Google says Tim Eyman's website could be dangerous (No, seriously!)
According to a "Safe Browsing" advisory from the search giant, Eyman's site [don't click, for the love of humanity!], is "listed as suspicious" and "may harm your computer."The reason Google has Eyman's site marked as untrusted is because its crawler discovered malicious scripts that were recently injected into the site's code.
It seems that destroying our state's tax base, abolishing affirmative action, opening up HOV lanes to single-driver SUVs, and legalizing discrimination on the basis of sexual orientation were not sufficiently malicious gambits for Eyman to attempt. Now his malware is extending beyond public policy into the digital realm itself.
What happened when Google visited this site?It appears whoever handles Eyman's site has successfully removed the malicious scripts since Google discovered them, although it's not clear if Eyman and Company have taken any additional precautions to guard against future exploits.
Of the 16 pages we tested on the site over the past 90 days, 6 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-24, and the last time suspicious content was found on this site was on 2009-11-11.
Malicious software includes 6 scripting exploit(s).
Malicious software is hosted on 2 domain(s), including newtechnologyconference.co.uk/, ppl-14.ru/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including ppl-14.ru/.
Internet security is very serious matter, but too few administrators - and an even smaller percentage of users - are as paranoid about staying safe as they should be.
It is possible to configure one's browser to protect against malicious scripts and bad neighborhoods on the World Wide Web. For users of Firefox, this means installing a simple add-on, called NoScript, which blocks scripts by default and allows them for websites that a user has marked as trusted.
I've used NoScript for years, and it conveniently blocks most advertising and unwanted garbage on web page in addition to malware. In fact, I use NoScript to prevent Google from spying on me as I surf the Net (which Google can do with its own scripts, including Google AdSense and Google Analytics).
Had I visited Eyman's website while it was infected, nothing would have happened to my computer, because NoScript would have prevented that malware from getting into my machine in the first place.
But I'm unlike most users; I take security very seriously.
Securing websites is trickier and requires more technical expertise than securing a browser, which is one reason why most webmasters lease space and bandwidth from a host, company that specializes in serving websites. The host employs people who are responsible for securing the machines that serve their clients' websites.
It is, again, unclear who cleaned up Eyman's website and got rid of the malicious scripts. It could have been Eyman's webmaster. Or his host.
Whoever it was, they failed to act until after Google had started warning users that Eyman's site was unsafe.
Hopefully Eyman's people have got things locked down now so that users who visit are only exposed to Eyman's bad ideas and nothing else.