An infected Web

The Internet is “the network of all networks”. It is open to all, and this has brought many benefits. But that doesn’t mean our own computers and networks should be open to all. We individuals need to discriminate.

Dan Goodin at The Register has been covering the story of legit websites serving malware. Sites you trust may be bad. Sometimes the attackers gain control through a server exploit, sometimes through password cracking, sometimes through keystrokers.

The site owners rarely know they’re distributing malware to their audience. This exploit injects obfuscated JavaScript at the bottom of the site’s front page, redirecting visitors to various pages which attempt to force a download via old browser/plugin exploits.

Keeping your own software up-to-date, private and secure is necessary… the websites you’ve trusted may no longer be trustworthy. There is no “little network” of trust in the Web world — a browser will visit any site, and new hacks can demolish trust zones. (That’s why I’ll trust a separate AIR client more than I will an HTML5 uberbrowser.)

And in such a “network of all networks”, other people getting infected is bad for the rest of us — more noise, more confusion, less clarity.

Surfing the Web is like walking a strange city, particularly one with a high crime rate. The open-to-all nature requires us to be aware, and avoid unsafe situations.

Some sites we trust may be infected. We need to keep Web software up-to-date, and encourage others to do so.

One Response to An infected Web

  1. [jd sez: Notice to readers — following comment is off-topic, and of weak logic at that. You can read around it.]
    Unless you use a Flashblocker. Then it’s like being in a neighborhood with white picket fences. All the gates have a button, and the user gets a choice as to whether to PUSH that button.
    [jd sez: ?? Did you read the article? Websites themselves are infected and serving malware, unaware. Has nothing to do with Flash.]
    Remember, *you’re* the one who recommended a 3rd party solution to Flash. Pretty much admitting that Flash contributes to the ‘high crime rate’. Instead of carping about your weak platform, why don’t you beef up its security?
    [jd sez: Whew, talk about extraneous hatred. When someone said “My Mac browsers crash; I blame Flash” I said “Try a Flashblocker, and you’ll see they still crash.” And blaming security on Flash is just as misguided, assuming you’re using current software as I recommended above. Let go of your hatred; it is coloring your understanding.]
    Adobe doesn’t own Flash end to end. You’ve let your plugin bloat, its ‘security’ does not serve the enduser. At. all. Even on Adobe’s fav platform, Windows.
    That’s why Youtube would rather just serve H.264 in [video] tags, Chrome has session threading, Apple ignores you, and HTML5, comedy such as it is, is a thorn in your side.
    To paraphrase an old net saying:
    The net sees Flash as cancer and routes around it.
    [jd sez: Oh, thank you. Go out and do something better, okay?]