Tag Archives: Javascript

Your Website Traffic Log – The Trap Door To Spread Viruses?

Checking your Website traffic stats is not without some risk, as guest writer Bruno Deshayes explains in this thought provoking article.

imageYou get pleasantly surprised to notice an unknown website apparently sending traffic to you. When you click on the link not only do you find that the page does not mention your site at all but at best security essentials blocks the threat or at worst your browser locks up and it is anybody’s guess what the pirate is doing under the hood.

Better close down your PC altogether and run a virus check. If you run a laptop even turning the machine off will achieve nothing – you have to physically turn the laptop over and remove the battery for a forced shutdown! How many files could get infected by the time you finally do it?

I find those fake referral urls showing up in cPanel | AWStats but also in blogspot | stats | traffic sources.

The old trick of course was to send you an email loaded with some html data rather than plain text. Viewing the thing in outlook would automatically launch the browser and – too late – the malicious website is already loaded and doing its nasty work unbeknown to you.

I used to handle that one by always checking suspicious emails this way: While having emails preview disabled: right mouse click and choose properties in the floating menu. Then choose details and message source to view the raw email text.

If they send me some base64 encoded attachment and nothing else you know it is a nasty payload. I have used Gmail for some time and still read it in outlook because I don’t like the ads or the heavy JavaScript used on the Gmail website. When I go there occasionally I am amazed at all the spam that got filtered out!

The internet in the last 10 years has become a very mature market with every man (woman?) and their dog blogging and every hacker from India, Russia and China trying to make a quid in broken English or else trying to rort the system.

The spread of botnets silently programmed to check every security loophole and delegating their activity to hundred of infected machines has come to the attention of the main stake holders. Microsoft who used to hide behind a whole industry of virus scanners is now taking the lead with effective and free maintenance tools. Well, their future depends on it. If Windows is crippled by security issues it makes Apple the alternative of choice. But behind the glitz the Steve Jobs camp is now having to face the music and made to understand that not everything can be fixed by the same marketing spin.

The worrisome factor is that in a global economy there isn’t a single entity to police the internet. If you look on the bright side the plague of email spam has been brought down to a fair extend. Interpol has nabbed pedophiles networks. The nofollow tag has tamed blog comments link spammers and even WordPress has come up with an advanced tool to keep comment interaction within its community alive and buzzing.

Bruno Deshayes is a writer, designer and developer who runs a portfolio of online services. He can be politically incorrect for the sake of stirring things up and engaging his readers.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under Blogging Tips, Cyber Crime, Don't Get Hacked, Guest Writers, Opinion, Viruses, WordPress

Blog Comments That Make No Sense

Some time ago, TechPaul, in his Blog Tech – for Everyone, wrote a great piece on why FireFox users’ would benefit by installing the NoScript add-on. If you’re not familiar with NoScript, the developer describes it this way:

“The NoScript Firefox extension provides extra protection for Firefox, Flock, Seamonkey and other mozilla-based browsers: this free, open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by trusted web sites of your choice (e.g. your online bank), and provides the most powerful Anti-XSS protection available in a browser.”

So I was more than a little surprised, to see a recent reader comment referencing this article, in which the reader (a self described “web developer”), complained:

“Ok, great! Block Javascript, IFrames, Flash and the like. Why not go ahead and block web sites from loading on browsers from now on? At some point you have to get real about web browsing. What you are doing by spreading this so called information is causing panic, and making people scared to browse”.

My immediate response after reading this uninformed reader’s comment was – What planet are you living on? What internet are you surfing?  How could you be totally unaware of the following?

Trojan horse programs

Back door and remote administration programs

Denial of service

Being an intermediary for another attack

Unprotected Window shares

Mobile code (Java, JavaScript, and ActiveX)

Cross-site scripting

Email spoofing

Email-borne viruses

Hidden file extensions

Chat clients

Packet sniffing

Yes, uninformed reader, you must be right – TechPaul and the following informed users, and reviewers, must be wrong.

CNET News: “Giorgio Maone’s NoScript script-blocking plug-in is the one-and-only Firefox add-on I consider mandatory.” (March 9, 2009, Dennis O’Reilly, Get a new PC ready for everyday use)

Forbes: “The real key to defeating malware isn’t antivirus but approaches like Firefox’s NoScript plug-in, which blocks Web pages from running potentially malicious programs” (Dec 11, 2008, Andy Greenberg, Filter The Virus Filters).

PC World: Internet Explorer 7 Still Not Safe Enough because it doesn’t act like “NoScript […] an elegant solution to the problem of malicious scripting

New York Times: “[…] NoScript, a plug-in utility, can limit the ability of remote programs to run potentially damaging programs on your PC“, (Jan 7, 2007, John Markoff, Tips for Protecting the Home Computer).

The Washington Post security blog compares MSIE “advanced” security features (like so called “Zones”) to Firefox ones and recommends NoScript adoption as the safest and most usable approach.

The final part of this uninformed reader’s self serving comment was as follows:

“ If you have half decent anti everything, the real nasties will be blocked by them and the need for these add-ons won’t be there. This is not great news for web developers!!!”

One of the aims of Bloggers like TechPaul, Sir, is to offer information to readers which allows them to determine, based on real information, what steps they need to take in order to enhance security to a level which is appropriate for their needs.

A self described “web developer”, such as you, would be well advised to keep the needs of his clients, and end users, uppermost in his mind. Otherwise,it seems to me, you may not remain a web developer, ‘”self described”, or otherwise, for very long.


Filed under Browser add-ons, Don't Get Hacked, Interconnectivity, Internet Safety Tools, Online Safety, Personal Perspective, Windows Tips and Tools