Sandi Hardmeier over at the
spywaresucks blog who I have an immense amount of respect for has some pretty
harsh words of criticism regarding the blog worm which is spreading via social
networking across the internet. I agree with her conclusions that while Robin
Schuil may have nothing but the best intentions in posting the blog worm it is
irresponsible for people to trust Robin carte blanche. Say for instance Robin
replaces the innocuous file with something that is way worse say a WMF file.
Now take that a step further what if Robin's site got hacked and the picture were
replaced without his knowledge. Or someone saw the distribution potential and attempted to capture the same effect except for malicious purposes. It is all simply a matter of trust just because
something seems innocent doesn't mean it is, just think of the Greek's and the
Trojan horse if you need a clearer example.
Just to clarify though Robin I think it is a cute idea I would however recommend
that you provide a download link for people to host your image. The blog worm
can still spread but it should be tamed.
« Printers and Faxes Missing from Start Menu Heres How to get it Back | Main | Goobuntu: Google needs to stick to search engines »
January 31, 2006
Comments
The comments to this entry are closed.
Search This Blog
Subscribe
June 2006
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 |
Blog Worm
- Infected by Blog.Worm
Please note this not a real virus but only an embeded GIF file meant for humor.
Other Blogs of Note
- eWEEK.com Security Blog
- F-Secure : News from the Lab
- Mark's Sysinternals Blog
- Nick's Computer Security
- ReveNews
- Security Fix
- Spyware Confidential
- Spyware Daily
- Spyware Hunt
- Spyware Informer
- Spyware Sucks
- SpywareInfo
- Sunbelt BLOG
- Technology & Marketing Law Blog
- Tenebril Spyware Blog
- Threat Chaos
- Vitalsecurity.org
Hi,
Few comments:
a) I'm a "he" not a "she". Thanks for that ;)
b) I understand the concern, but isn't that with every image? For example, your Bloglines etc. buttons in your sidebar are hosted by Bloglines. If they got hacked you would be vulnerable to the same problem.
I don't see why Blog.Worm is more dangerous.
(please copy follow ups to my mail too)
Posted by: Robin Schuil | February 02, 2006 at 05:10 AM
A) Sorry about the gender confusion I actually tried not use he or she but because I was unsure though somehow it crept back in. I have since fixed it.
B) Your correct that is a concern with every hosted image in this day and age. Years ago images were considered harmless and non exploitable though in recent days those assumptions have been proved false. As for the Bloglines image you are correct and I should be hosting that locally as well. I will try to make that change as soon as possible as well with all non-locally hosted images.
Robin please do not take my criticism as harsh if anything I am a proponent of your idea. I think it is a great concept and even endorse it by posting it on my blog. I would be remiss though writing a blog concerning security and spy-ware and implicitly trusting someone I have never met nor have any true knowledge of their intentions.
Posted by: Psyne | February 02, 2006 at 09:04 AM