating with a faceless individual from somewhere overseas that speaks like this “u will knot get ur d8a bck ever again unlezz u pay $80.000 dollarz.”. It wasn’t just your corporate data, it was your friends and family as well… Ouch.. Get that wire transfer ready.
11) Finally... The end of the pain. Perhaps not. On top of all of the great ‘side effects’ of not scanning your website – You get sued, your family gets sued, and now the ‘authorities’ are looking into your business activities — because — surprise, surprise, there are laws surrounding data protection. Your business is kaput, your staff is leaving in droves, and everything you’ve worked for for years now is gone. You thought you were diligent in picking a hosting provider, team members for the design and development and other folks for the rest of your business. However, when it came to someone offering you a fresh set of eyes on your site, you said no. No, we’re ok. We check. We’re fine. You thought website security scanning was like insurance. Perhaps it is. But we all miss it when we need it. In this case, you need it before you actually really need it. Because, by then, it’s too late.