
Chrome is blocking wired.com - hammerbrostime
http://www.wired.com
======
Matt_Cutts
Often when this happens with a large site, it's because of an malware-laden
ad. Typically with a smaller site, it's because the site was somehow hacked or
didn't stay fully up-to-date on security patches.

Added: Looks like it was an actual hack, not just a bad ad. The Wired folks
will want to make sure there's no more iframes from hxxp://zlu bob.org. Folks
can use our free Fetch as Google tool to see what we see when we try to fetch
a page. You can find out more about the Fetch as Google tool here:
[https://support.google.com/webmasters/answer/158587?hl=en](https://support.google.com/webmasters/answer/158587?hl=en)

------
dpcan
This happens to many small business sites.

If they leave their WordPress un-patched, or have a crappy plugin installed
with security holes, or their FTP info is guessed, etc, hackers drop some
malicious Javascript on their sites, and the next thing you know, their site
cannot be accessed in Chrome, and usually Firefox as well. Depending on what
services pick-up on the bad javascript.

For me, it usually takes a day(ish) from the time we are notified of the
issue, update the sites, remove the malware, install webmaster tools from
Google, submit and wait for the review to be unblocked.

On one hand, this is very frustrating, but on the other hand, many small
businesses would have no idea their site had been hacked without it being
blocked.

The only thing I'd like to see personally is if Google were somehow able to
notify the domain registrant of the block via email so they find out right
away, and not after a few weeks (or longer) in some cases. Some small business
owners don't check their sites very often. We like to monitor our client
sites, but sometimes new clients come to us with these problems and have no
idea how long they've been down.

~~~
dannyr
I connected my site to Google's Webmaster Tools.

I get notified via email when Google finds any issues on my site.

~~~
dpcan
Yes, but they still block websites that are not connected to Google Webmaster
Tools, and the site owners may not realize it. It would be nice if they
notified the domain registrant as a heads-up because most small biz site
owners that find their way to me may have sites that were designed years ago
that need little to no maintaining, so they don't know they've been blocked as
they barely ever look at their own sites.

~~~
Matt_Cutts
We explored trying to email whois contacts or standard addresses (such as
webmaster@example.com or postmaster@example.com) and essentially got zero
pickup. That's one of the reasons we provide Webmaster Tools, and so far it's
our best channel to notify small business owners.

We can sometimes label sites as hacked in the search results, but Webmaster
Tools is definitely the preferred channel for communication of stuff like
this.

~~~
larrys
"We explored trying to email whois contacts or standard addresses"

Ironic since the original reason for the tech contact was exactly to be
notified for issues like this.

Would like to add that as a registrar though we get a reasonably good response
to emails that we send. [1]

Perhaps there is something about getting an email from google that says "it's
probably spam". Or any large well known company that is often the subject of
spam attempts.

Even given that though it's hard for me to believe that the results were close
to zero.

[1] We also find that when a domain is deleted for non payment the person
frequently claims they received no email notice but then proceeds to make some
reference to something that was on the email notice.

~~~
Matt_Cutts
Man, we could talk about this for hours. There's a lot of nuances involved in
trying to alert site owners to issues, especially at a large scale. We've
tried about 6-7 approaches over the years, and I'm still not completely happy
with where we are. Freehosts are especially tough (WordPress, Blogger, etc.)
because whois would just never work there.

------
jimhefferon
Blocked for me, Ubuntu 13.10, Firefox 28.0.

The main page is not blocked but anything I click on is blocked.

Here is the Why page:

Safe Browsing Diagnostic page for wired.com/2014/04

What is the current listing status for wired.com/2014/04?

    
    
        Site is listed as suspicious - visiting this web site may harm your computer.
    

What happened when Google visited this site?

    
    
        Of the 135 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-04-05, and suspicious content was never found on this site within the past 90 days.
    
        This site was hosted on 12 network(s) including AS31377 (AKAMAI-BOS), AS701 (UUNET), AS12989 (HWNG).
    

Has this site acted as an intermediary resulting in further distribution of
malware?

    
    
        Over the past 90 days, wired.com/2014/04 did not appear to function as an intermediary for the infection of any sites.
    

Has this site hosted malware?

    
    
        No, this site has not hosted malicious software over the past 90 days.
    

How did this happen?

    
    
        In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
    

Next steps:

    
    
        Return to the previous page.
        If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.

~~~
mef
Chrome lists two images as "malware":

    
    
        http://www.wired.com/playbook/wp-content/uploads/2013/07/soccer_w.jpg
    
        http://www.wired.com/playbook/wp-content/uploads/2013/06/bike-press-w.jpg
    

Both return actual images, so perhaps at some point in the past when wired.com
was scanned these URLs redirected to somewhere malicious?

Screenshot: [http://cl.ly/image/1m3g3L2v3w3C](http://cl.ly/image/1m3g3L2v3w3C)

------
tijs
They had a 'technical issue' earlier today it seems:

"WIRED: @Freakonomicss @hoffin205 Yeah, we had a technical issue this morning,
but our tech team fixed. Waiting for @googlechrome to clear us"

[https://twitter.com/wired/status/452490353283588096](https://twitter.com/wired/status/452490353283588096)

------
lukeschlather
Weird:
[http://safebrowsing.clients.google.com/safebrowsing/diagnost...](http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.wired.com%2Fplaybook%2Fwp-
content%2Fuploads%2F2013%2F07%2Fsurf-shaper-w.jpg&client=chromium&hl=en-US)

The page essentially says "We believe this page is suspicious, and we have no
evidence to back up that claim."

EDIT: They must have updated it/ busted a cache. The page is now reporting
some evidence.

~~~
th3iedkid
funny it says "Of the 20 pages we tested on the site over the past 90 days, 0
page(s) resulted in malicious software being downloaded and installed without
user consent. The last time Google visited this site was on 2014-03-25, and
suspicious content was never found on this site within the past 90 days." does
zero count to be blocked?

~~~
lvs
First, it's already been unblocked.

Second, this is what it says at the above link:

\--SNIP--

What happened when Google visited this site?

Of the 26 pages we tested on the site over the past 90 days, 4 page(s)
resulted in malicious software being downloaded and installed without user
consent. The last time Google visited this site was on 2014-04-05, and the
last time suspicious content was found on this site was on 2014-04-05.

Malicious software is hosted on 1 domain(s), including zlubob.org/.

\--SNIP--

They're doing a good thing with this, and they're helping webmasters who can't
help themselves.

~~~
bashcoder
> First, it's already been unblocked.

It's still blocked for me, with Google branding wired.com as "a known malware
distributor."

~~~
lvs
Well that's technically a correct statement.

Try:

chrome://net-internals/#dns Click "Clear host cache"

~~~
bashcoder
Actually the issue was that I was using Google's DNS. When I disabled that, it
worked just fine. But thanks for showing me the Chrome trick.

As to the technically correct statement, don't you think that saying a site is
a "known malware distributor" is a bit more sweeping than saying something
more accurate like "we discovered malware on this site"?

In other words, they are using the same language I would expect to see
directed towards sites that have malicious intent and should never be visited.

~~~
spacemanmatt
How should they word when the site is known to distribute malware? There is no
difference between discovery and distribution, if you consider the method of
discovery.

------
marcusr
It's blocking in Safari too so I think it's a MacOS diagnosis rather than a
Chrome one perhaps? Or both browsers are detecting the same thing

~~~
psykovsky
Firefox 28 also detects it. On Ubuntu 14.04

~~~
maxerickson
Firefox sources their malware detection from Google.

[https://support.mozilla.org/en-US/kb/how-does-phishing-
and-m...](https://support.mozilla.org/en-US/kb/how-does-phishing-and-malware-
protection-work)

So it makes sense the error would show up both places.

------
bunni
This is almost always due to a malicious ad.

------
jw2013
The message I got when I proceed is:

\------- The website at www.wired.com contains elements from sites which
appear to host malware – software that can hurt your computer or otherwise
operate without your consent. Just visiting a site that contains malware can
infect your computer.

Below is a list of all the unsafe elements for the page. Click on the
Diagnostic link for more information on the thread for a specific element.

Malware [http://www.wired.com/playbook/wp-
content/uploads/2013/07/soc...](http://www.wired.com/playbook/wp-
content/uploads/2013/07/soccer_w.jpg) Safe Browsing diagnostic page

Malware [http://www.wired.com/playbook/wp-
content/uploads/2013/06/bik...](http://www.wired.com/playbook/wp-
content/uploads/2013/06/bike-press-w.jpg) Safe Browsing diagnostic page
-------

I wonder what's wrong with these two pictures?

~~~
JohnTHaller
The wired homepage itself is fine for me, but Firefox 28.0 is blocking both of
those images in your post along with any links I try to click from the Wired
homepage.

------
jcrites
I can reproduce on Chrome 33.0.1750.154 m on Windows 8. Screenshot:
[http://imgur.com/cUEZJYe](http://imgur.com/cUEZJYe)

The safe browsing diagnostic page shows no negative current or previous
reports for wired.com despite describing it as suspicious:

[http://safebrowsing.clients.google.com/safebrowsing/diagnost...](http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fwww.wired.com&client=googlechrome&hl=en-
US)

> What is the current listing status for www.wired.com? This site is not
> currently listed as suspicious.

> Has this site hosted malware? No, this site has not hosted malicious
> software over the past 90 days.

------
aslewofmice
Any chance it's related to this?

[http://www.incapsula.com/blog/world-largest-site-xss-ddos-
zo...](http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html)

Security company found a vulnerable Alexa Top 50 site where someone was able
to inject XSS code in the comments section creating "DDoS Zombies" of the
visitors.

------
btian
Safari and Firefox are also blocking Wired.

~~~
danielweber
(I think I accidentally downvoted you, I'm sorry.)

------
leephillips
I just tried to go there using Chrome on Ubuntu and I got a malware warning:
"Content from www.wired.com, a known malware distributor, has been inserted
into this web page. Visiting this page now is very likely to infect your
computer with malware."

------
podperson
Safari also -- not the home page but the articles. Showing up as phishing
attack.

------
JohnTHaller
Sucuri shows wired.com as clean on all lists and not blocked by anyone:
[http://sitecheck3.sucuri.net/results/wired.com](http://sitecheck3.sucuri.net/results/wired.com)

------
bingofuel
Not on OSX (33.0.1750.152)

~~~
tensenki
Blocks on OSX for me (33.0.1750.152) Does not block on Safari Version 7.0.3
(9537.75.14)

------
kanche
In my laptop (Win 7, Dell 1555):

Blocked in Chrome Version 33.0.1750.154 m

Not blocked in ie11, Firefox 20

In my Mobile (HTC One M7 4.4.2):

Neither blocked in Chrome(33.1) nor in the stock browser

Doesn't Android Chrome support malware detection?

------
sgy
They had some technical issue this morning, but it's supposedly fixed now. And
they're just waiting for Chrome to unflag them.

------
AzAngel
The "more about" link shows that there are no malicious codes detected, etc.
Maybe someone is sending false warnings?

------
Jamie452
I'm a little confused how a webpage can infect a machine with malware?

Is this typically through Java Applets/other plugins?

~~~
zurn
Exploiting programming errors in the browser is one way.

Because browsers are written in very unsafe programming languages (C++), bugs
are regularly exploitable so that by specially crafting the bug-triggering
input data they can be fooled to scribble content-controlled data inside the
browser's memory space. For example, a memory handling bug might let the page
overwrite some of the browser's code with data coming from the web page.

This lets the web page break into your computer, running arbitrary code of its
choosing on your box.

Browser plugins can be similarly targeted instead of the browser itself.

~~~
shortstuffsushi
While some of the vectors you've mentioned could potentially be exploitable,
blaming a "very unsafe programming language," isn't really a good explanation.
These issues could occur in any program and any programming language -- it's
not a problem specific to C languages.

~~~
comex
Most(?) browser vulnerabilities are caused by errors in C++ code which would
not be exploitable in memory safe languages. One of the goals of Mozilla's
Servo is to write a browser that's memory safe without compromising
performance.

~~~
shortstuffsushi
I think Servo's "safety" is ultimately due to the fact that it's built on
Rust. Rust, however, seems to be ultimately built on C, unless I'm mistaken
(having a hard time telling by briefly glancing through their Github, but it
looks that way).

My point was that it's not a C specific problem, though. Most browsers are in
fact built on C, I agree. This is due primarily to the speed and performance
of the language that is harder to reach with other languages.

It is definitely a more difficult language to write, as it is much more "raw,"
but that doesn't make it inherently unsafe to use, or any more unsafe than
other languages.

~~~
shortstuffsushi
Care to comment down voters? If you're voting because of my rust comment,
maybe read the part where I said "not sure, haven't read much about it."

If you vote because you think C is unsafe, carry on. You're wrong, though.

------
MatthewWilkes
Works fine for me, Chrome 33.0.1750.152 on OSX

------
kunjanshah
Does block for me OSX Version 33.0.1750.152

~~~
jackbauer
me too 33.0.1750.152

------
cdransf
Not on iOS in either Chrome or Safari.

------
pit
Definitely on Chromium 33.0.1750.152.

~~~
agumonkey
Just accessed it under Chromium Version 33.0.1750.152 (256984) (arch linux)
with no problems (except for some lag).

~~~
pit
Super weird -- I'm on Arch Linux, too. Could it be DNS-related?

~~~
agumonkey
Probably some dns caching, I just rebooted and am greeted by 'malware ahead'
now.

ps: Mozilla Firefox 31.0a1 is ok with wired.com

------
sgy
The block is lifted now. Supposedly.

------
mherrmann
Not in Android (?) Nexus 5.

------
randunel
Works ok on ubuntu..

------
1337biz
Oh, and I was thinking Google were just disagreeing with somebody in Wired's
management on some personal viewpoint. Silly me!

------
platinumdragon
Not on Chrome for Android. Yes on Chrome for Windows. However, it's been years
since wired.com has been relevant, so it won't be missed.

------
Istof
I always thought that using the safe browsing feature is asking for trouble so
it is disabled in all my browsers. So my browser doesn't need to make an extra
request to Mozilla/Google/etc every time I load a new website and the web is
not censored if there is a technical issue

~~~
fooyc
The browser has a local copy of the blocked sites database; so it doesn't have
to do any extra request in order to check if a web site is blocked or not.

~~~
Istof
I didn't know that and I think that it is very surprising since Google usually
doesn't turn down free information about it's users.

~~~
fooyc
I believe Chrome is much more strategical than that.

Google could lose enormous market share if any major browser decided to change
the default search engine. So they created their own major browser.

Chrome is not an information source for Google, it's a way to maintain Google
as a default search engine.

They fund Mozilla for the same reason.

~~~
spacemanmatt
Your premise about Google's motivation for creating Chrome is belied by the
fact that they were dominant in search for _years_ before Chrome came out.
They never had anything to worry about there.

~~~
dragonwriter
Being dominant doesn't mean that there is no foreseeable threat to dominance.
Preventing a hostile browser monopoly which could work against Google's search
dominance is a credible motivation for Chrome (though probably not the sole
motivation -- moving web technology in a direction favorable to Google's non-
search roadmap was clearly a factor, as well.)

Similarly, a major reason for Android could be seen to be preventing a hostile
mobile-platform monopoly which would either block or extract monopoly rents
from (and thus limit the value of) Google services reaching mobile users.

------
tensenki
So when does robot slander/libel suits begin? I'd be mighty ticked if google
started labelling my sites as malware when they're clearly not.

~~~
danielweber
This is why we can't have nice things. Chrome was doing yeoman's work by
stopping their users from going to a site that was malicious earlier today.

~~~
tensenki
True, I usually wait until the facts are in, but I'm more curious about the
question itself. At what point do semi-autonomous programs or constructs
become liable for their words or actions.

------
drvortex
I am surprised why anyone is still using Chrome. Their debacle with remotely
disabling extensions that are not from the Web Store should have spooked users
enough.

------
pearjuice
I can't believe on HN of all places people are using Chrome its malware-
detecting-capabilities. Friendly reminder that EVERY REQUEST you make with it
enabled, will be passed through Google its filters.

You should turn all Google networking activities in your browser off. By
default, there are at least five or so enabled which will happily send every
request you make to Google. Some services even go as far as logging every
keystroke you make.

~~~
Matt_Cutts
pearjuice, this simply isn't true. The way that Chrome does this is
periodically downloads a file from Google. The file consists of hashes of
known-dangerous web pages. When you visit a new URL, the URL is hashed locally
and checked against the client-side list of hashes of known-bad pages. If
there's no match, Chrome proceeds normally. Only if there is a hash collision
does Chrome do more checking to see if the URL is safe.

Here's more information in case you want to read more:
[https://code.google.com/p/google-safe-
browsing/wiki/SafeBrow...](https://code.google.com/p/google-safe-
browsing/wiki/SafeBrowsingDesign)

~~~
pearjuice
It still holds regarding all the other Google activities in Chrome.

------
sixothree
I've stopped using chrome for general browsing since this latest scandal.

