Whoa! Canada

laurel l. russwurm's political musings

#WikiLeaks “malicious search engine poisoning attacks” ?

with 3 comments

Leaking eavestrough titled WikiLeaks

Defence staff warned to steer clear of WikiLeaks docs:

“The department fears accessing the site could expose government computers to “malicious search engine poisoning attacks” and that third parties might “collect and exploit visitor data or deliver malicious software through downloaded files.”

The Ottawa Citizen.

Yet from a computer security standpoint the WikiLeaks #cablegate downloads all seem to be in standard HTML, making the downloads relatively secure from malware because there is no javascript to execute malicious software code

Because the WikiLeaks downloads aren’t in Adobe PDF format they aren’t susceptible to the security vulnerabilities that come with the popular Adobe Reader and software.

Which makes downloading from WikiLeaks safer than downloading from many websites on the Internet.

But isn’t the Department of Defense at risk for:

“malicious search engine poisoning attacks” ?

Ahem…. what is that exactly?

SEO Poisoning” or “Search Engine Optimization Poisoning” may sound scary but what it means is tricking search engines into ranking your website more highly than it deserves.

This is done by inserting words or phrases that would get high ranking from a search engine. An example of “SEO Poisoning” might be when a webpage selling grass seed gratuitously using phrases like “Justin Bieber.”

Sometimes this dastardly deed is accomplished by including high ranking words and phrases in the same color as the background, making the text invisible to visitors and fooling Search Engines that do see these words and are fooled. This “poisons” the search results.

When I Googled “malicious search engine poisoning attacks” the were only a few direct hits, which explain it as “SEO Poisoning” used to drive traffic to scam websites.

The thing is, every time you search the Internet, using Google or Scroogle or Bing, any search engine is going to bring you results that are not what you are looking for. That’s why you get more than one answer to a search: it is far from an exact science. Poisoning is a serious problem for Google, say. But for the Department of Defense?

What WikiLeaks has done is to make classified material public. Which means that looking at some of this material will very likely violate Defense Department policy.

see no evil, hear no evil

2 out of three monkeys fro sale
This memo sounds rather like the equivalent of the “close your eyes” method of security. The only way to ensure Defense Department employees do not see any of this material online would be to disconnect from the Internet.

I would expect the Federal Government computer security staff to be aware of this. Perhaps the Department of Defense needs a little refresher course on computer security.


MEANWHILE:

WikiLeaks,org domain killed by US everydns.net after claimed mass attacks KEEP US STRONG http://alturl.com/qx8gd !wl

In other words, http://www.everydns.com/ has pulled the plug on http://wikileaks.org/

WikiLeaks may be down but they are not out.
Help keep WikiLeaks going by donating to:
https://donations.datacell.com/
http://collateralmurder.com/en/support.html

and

the Cablegate page is still up.

further reading

Australia provides some insight: Crikey: Missing the point on WikiLeaks

WL Central: an unofficial WikiLeaks Information Resource

boingboing: Amazon: Wikileaks has no right to publish the leaks and Wikileaks.org domain ‘killed’

TechDirt: Wikileaks Says Its Site Has Been ‘Killed’



Hear no evil, see no evil” Photo by Charlton Barreto on ipernity Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License

a horizontal border of red graphic maple leaves

About these ads

3 Responses

Subscribe to comments with RSS.

  1. Just in: a list of Wikileaks Mirror Sites

    These webpages “mirror” the content on Wikileaks, & are good alternates when the real WikiLeaks is down
    … note just pulling info together for the a post with new URLs

    Laurel L. Russwurm

    December 3, 2010 at 5:10 am

  2. [...] WikiLeaks “malicious search engine poisoning attacks” ? This memo sounds rather like the equivalent of the “close your eyes” method of security. The only way to ensure Defense Department employees do not see any of this material online would be to disconnect from the Internet. [...]

  3. [...] of black listing has actually been demonstrated when the American government sought to censor WikiLeaks. Removing the domain name from the registry does not remove the IP [...]


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 1,615 other followers

%d bloggers like this: