97 comments

[ 3.6 ms ] story [ 165 ms ] thread
Not on OSX (33.0.1750.152)
Yes on OSX 34.0.1847.11 beta
Blocks on OSX for me (33.0.1750.152) Does not block on Safari Version 7.0.3 (9537.75.14)
I can reproduce on Chrome 33.0.1750.154 m on Windows 8. Screenshot: http://imgur.com/cUEZJYe

The safe browsing diagnostic page shows no negative current or previous reports for wired.com despite describing it as suspicious:

http://safebrowsing.clients.google.com/safebrowsing/diagnost...

> What is the current listing status for www.wired.com? This site is not currently listed as suspicious.

> Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days.

Definitely on Chromium 33.0.1750.152.
Just accessed it under Chromium Version 33.0.1750.152 (256984) (arch linux) with no problems (except for some lag).
Super weird -- I'm on Arch Linux, too. Could it be DNS-related?
It's still blocked for me. I'm using Chrome Version 31.0.1650.57 on Debian Testing.
Probably some dns caching, I just rebooted and am greeted by 'malware ahead' now.

ps: Mozilla Firefox 31.0a1 is ok with wired.com

I just tried to go there using Chrome on Ubuntu and I got a malware warning: "Content from www.wired.com, a known malware distributor, has been inserted into this web page. Visiting this page now is very likely to infect your computer with malware."
The "more about" link shows that there are no malicious codes detected, etc. Maybe someone is sending false warnings?
It's blocking in Safari too so I think it's a MacOS diagnosis rather than a Chrome one perhaps? Or both browsers are detecting the same thing
(comment deleted)
(comment deleted)
Weird: http://safebrowsing.clients.google.com/safebrowsing/diagnost...

The page essentially says "We believe this page is suspicious, and we have no evidence to back up that claim."

EDIT: They must have updated it/ busted a cache. The page is now reporting some evidence.

funny it says "Of the 20 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-03-25, and suspicious content was never found on this site within the past 90 days." does zero count to be blocked?
First, it's already been unblocked.

Second, this is what it says at the above link:

--SNIP--

What happened when Google visited this site?

Of the 26 pages we tested on the site over the past 90 days, 4 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-04-05, and the last time suspicious content was found on this site was on 2014-04-05.

Malicious software is hosted on 1 domain(s), including zlubob.org/.

--SNIP--

They're doing a good thing with this, and they're helping webmasters who can't help themselves.

> First, it's already been unblocked.

It's still blocked for me, with Google branding wired.com as "a known malware distributor."

Well that's technically a correct statement.

Try:

chrome://net-internals/#dns Click "Clear host cache"

Actually the issue was that I was using Google's DNS. When I disabled that, it worked just fine. But thanks for showing me the Chrome trick.

As to the technically correct statement, don't you think that saying a site is a "known malware distributor" is a bit more sweeping than saying something more accurate like "we discovered malware on this site"?

In other words, they are using the same language I would expect to see directed towards sites that have malicious intent and should never be visited.

How should they word when the site is known to distribute malware? There is no difference between discovery and distribution, if you consider the method of discovery.
Weird, I must have had a cached copy (which is really strange since Chrome was blocking Wired for me.)
I get: Malicious software is hosted on 1 domain(s), including zlubob.org/.
Not on iOS in either Chrome or Safari.
The message I got when I proceed is:

------- The website at www.wired.com contains elements from sites which appear to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer.

Below is a list of all the unsafe elements for the page. Click on the Diagnostic link for more information on the thread for a specific element.

Malware http://www.wired.com/playbook/wp-content/uploads/2013/07/soc... Safe Browsing diagnostic page

Malware http://www.wired.com/playbook/wp-content/uploads/2013/06/bik... Safe Browsing diagnostic page -------

I wonder what's wrong with these two pictures?

The wired homepage itself is fine for me, but Firefox 28.0 is blocking both of those images in your post along with any links I try to click from the Wired homepage.
I've stopped using chrome for general browsing since this latest scandal.
I've stopped using chrome for general browsing since this latest scandal.
I'm a little confused how a webpage can infect a machine with malware?

Is this typically through Java Applets/other plugins?

having hacked websites serve infected or specially crafted files that exploit 0 day bugs is a very common vector actually. like 0 day PDF reader bugs - they spread by being linked to in phishing emails for example. people click on them and boom they load a bad PDF and are drive by infected.

specially crafted jpgs and gifs have also been used to exploit overflows in image handling code.

Exploiting programming errors in the browser is one way.

Because browsers are written in very unsafe programming languages (C++), bugs are regularly exploitable so that by specially crafting the bug-triggering input data they can be fooled to scribble content-controlled data inside the browser's memory space. For example, a memory handling bug might let the page overwrite some of the browser's code with data coming from the web page.

This lets the web page break into your computer, running arbitrary code of its choosing on your box.

Browser plugins can be similarly targeted instead of the browser itself.

While some of the vectors you've mentioned could potentially be exploitable, blaming a "very unsafe programming language," isn't really a good explanation. These issues could occur in any program and any programming language -- it's not a problem specific to C languages.
Most(?) browser vulnerabilities are caused by errors in C++ code which would not be exploitable in memory safe languages. One of the goals of Mozilla's Servo is to write a browser that's memory safe without compromising performance.
I think Servo's "safety" is ultimately due to the fact that it's built on Rust. Rust, however, seems to be ultimately built on C, unless I'm mistaken (having a hard time telling by briefly glancing through their Github, but it looks that way).

My point was that it's not a C specific problem, though. Most browsers are in fact built on C, I agree. This is due primarily to the speed and performance of the language that is harder to reach with other languages.

It is definitely a more difficult language to write, as it is much more "raw," but that doesn't make it inherently unsafe to use, or any more unsafe than other languages.

Rust is self-hosted, so the compiler's written in Rust.
Care to comment down voters? If you're voting because of my rust comment, maybe read the part where I said "not sure, haven't read much about it."

If you vote because you think C is unsafe, carry on. You're wrong, though.

No, they couldn't occur in "any programming language". In fact there aren't other memory unsafe languages in wide use than C/C++.

And it's not a "potentially" thing, as is apparent to anyone following news about browser vulnerabilities. For a recent public performance, see pwn2own - http://nakedsecurity.sophos.com/2014/03/14/pwn2own-day-two-c...

Blocked for me, Ubuntu 13.10, Firefox 28.0.

The main page is not blocked but anything I click on is blocked.

Here is the Why page:

Safe Browsing Diagnostic page for wired.com/2014/04

What is the current listing status for wired.com/2014/04?

    Site is listed as suspicious - visiting this web site may harm your computer.
What happened when Google visited this site?

    Of the 135 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-04-05, and suspicious content was never found on this site within the past 90 days.

    This site was hosted on 12 network(s) including AS31377 (AKAMAI-BOS), AS701 (UUNET), AS12989 (HWNG).
Has this site acted as an intermediary resulting in further distribution of malware?

    Over the past 90 days, wired.com/2014/04 did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?

    No, this site has not hosted malicious software over the past 90 days.
How did this happen?

    In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Next steps:

    Return to the previous page.
    If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
Chrome lists two images as "malware":

    http://www.wired.com/playbook/wp-content/uploads/2013/07/soccer_w.jpg

    http://www.wired.com/playbook/wp-content/uploads/2013/06/bike-press-w.jpg
Both return actual images, so perhaps at some point in the past when wired.com was scanned these URLs redirected to somewhere malicious?

Screenshot: http://cl.ly/image/1m3g3L2v3w3C

Not on Chrome for Android. Yes on Chrome for Windows. However, it's been years since wired.com has been relevant, so it won't be missed.
(comment deleted)
So when does robot slander/libel suits begin? I'd be mighty ticked if google started labelling my sites as malware when they're clearly not.
This is why we can't have nice things. Chrome was doing yeoman's work by stopping their users from going to a site that was malicious earlier today.
True, I usually wait until the facts are in, but I'm more curious about the question itself. At what point do semi-autonomous programs or constructs become liable for their words or actions.
it could be that their ads networks did in fact serve malware temporarily.
(comment deleted)
Safari also -- not the home page but the articles. Showing up as phishing attack.
I am surprised why anyone is still using Chrome. Their debacle with remotely disabling extensions that are not from the Web Store should have spooked users enough.
Safari and Firefox are also blocking Wired.
(I think I accidentally downvoted you, I'm sorry.)