Gotten any malware warning messages lately?

Some people have recently seen malware warning notices whenever they access any blog that contains a blogroll (or link list) sponsored by BlogRolling. Among the blogs that have been affected are two blogs belonging to 1389AD, namely 1389 Blog and 1389 Message Blog.

You may be relieved to know that the security alerts are a false alarm. I have since moved the Blogrolling link lists to a separate page, so that the messages will not come up when readers attempt to access blog posts.

If you own or administer a blog or website that displays a link list via BlogRolling, you will need to be aware of this. Malware warning notices can frighten and upset visitors to your blog, even if the notices are bogus.

BlogRolling may disappear soon

After being told about this, I visited the BlogRolling News & Status page. Here’s what I found:

Update on BlogRolling

SAT SEP 18th, 2010

We’re aware that there is an issue with BlogRolling blogrolls causing some browsers to display a security warning.

There’s nothing really wrong with BlogRolling itself but the way we connect your blog to the sites in your blogroll makes some security algorithms think there is.

If you find yourself in this situation, we recommend you remove the Blogrolling code from your site.

We’re probably going to be shutting the service down soon. We’ll post more information here and on our Twitter account (@blogrolling) as we decide on next steps.

We’re hoping we can give you enough time to get any data you need out of your blogrolling account before we shut down, but if you really need that data, you might want to get it now just in case.

Why aren’t we just fixing it and letting you continue using the service?

BlogRolling has largely been on auto-pilot for the last six months or so. The people who built it for us don’t work for us anymore. Even though it doesn’t make us any money, we wanted to keep it running because we know folks like it. But we’re not really comfortable with the code causing security warnings and that means it’s probably time for the service to end.

Thanks for your support. Stay tuned for more details in the next few days.

What to do?

If you are using BlogRolling to manage your blogrolls or link lists, you will need to get your links out of BlogRolling and put them somewhere else for safekeeping. As far as I know, there is no easy way to do this.

• As an emergency measure for making a rudimentary backup of your links, you can login to your BlogRolling account, then click the link to “My BlogRolls” if that page is not already visible, then click “Get BlogRolling Code” on your blogroll.

  Then scroll down to the “RSS” subheader, click to select the code. Copy and paste the URL into your favorite RSS feed reader, just as you would do with any new feed subscription. If you don’t already have a feed reader, you can use Google Reader.

• You can also select “Add/Edit Links” for the desired blogroll, then use your browser menu to Select All and Copy each page of links. Paste each page of links into a text file, using Notepad or something similar.

After that, if you want your links to be available to readers on your blog, you will have to re-enter them into whatever widget your blogging software provides for managing link lists. Unless someone decides to provide some software for automating this, it will be a time-consuming and arduous task. I have nearly a thousand links in BlogRolling at this point, so I expect it to take me awhile.

(Updated 11/3/07, 11/12/07, 11/15/07, 11/24/07)
We win, they lose!

From the redoubtable Jawa Report:

• Cyber Report of Loser’s Super Cyber Dud
• Al Qaeda’s Coming Cyber Attack Cancelled
• The Jawa Report: Al Qaeda Declares Internet Jihad
• Al Qaeda’s “Jihadi Battalions to Attack the Internet” Declaration (translation is here)

AQ is making threats. So what else is new?

Suffice it to say that 1389 won’t be staying up nights worrying about this.

Jihadis of every stripe have been trying to shut down opposition blogs and websites all along! Ever since there have been counterterrorist/anti-jihadist websites and blogs, there have been problems with pro-jihadist activity. It goes with the territory. We’ve dealt with hackers, trolls, cyberstalkers, DDOS attacks, abuse of “censorware” to block access to our sites, slander and defamation, frivolous (albeit expensive) lawsuits, death threats, actual physical attacks – you name it!

Guess what? We have been aware of the risks all along, and we know how to fight back. (See Dancho Danchev: Electronic Jihad v3.0 – What Cyber Jihad Isn’t if you’re curious about the techie details.) We’re still here, and we’re here to stay!

That said, let me remind everyone to continue to take appropriate precautions:

• Make sure that the latest versions of your anti-virus/anti-malware products are installed and configured correctly.
• Make sure that your operating system is up to date with all security-related patches.
• If you have a blog or website, take backups of everything and keep the backups in several places.
• If your site is unexpectedly down or cannot be accessed, contact your hosting provider immediately.
• If you are being attacked, please refer to our Stop Blog Censorship and Reference Material resource pages for more information about how to report it and what to do next. Also, please let us know by using this form to send us email.

Why did AQ announce this now?

Here’s one possibility: AQ is upset about the way things are going in Iraq. They’re forced to acknowledge that their posteriors are being kicked not only by US and coalition troops, but by the Iraqis themselves. (See “The darkness has become pitch black” – Osama bin Laden on Iraq situation.) The Jawa Report says that sources indicate that AQ may be turning more of its attention to Afghanistan, because it has no future in Iraq.

Numerous AQ attacks have been thwarted in various other places around the world. Yes, AQ is dangerous, but certainly not invincible. Not if we put our minds and hearts and strength into stopping them!

Also see:

• McAfee Avert Labs Blog: Cyber Jihad Isn’t Here Yet
• The Jawa Report: Open Source Assessment of al Qaeda and Taliban
• The Jawa Report: Al Qaeda Taking Over Taliban?
• Michael Yon Online Magazine: Iraqi Islamic Party Says al Qaeda Is Defeated
• Audio: Michael Yon on the Defeat of al Qaeda in Iraq
• Terrorism: Latest bin Laden message ‘the most important in al-Qaeda’s history’
• Cyber Jihad, Litigation Jihad Cyber Litigation Foiled
• WashTimes: Web sites ready for al Qaeda ‘morons’
• AP: Experts convene to discuss terrorists’ use of Internet

Technorati : Foehammer s Anvil, Internet, Iraq, Islam, Jawa Report, Jihad Watch, al Qaeda, cyberjihadism, e-jihadis, malware, tech tips
Del.icio.us : Foehammer s Anvil, Internet, Iraq, Islam, Jawa Report, Jihad Watch, al Qaeda, cyberjihadism, e-jihadis, malware, tech tips
Ice Rocket : Foehammer s Anvil, Internet, Iraq, Islam, Jawa Report, Jihad Watch, al Qaeda, cyberjihadism, e-jihadis, malware, tech tips

Powered by Zoundry

Click here to see it now!

Technorati : Islam, badge, blacklisting of antijihadists, blogroll, censorship, censorware, cyberjihadism, cyberwars, e-jihadis, enemy propaganda, resource page, tech tips
Del.icio.us : Islam, badge, blacklisting of antijihadists, blogroll, censorship, censorware, cyberjihadism, cyberwars, e-jihadis, enemy propaganda, resource page, tech tips
Ice Rocket : Islam, badge, blacklisting of antijihadists, blogroll, censorship, censorware, cyberjihadism, cyberwars, e-jihadis, enemy propaganda, resource page, tech tips

Powered by Zoundry

See this entry on My Pet Jawa, a prominent antijihadist blog.

It has certainly taken awhile for the U.S. government to start paying attention to cyberjihadism.

1389 wants to know:

When will they begin to look at the relentless pro-jihadist intimidation and censorship at social news and Web 2.0 sites, such as Digg?

When will they recognize that the site’s owners and staff are responsible for allowing this activity to run rampant?

When will they start looking at the backgrounds and connections of these staffers, including contractors?

Allowing our self-proclaimed enemies to take control of, and to censor, our social news sites is giving them waaaaay too much power, and it has to stop!

Update (6/16/07):

• From Middle East Media Research Institute (MEMRI) comes more evidence that this threat is significant: Global Islamic Media Front Instructs Islamists to Infiltrate Popular Non-Islamic Forums to Spread Pro-Islamic State Propaganda. We can only guess how many sites have been infiltrated thus far.

Update (7/5/07):

• InformationWeek – Cyberattack – Electronic Jihad App Offers Cyberterrorism For The Masses. No skill or experience required!

Update (7/10/07):

• Doctorbulldog assesses our current predicament: Cyberterrorism, by whatever name: It’s on the increase!
• My Flanders Fields shows how the leftist/jihadist alliance has extended into the battlefield of cyberspace: Marx Kisses Mohammed on the Internet. This amounts to a high-tech Hitler-Stalin pact, and it’s time for the rest of us to figure out how to combat it effectively.

Next article on this topic:

The Battle Against E-Jihadis: Why we need to know what we’re up against!

Technorati tags:
1389
bury brigade
censorship
conservative
counterterrorism
current events
cyberjihadism
cyberwars
Digg
e-jihadis
Jawa Report
jihadism
littlegreenfootballs
malware
politics
Web 2.0

Technorati : Bury Brigade, Digg, Jawa Report, Web 2.0, censorship, counterterrorism, current events, cyberjihadism, cyberwars, e-jihadis, jihadism, malware, politics
Del.icio.us : Bury Brigade, Digg, Jawa Report, Web 2.0, censorship, counterterrorism, current events, cyberjihadism, cyberwars, e-jihadis, jihadism, malware, politics
Ice Rocket : Bury Brigade, Digg, Jawa Report, Web 2.0, censorship, counterterrorism, current events, cyberjihadism, cyberwars, e-jihadis, jihadism, malware, politics

Powered by Zoundry

Cnet News.com warns us that:

Popular add-ons to Firefox are the latest criminal attack vector

Many people have switched to the Mozilla Firefox browser because of Internet Explorer’s known vulnerabilities to malware. But as more people begin to use a browser, it becomes a larger potential target for malware, and authors of worms, spyware, spambots, and so forth will probe for ways to attack it. They’ve found that vulnerability in the download procedure for Firefox add-ins, whenever the download is coming from an unsecured server.

Here’s a summary of what to do to avoid the problem:

• If you have a wireless home router, make sure that you have set your password to something other than the default.
• Download an add-on only if it is hosted on a secure server; i.e., a server that uses the SSL “https” protocol. Safe add-ons are listed on Mozilla’s official Firefox add-on page.
• Your existing add-ons may automatically reconnect with their host to check for updates. This is safe only if those updates will be downloaded from a secure server. Disable any existing add-ons unless you are sure that you originally downloaded them from a secure server.

Techies can find more details about the Firefox vulnerability, including an FAQ, on Slight Paranoia, Christopher Soghoian’s blog:

A Remote Vulnerability in Firefox Extensions

Technorati tags:
downloads
Firefox
malware
Mozilla
tech tips

Where’s that fake-Viagra spam coming from? You might be surprised! According to this article, security researchers at Support Intelligence have traced spam-sending botnet clients back to networks run by the US military.

Technorati tags:
current events
fraud
malware
military
spam

This article in USA Today gives you even more reasons to be careful about opening email attachments. Be advised that cyberspies can be from any country, and they may be looking for your competitive business secrets as well as military or infrastructure data.

Update: Microsoft patches Office, IE 7 flaws.
Make sure that you have installed these patches on your system!

Technorati tags:
current events
cyberwars
malware
Microsoft Office
privacy