It's been two years now since the whole Forbes-malware "thing", and I've found it hard to move on. It left a mark on me and how I participate online, for sure. I posted about it (ghettoforensics.com/2016/03/of-mal…), but there's a few things that weren't publicly mentioned. 1/10
A quick recap: Forbes article asks users to disable ad-blocker to view page. I did, loaded page, and it popped up an ad to a suspicious Java download page. Page was benign, but it struck me as funny so I took a screenshot and made a glib comment of "oh noes malware". 2/10
I followed up w/ logs & clarification, but train already left station and it became a story of "Forbes infecting users with malware".
Forbes was great to work w/. They used a competent 3rd-party ad provider. Jumped on con calls, they had lots of data for us to find instance. 3/10
Forbes was great to work w/. They used a competent 3rd-party ad provider. Jumped on con calls, they had lots of data for us to find instance. 3/10
I dug through my laptop, researched every extension I had installed, but couldn't find anything to show how it happened, nor was I able to reproduce it. But, still not malware. It was just a Java download page. 4/10
No smoking gun was found, my analysis of browser/plugins continued, press got interested. Forbes talked with press, forwarded them to me, even with BBC. All agreed it wasn't that big of a thing and dropped the story. 5/10
Initial tweet was carried far and wide, but not the clarifications and actual data. Too much damage and wrong ideas being spread, so I delete the initial tweet. Things settled down. Then I receive notification that I was mentioned in an article. 6/10
Out of nowhere @Engadget entered the field with a story tying this event to former drive-by malware incidents, using just a cache of my deleted tweet and no additional details; not even an email to me. That single article created a nightmare for everyone. 7/10
Clarifying comments on Engadget article were downvoted, letter to publisher went unanswered. A peaceful situation now seemed hostile. Torches and pitchforks appeared, and so did my ulcers. There was nothing to do but let the stampede happen. 8/10
Weeks later, fires are still burning. Bruce Schneier links to the article (I try to clarify w/ no success). Reporters threatened to quit. /r/TechSupport opens a vote to ban all Forbes content based on that article (I PM mods and they relented). 9/10
2 yrs later. I've greatly limited social media activity.
I'd draft 20 tweets a week, then delete.
I have very little trust in "news blogs" anymore.
I don't trust highly-RT'd content.
I try to articulate my words; stop being glib.
That's it. Hopefully interesting for some 10/10
I'd draft 20 tweets a week, then delete.
I have very little trust in "news blogs" anymore.
I don't trust highly-RT'd content.
I try to articulate my words; stop being glib.
That's it. Hopefully interesting for some 10/10
Having a public platform means words can be used beyond your proposed scope. I never fully realized that before.
Sound bites carry fast
If someone else's paycheck is on the line, and you don't have 100% logs and data, best to just not post public at all. 11/10
Sound bites carry fast
If someone else's paycheck is on the line, and you don't have 100% logs and data, best to just not post public at all. 11/10
