Google has recently allowed users to see why it may flag a site as “suspicious.”

The service will show any information Google has about potentially harmful websites, including sites that have been compromised and sites that host malicious programs or malware. This is good in two ways— first, users can take advantage of this service whenever they question a site’s legitimacy; and second, website administrators may be alerted if their site gets compromised without their knowledge and starts serving up harmful content.

Of course, this assumes the compromise results in something that catches the attention of the Google application.

Although this is FAR from a 100% reliable test to determine if a website is safe to visit, it does provide an extra layer of protection just in case.

Example:

http://www.google.com/safebrowsing/diagnostic?site=http://badsite.com

Just replace the value of the “site” variable with whatever website you want to check out.

I think its good that Google is allowing this— they have an enormous amount of information at their disposal. Offering some of it to help keep people away from malicious sites definitely fits their motto— “Don’t be evil.”

Just stumbled upon some javascript code for determining what social networking sites you visit.

What are you to do if you want readers to promote your content? ... You have to decide on which bookmarking site, if any, to dedicate your precious screen real-estate. It’s a hard choice. If you choose poorly your reader won’t vote—it’s not a single click coupled and out-of-sight means out-of-mind—and your content losses its chance to make it big. You have to choose your horse wisely.

If you could detect which social bookmarking sites your reader uses, on a per-reader basis, you could display only the badges they care about. But you can’t know that because the browser secures the user’s history, right? Wrong.

Let’s try it. You have visited: .

So, is this a cool capability, or a creepy violation of your privacy? I think it is the former; since the code all runs client-side and can be disabled using a tool such as NoScript, and it benefits the user with a cleaner interface. Provide your comments below!

I’m sure many people have already seen that data was recovered from a Columbia (shuttle) hard drive. Yes, this was the shuttle that blew up on reentry back in 2003. Needless to say, the drive would be expected to be quite physically destroyed. There was some quite important research data on the drive, and the drive was sent to OnTrack Data Recovery Services for an attempt at recovery. Well, they were able to recover 99% of the data off of the drive.

Now, admittedly, the details on the actual data recovery were slim. How well was it protected inside the shuttle’s hull? What kind of temperatures was it exposed to? What kind of impact did it have? How much did it cost (both in time and money)? But, that’s just impressive. (And it just confirmed that I will continue to buy Seagate drives!)

What does that mean for us mere mortals? Bashing a Seagate drive with a hammer is not enough for “Data destruction”. Incineration may not even be enough for complete and total data destruction. Some of the things we’ve taken for granted about destroying hard drives have been turned on their head. I used to recommend that people open up their hard drives and leave fingerprints all over the platters as a method of making them unreadable. Maybe this isn’t the case any more.

This type of article makes the case for disk encryption, whether full disk or at least the data. Then even if the drive does survive re-entry, the only data that’s recovered is garbage to anyone without the key. On the flip side – remember that the full disk encryption will probably render your data unrecoverable should you actually need it recovered. (That’s what backups are for people!)

I thought this was interesting:

The pathogen disguises itself as waste material and tricks cells into digesting it, just as they normally would with the remains of dead cells. As the immune response is simultaneously suppressed, the virus can be ingested as waste without being noticed.
...
As soon as they impinge upon the cell membrane, an evagination forms, a bleb. The virus itself is the trigger for the formation of the evagination. Using a messenger substance to “knock on the door”, the virus triggers a signaling chain reaction inside the cell so that the bleb forms, catches the virus and smuggles it into the cell.

Apparently, the vaccinia virus is able to disguise itself as cellular waste which other cells readily ingest, causing them to become infected without setting off any alarms. The parallels with computer malware/trojans is apparent— they work in much the same way. If a computer user can be tricked into executing what appears to be an innocent or trusted program/application, they could inadvertently let in all sorts of nasties.

As Jean-Baptiste Alphonse Karr once said, “Plus ça change, plus c’est la même chose…”

“The more things change, the more they stay the same…”

I’ve been “tweeting” interesting developments and quotes using Twitter. This link will take you to the relevant entries.

Unfortunately I haven’t had much success with the classroom sessions yet this week. I’ll keep you informed on good ones I go to see. Best one I saw today was entitled “Case Notes from a Vulnerability Assessment of a Bank’s Web Services” by Mark O’Neill from Vordel.

After a lot of hard work, we are today unveiling our new website and logo to the world at http://geminisecurity.com.

Also stay tuned later today for a press release involving the SAFE-BioPharma Association.

CDC has announced a software tool allowing people to leverage Google’s massive store of information to identify possible flaws in websites. The software, termed “Goolag Scanner,” is open source and available for free. It might be an interesting addition to the toolkits of security researchers.

According to the article :

The tool lets people with fundamental programming skills check websites or Internet domains for weaknesses that could be exploited by hackers…
The group said it uncovered “some pretty scary holes” through random tests of the tool in North America, Europe, and the Middle East.

Worth checking out— the source and specifications are available on the Goolag Scanner homepage .

CSOOnline has a story highlighting 8 landmarks in information security history.

1971: Captain Crunch Whistle
1988: Morris Worm
1994: Citibank Heist
1995: The Celebrity of Kevin Mitnick
2004: Witty Worm
2005: Titan Rain
2005: ChoicePoint Debacle
2007: Storm Worm

Have others to add? Think they got this set wrong? Comment below!

While the title Polish teen derails tram after hacking train network is a little deceiving, note that the 14-year-old modified a TV remote to control track junctions along the tram line in the Polish city of Lodz. Pretty impressive work. Now for the scary part:

Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz’s tram network was hacked, even by these low standards, is still a bit of an eye opener.

I’ll say.

OK, this one is just theoretical...