That was probably Bruce Sterling trying to get even for being shown the door.

Or was it Bruce Schneier ?

I think this is correct way of managing and incident.

A quick response to the users (we, the readers) so we can protect ourself.
An open channel is what we need to defend ourself agains malware.

Thanks for the communication.
regards
fwadmin

What was the link? Those of us who visited during the "hack period" want to know if they clicked on it. I opened the Portable Apps link, for example. Please put more info in this alert. Thanks.

I saw the malware warning as well. Is there anything users need to do to ensure they were not infected? I think I'm OK, but what about the people who didn't get the warning? Do they now have the malicious software on their systems?

Yes, when loading the site, my AV suite (Avast) notified me of some malware problem, and gave me the option of aborting the connection, which I did.

The hack was a javascript trojan called tenia.d:

http://vil.nai.com/vil/content/v_146254.htm

My Cisco-assigned laptop (which is locked down secure like you wouldn't believe by the company) caught it right off the bat.

This is something that can happen to just about any website, no matter how secure it is made. CT's did the right thing, though. They responded, made readers aware of it, and (of course) fixed it.

I am going to use this, though, as an example to the people I support (IT) of how even popular or locked-down websites can themselves be infected and not know it... and thus how important it is that they have good anti-virus/anti-malware software installed and update it regularly.

Your main site still seems to be affected. Good luck.

There was no malware on this site (that we are aware of). What triggered the alert was the presence of links on the pages' source code to a malware site. So clicking on Cool Tools would not put you in any danger of malware. I don't want to call out the malware site, because they embedded links in high-traffic sites like this in order to get higher page ranks from Google. The last thing I want to do is to send anyone there.

kk, look a the main page source, you've still got a problem there at the very bottom.

I will introduce you to Neil Daswani, formerly of Stanford and Google. His new company, Dasient, makes it easy to solve this exact problem.

Honestly, once your servers are compromised, there is nothing to do but rebuild them from the ground up. How do you know they haven't installed a rootkit, which is designed to hide itself from the common tools you might use to detect them? Good security practices dictate a total wipe and rebuild, anything short of that and you never know what is on that machine again and it will be forever suspect (or should be) until it is rebuilt.