« Tracking security advisories for specific products via RSS InfoCard: Sender-ID All over again? »
When Blacklisting Goes Bad
Posted March 6, 2006 – 10:51 pm by Yakov Shafranovich in Spam and EmailUPDATE: This has been fixed
Earlier today I ran across a post at Brian Krepp’s security blog at the Washington Post about an add-on called “SiteAdvisor” which claims to provide helpful feedback when browsing as to whether a specific site is secure or not, whether it carries spyware, etc.
First, I tried out their Firefox extension (in my personal opinion, it doesn’t really do much compared to the IE one). But when I tried out the IE extension, I was suprised to see my own site blacklisted for providing spyware.
My first thought was that my site was hacked (like another recent attempt). However, a closer look revealed that the single potential file in question was in fact a piece of spyware I analyzed and posted about in this blog about a year ago. OBVIOUSLY, spyware analysis occasionally requires live samples and I don’t see how anybody would be stupid enough to download this on their own. In any case, I sent off an email to them to have this corrected.
I also noticed that Ben Edelman’s site has also been flagged (although not as severely) for linking to bad sites. Well, duh! – he is a spyware researcher, of course he links to his “subjects”. I did notice a comment from Ben himself correcting the record BUT the site rating was not changed.
All of this got me thinking – the same problems that we have in the email world with wrongful blacklisting are now being carried over to the phishing world as well where entire sites can be blacklisted as well. For example, Tucows is yellow-listed with ” In our tests, we found a small fraction of downloads on this site that some people consider adware or other unwanted programs.” while Download.com is green listed for basically the same thing with “In our tests of this site, a very small percentage of its many downloads contained adware or other unwanted programs. However, credible user feedback suggests this site is safe to use.” Would companies need to hire website reputation monitors just like they do for email? Perhaps this should get a second look?
“Quis cusotdiet ipsos custodes”
Tags: security —
Permalink | Trackback URL | This post has
1 Trackback(s)