| FRONTPAGE | DOWNLOADS | ABOUT ME | TERMS & CONDITIONS |

SA Security Bloggers

link SensePost
link Haroon Meer
link Matt Erasmus
link Andrew Mohawk
link Junaid Loonat
link Barry Irwin
link Tom Wells
link Allen Baranov
link Jock Forrester
link IT Security Pubcast
link Telspace
link ISGAfrica
link Ralfe Poisson

Popular Entries

Articles
link Vulnerability Life Cycle - threat modelling
link Web Hacking 2.0
link Why Exploit Markets are Bad
link Ettercap-NG Workings and Defence
link The Zotob Summary

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.
Random Entry: Limbo
< Chip & Spin | Blogging on TechLeader >

Monday, June 2. 2008

SABC Blacklisted by Google

Security

I've been ranting about the SQL injections for a while now. While infecting your visitors with malicious software semi-silently generally doesn't put the pressure on the right people (i.e. the externality lies on the infected user not the infecting business), having your organisation blacklisted by Google shifts that externality. Here are the screenshots of Google warning me that the South African Broadcasting Company (SABC) may harm my computer. Check it yourself by googling 'sabc'. At the time of writing, the SABC had fixed the page.

Strangly enough, of the almost 100 other infected SA domains, the only other two South African domains blacklisted were:

  • gowerpower.co.za
  • 4hair.co.za and fourhair.co.za
  • saart.net

While we're at it, I've found the following *new* domains injected into SA sites:

  1. nihaoel3.com - 21 700 (International), 2 (Local)
  2. qiqigm.com - 80 500, 3
  3. woai117.cn - 5, 1
Finally, as a last, unrelated, poke in the eye, it seems the 'International Housing Research Network' a .gov.za site has had it's forums defaced (they've been contacted):


Posted by Dominic White in Security at 23:48 | Comments (3) | Trackbacks (0)
Last modified on 2008-06-04 08:36

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

Great post, I'm with you on the ranting. We have also tried to notify the SABC but were greeted with "there's no issues on our website". After we pointed them to an entire thread on mybroadband.co.za and how Google had blocked their page, things seemed to have changed slightly. In addition, last night we completed an analysis of the one they actually got hit with(which exploits swf, various versions of realplayer and microsoft xml vulns), we will be releasing it on our blog soonish(http://0mghax.blogspot.com).
#1 Dino C (Homepage) on 2008-06-03 09:12 (Reply)
Nice one, I look forward to it. Glad to get your blog URL too, will subscribe and added it on the left. Know any other good SA infosec bloggers?
#1.1 Dominic White (Homepage) on 2008-06-03 10:11 (Reply)
It's up, but a little bit messy on the blog because of formatting, but the PDF version is available! :) Unfortunately, not that many that I know of, but I will let you know if any come up. I popped in to your office yesterday for a meeting and checked to see if you were in your _specific_ office, but I think that you were off? :) See you soon though!
#2 Dino C (Homepage) on 2008-06-04 08:36 (Reply)

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

Quicksearch

Security Blogs

* Schneier on Security: Friday Squid Blogging: Squid Launcher from "Despicable Me"

* Schneier on Security: Doomsday Shelters

* extern blog SensePost; : Go-derper: mining your memcacheds

* Schneier on Security: Hacking ATMs

* The Spanner: Setters using VBS and constant hacks

* The Spanner: Sandboxed DOM API

* funkatron.com: Links for 2010-07-29 [del.icio.us]

* SecuriTeam Blogs: The List Of A 100 Million Facebook Username’s.

* SecuriTeam Blogs: REVIEW: “The Myths of Security”, John Viega

* BlueHat Security Briefings: MAPP – An Insider's view

* Chris Shiflett: Auto Increment with MongoDB

* Ivan Ristic: Internet SSL Survey 2010 is here!

* terminal23: skills for work and skills for getting work

* 1 Raindrop: Acts of God Algorithm

* Schneier on Security: Security Vulnerabilities of Smart Electricity Meters

* Jeremiah Grossman: In Firefox we can’t read auto-complete, but we can write to it (a lot)!

* Jeremiah Grossman: Patching auto-complete vulnerabilities not enough, Cookie Eviction to the rescue

* Jeremiah Grossman: Stealing AutoComplete form data in Internet Explorer 6 & 7

* Schneier on Security: DNSSEC Root Key Split Among Seven People

* BlueHat Security Briefings: The EMET 2.0 Training Video has arrived!

(c) Dominic White 2010