Web malware attacks are often distributed through hacked web pages and applications. While the webmasters of these sites may be guilty of missing an important update, they are hardly willing participants in the malware campaign. In fact, as victims of such campaigns, they often end up losing money, page views, and even their reputation when their visitors are hijacked by the attackers. This makes webmasters excellent allies to web security efforts. By providing them free, high-quality information to aid in recovery, webmasters can be empowered to quickly address any issues with their sites.
The challenge is that attackers are also listening. There have been reports of attackers registering on webmasters’ behalves for security notifications so they can use this information to evade detection. It must be assumed that any information that has been shared with a webmaster can also make it to the attacker. This leads to a difficult balance: you need to share enough data with webmasters to resolve the problem without sharing too much and tipping your hand to the attackers.
Kelly Harrington explores how web security initiatives work with webmasters to clean up malware attacks and fix other security issues that affect the web ecosystem. Along the way, Kelly explains how to strike the right balance between providing help to site owners and protecting data from bad actors.
Kelly Hope Harrington is a senior software engineer on the safe browsing team at Google, where she focuses on detection of web-based threats and outreach to webmasters. In her 20% time, she coleads Google’s presence at the San Francisco Pride Parade. Kelly holds a BS in computer science from Carnegie Mellon University, where she took a special interest in computer security and linguistics.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org