Educause Security Discussion mailing list archives
Re: Google announces privacy changes, no opt out for users
From: Tim Doty <tdoty () MST EDU>
Date: Thu, 26 Jan 2012 09:38:22 -0600
A quick look at jotti's source and I expect them to follow virustotal down the path of requiring allowing all google domains to function. To force javascript enabled they disable the form input and then use javascript to enable it. They have a claim that the service will not work without javascript. Inasmuch as that is true it is only so because they deliberately broke the page. Of course, it is a misleading statement anyway because javascript isn't an either/or situation (thanks to NoScript). They also use javascript to validate form data. I haven't looked at it deeply (what is there to validate for a simple file upload?), but I did notice the comment that they skip hidden elements because user's can't alter the information. Really? My estimation of their web developers is dropping... The javascript they include looks pretty mundane, just some "fancy it up" type stuff (and of course a function to enable the submit button for the form). If they were upfront and said "this is an ad supported service, we will try our best to make it not work if you don't view our ads" I'd think more highly of them. What would be nice is a community service that did what virustotal and jotti do, but without the back links to google. Maybe something for REN-ISAC (as if they didn't have enough stuff lined up already...) Tim Doty On Thu, 2012-01-26 at 09:23 -0600, Tim Doty wrote:
On Thu, 2012-01-26 at 09:01 -0600, John Kristoff wrote:On Thu, 26 Jan 2012 08:24:08 -0600 Tim Doty <tdoty () MST EDU> wrote:I'm aware of some alternatives, but I'm curious about reputation. What do people here use other than virustotal?I can't speak to reputation, but here are a few popular alternatives. Not all of these do exactly the same thing, but they do at least provide a similar sort of service: <http://anubis.iseclab.org/>yep, these guys are good for getting an analysis<http://fileadvisor.bit9.com/services/search.aspx>I don't think I've seen this one before, thanks!<http://www.team-cymru.org/Services/MHR/> <http://www.threattrack.com/> <http://www.threatexpert.com/submit.aspx><http://virusscan.jotti.org/en>This is one I've started using. Note, they also require javascript "just because" (c'mon, it doesn't require javascript to do a simple form, but for some reason the submit button isn't active until you permit their domain -- I haven't analyzed what their javascript does, but the fact they require it for *submit* button is not encouraging).<http://wepawet.iseclab.org/>I've never had wepawet ever find anything, even on files simple enough for manual examination it would conclude it was safe. Tim Doty
Current thread:
- Google announces privacy changes, no opt out for users Nicole Kegler (Jan 25)
- Re: Google announces privacy changes, no opt out for users Solem, Vik P. (Jan 25)
- Re: Google announces privacy changes, no opt out for users Martin Manjak (Jan 25)
- Re: Google announces privacy changes, no opt out for users Troy S. Jordan (Jan 25)
- Re: Google announces privacy changes, no opt out for users Maria Peluso (Jan 25)
- Re: Google announces privacy changes, no opt out for users Josh Richard (Jan 25)
- Re: Google announces privacy changes, no opt out for users Bradley, Stephen W. Mr. (Jan 25)
- Re: Google announces privacy changes, no opt out for users Tim Doty (Jan 26)
- Re: Google announces privacy changes, no opt out for users John Kristoff (Jan 26)
- Re: Google announces privacy changes, no opt out for users Tim Doty (Jan 26)
- Re: Google announces privacy changes, no opt out for users Tim Doty (Jan 26)
- Re: Google announces privacy changes, no opt out for users Valdis Kletnieks (Jan 26)
- Re: Google announces privacy changes, no opt out for users Martin Manjak (Jan 25)
- Re: Google announces privacy changes, no opt out for users Solem, Vik P. (Jan 25)
- Re: Google announces privacy changes, no opt out for users Steve Bohrer (Jan 25)
- Re: Google announces privacy changes, no opt out for users Solem, Vik P. (Jan 25)
- Re: Google announces privacy changes, no opt out for users Isabelle Graham (Jan 25)
- Re: Google announces privacy changes, no opt out for users Karl Bernard (Jan 25)
- duckduckgo Kevin Shalla (Jan 26)
- Re: duckduckgo John Ladwig (Jan 26)
- Re: duckduckgo Kevin Shalla (Jan 26)
- Re: duckduckgo Bradley, Stephen W. Mr. (Jan 26)
- Re: duckduckgo Isabelle Graham (Jan 26)