Cool Google Security Link

[slowfox]

TWiT's Security Now podcast mentioned this fantastic tip in their most recent episode, whereby you can use google to see how many security issues a given site has raised over the last 90 days. Google obviously collect this data, since they warn you about suspicious sites etc every now and again - this tip simply surfaces that information.

Unfortunately, there isn't a user-interface as such, so you have to handcraft the URL, but it's relatively straightforward:

Example: http://www.google.com/safebrowsing/diagnostic?site=google.com

This checks google's own site (and ironically reports one malicious scripting exploit found in the last 90 days).

To target a different site, you simply change the ?site=google.com bit at the end of the URL to point to the desired target.

So, to check The Grauniad's site(s), we'd use ?site=guardian.co.uk, like this:

http://www.google.com/safebrowsing/diagnostic?site=guardian.co.uk

Interestingly, The Other Place throws up several issues:

Of the 15126 pages we tested on the site over the past 90 days, 144 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-09-20, and the last time suspicious content was found on this site was on 2009-09-20.

Malicious software includes 3 scripting exploit(s), 2 trojan(s), 2 exploit(s).

Malicious software is hosted on 19 domain(s), including tinnily.info/, convex.ru/, lavyer.info/.

10 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including lj-toys.com/, goeachscan.com/, susuman.com/.

Currently, Dreamwidth gets a clean bill of health.

Anyway, really cool google tool to play with (I checked work, and it's currently clean, too).

Comments

[alicit]

Nice tool, but the results for LJ are scary. May I post this on my IJ and LJ?

[slowfox]

Of course you can quote this elsewhere!

The LJ results seem to imply that of the pages they checked, 1% were infected. So, if you've got a large flist...

OTOH, I suspect that the malicious accounts are probably clustered around certain communities. Of more concern was the warning about sites like lj-toys and stuff, because I know that some people on my former flist were using sites like those.

[cynthia_black]

That's really interesting! The LJ stats are a concern, I have to say - I compared that to the results for Facebook, which I expected to have a fair few results, but it only had one. I think I'll link to this on LJ as well.

[slowfox]

I compared that to the results for Facebook, which I expected to have a fair few results, but it only had one.

And Twitter, surprisingly, had none. Yahoo.com is scary, though :-P

[linaelyn]

Oh, this is marvelous. Thank you for finding such awesome stuff.

[slowfox]

Well, not so much 'find' as 'relay', but thank you, and you're welcome :-)

[alicit]

Video and media embedding in LiveJournal entries have been disabled because of lj-toys.

Post from lj here

[slowfox]

It reads as though that particular exploit was shortlived, though, and the LJ team managed to lock everything down within a couple of hours.

Still, we'd rather peoples nefarious weren't able to harvest our email addys, nonetheless, no?