Berkeley CSUA MOTD:Entry 49677
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/04/03 [General] UID:1000 Activity:popular
4/3     

2008/4/7-12 [Computer/Companies/Google] UID:49677 Activity:nil
4/7     Google searches spread spyware and hijack your PC to spread spam.
        http://www.csua.org/u/l8b
        \_ very poor understanding and description of the technical issues.
           Google isn't involved.  -tom
           \_ 'Google issued a statement saying it is helping affected
              websites fix the problem and is also developing new tools "to
              detect and block" malicious Web pages.'
              'The search engine trick - which has been focused on Google, ...'
              \_ Of course it's focused on Google, it's the search engine that
                 everyone uses.  All Google is doing is returning search
                 results.  -tom
                 \_ "All Windows is doing is supporting EXEs to run ......".
                    \_ ridiculous analogy.  -tom
                       \_ Actually very apt.
                          \_ only if a Windows EXE runs on other operating
                             systems.
        \_ That has to be the worst article I've ever read.
ERROR, url_link recursive (eces.Colorado.EDU/secure/mindterm2) 2025/04/03 [General] UID:1000 Activity:popular
4/3     

You may also be interested in these entries...
2013/1/22-2/19 [Computer/Companies/Google, Industry/SiliconValley] UID:54584 Activity:nil
1/22    Google, again:
        http://www.slate.com/articles/technology/technology/2013/01/google_people_operations_the_secrets_of_the_world_s_most_scientific_human.single.html
	...
2012/12/10-18 [Computer/Companies/Google] UID:54553 Activity:nil
12/10   Biggest Google outage ever?
        http://www.theatlanticwire.com/technology/2012/12/why-gmail-chrome-and-drive-went-down-today/59822
	...
2012/8/29-11/7 [Computer/SW/Security] UID:54467 Activity:nil
8/29    There was once a CSUA web page which runs an SSH client for logging
        on to soda.  Does that page still exist?  Can someone remind me of the
        URL please?  Thx.
        \_ what do you mean? instruction on how to ssh into soda?
           \_ No I think he means the ssh applet, which, iirc, was an applet
              that implemented an ssh v1 client.  I think this page went away
	...
2012/8/16-10/17 [Computer/SW/SpamAssassin] UID:54458 Activity:nil
8/16    Why does my Y! mail account always full of unfiltered spam
        mails (and they're obviously spams)? Why can't they do
        a better job like Google mail? Why does Y! mail charge
        for exporting email? Google mail doesn't do that.
	...
Cache (2694 bytes)
www.csua.org/u/l8b -> www.usatoday.com/money/industries/technology/2008-03-31-javascript-hackers_N.htm?POE=click-refer
Print | By Byron Acohido and Jon Swartz, USA TODAY Cybercrooks are manipulating the computer code used to put the pizazz in millions of websites in hopes of taking over unsuspecting consumers' PCs. The vulnerability occurs when someone does a Google search, then clicks on a result that has been secretly tainted by hackers. But at the same time, they are invisibly redirected to a computer server that installs a hidden program. This program enables hackers to use the PC to spread spam and carry out scams. Typically, it also lets the attacker embed a keystroke logger, which collects and transmits your passwords and any other sensitive data you type online. That's seven in 10 sites, says tech security firm WhiteHat Security. Hackers have discovered ways to trick the website application to run malicious JavaScripts. "We're in a phase where one or two smart guys are attacking a few dozen major websites," says David Dewey, manager of IBM's X-Force security division. "In the next few weeks I would expect to see copycats attacking hundreds of high-profile websites." com and many universities, says Dancho Danchev, a Netherlands-based security researcher, and Finjan Software, an Israeli security firm. But in March alone Dewey and other security researchers found several hundred thousand corrupted Web pages returned in common Google search queries. They fear crime groups have just begun to take advantage. Google issued a statement saying it is helping affected websites fix the problem and is also developing new tools "to detect and block" malicious Web pages. Security experts say consumers can protect themselves by keeping anti-virus subscriptions and software updates current. Running an anti-virus scan may help repair infected PCs, although more serious fixes may be necessary. com and Wired said each blocked the attacks as soon as they were discovered. "It should be the responsibility of the website operators to stop exposing people to risk as soon as possible," says Billy Hoffman, a security researcher at Hewlett-Packard. Gail Hillebrand, senior attorney at Consumers Union, agrees. Attackers have taken advantage of JavaScript before, but usually on individual sites. The search engine trick -- which has been focused on Google, though it could work on Yahoo and MSN search engines -- is new, Danchev says. Attackers are thrilled "to capture even a small percent of the traffic" of a big site, Finjan's Yuval Ben-Itzhak says. Include name, phone number, city and state for verification. Conversation guidelines: USA TODAY welcomes your thoughts, stories and information related to this article. Keep the conversation appropriate for interested readers across the map.