Superguide: the death of 'trusted' Web sites?

Superguide: the death of 'trusted' Web sites?

Summary: The explosion in drive-by download attacks continues to grow. How has the situation got so dangerous? Are there any "trusted" Web sites left?



  • 2007: How was it for security?

    Security researchers worked overtime in 2007, which turned out to be a nightmare for software vendors from day one. In January alone, Apple, Google, Microsoft and Adobe were just some of the household names embarrassed for leaving gaping holes in their products.

  • Developers must take personal responsibility: Gartner

    We sat down with security analyst Andrew Walls at Gartner ITExpo and asked him how Web 2.0 affects application security.


  • BitDefender: Proactive security – IT body armour against

    Defending against today's diverse array of security risks can be an enormous drain on corporate resources; especially for emerging and growing businesses which need to protect themselves against exactly the same threats as large scale enterprises, but with only a fraction of the IT resources.

  • BitDefender: Emerging Threats to Business Security

    Now more than ever, businesses need to be concerned about the security of their networks. The number, variety and strength of the threats to computer and network security have dramatically increased and businesses need to be prepared against an ever-changing landscape of malware attacks.

  • Sophos: Security Threat Report 2008

    A recent survey showed that only 30 percent of computer users thought that 2008 would be a better year for internet security. Despite vast improvements in technology, hackers have responded by upping their game. Their main focus remains financial gain, and new methods to steal from users and companies continue to emerge. The Sophos security threat report talks about recent attacks and gives predictions and advice for 2008.

  • Sophos: Unauthorised applications: Taking back control

    Employees installing and using unauthorised applications like Instant Messaging, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. This paper looks at why it is important to control such applications, discusses the various approaches, and highlights how integrating this functionality into malware protection is the simplest and most cost-effective solution.

  • McAfee: Patching: Is It Always With the Best Intentions?

    Over the years malicious software has attempted every trick in the book when it comes to hooking into an operating system not only to remain persistent at the time of execution but also beyond system reboots. This paper will describe how hooking into the operating system has changed over the years, including some examples of the most 'Interesting' methods from MS DOS, early Windows versions and present-day contemporary methods.

  • CA: Protect Your Family Against Today's Internet Threats

    Internet crime is big business. A decade ago, writing harmful software was largely driven by individual hackers' desire for recognition. Today, profit is the clear motive. Organised groups of criminals create the tools and the distribution mechanisms for a wide variety of harmful software that can be used in criminal enterprises. Their software perpetrates harm well beyond offensive photos or annoying pop-up ads. They can steal one's passwords, draining the bank account or running up one's kid's online gaming bill.

  • MessageLabs: Solving Business Threats Caused by Improper Use of the Internet by Employees

    Employees spend many hours on the Internet, and much of the time isn't used for their work. A recent study by and America Online found that US employees squander an average of two hours of company time online every day, time that costs their companies $759 billion annually. Employers face serious problems with employees' improper use of the Internet, including viruses from downloads of software and other materials found online.

  • IBM: Cyber Attacks On The Rise: IBM 2007 Midyear Report

    So far 2007 has been a very interesting and unexpected year on many security fronts. The IBM Internet Security Systems X-Force research and development team discovered, analysed and recorded new vulnerabilities and the status of varying threats throughout the first six months of this year. That data is compiled in this report.

Topics: Google, Browser, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • nice

    nice compliation of links. this is a big issue and i really have no idea how we are going to protect against it.

    good work zd
  • Webmaster security

    As the IT manager for a web dev company, understanding this issue is part of my job. With all the vulnerabilities in modern OSes, it's impossible to guarantee against attacks, but every webmaster has the responsibility to do everything possible to mitigate the threat. Besides ensuring that our server software is ALWAYS patched and fully up to date, I've implemented the following additional policies to minimise the danger of any of our clients' websites being compromised, for the benefit of any other devs out there who might find this info useful:

    1. We never display any content on our sites that we do not control - no Google ads, no external site components. Everything on our sites (including any ads) is hosted only on our servers.

    2. All site code is designed in-house: HTML, Perl, PHP, Javascript, Java apps, everything. We don't use third-party code in our site scripts and pages, just our own codebase. We don't use Flash at all. Server-side apps where required use Java.

    3. All site files (HTML, CSS, JS, Java, P* scripts and config files like .htaccess) are refreshed daily from backups stored on a system not connected to the Internet. We "sneakernet" the files over on an external HDD, and transfer the files to our servers with Secure FTP.

    4. All our site admin passwords are changed daily, using a random password generator of our own devising. Staff can obtain passwords if required from the same non-connected machine that houses our backups. All password requests are logged.

    While these measures might not be hackerproof (nothing ever is), they ensure that anyone trying to compromise our clients' websites would have to be VERY determined and be familiar with our operations and procedures. We do everything we can to reduce the risk, but in the end, that's all you can do.
  • Hacked websites

    the word 'exasperated' should be 'exacerbated'.
  • Good Timing!

    you publish this the week that 165,000 sites are attacked in this way...

    a coincidence?