© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
513534c
demo site
(Get the code!)
Two further points:
1) As noted, this problem persists post-clickthrough. The result is that the end-user is allowed to load the suspected malware page in the browser, with full exposure vulnerability, but not to view the source, which should surely expose only a subset of the vulnerabilities?
2) Google seems to be taking at least 2 weeks to remove sites from their "attack site" list, even after the cleanup is reported to them by a verified webmaster, and after they've recrawled the site. The result is that even when the site is long-since fixed, it's not possible to use Firefox 3 to confirm that the suspect page is staying clean. I particularly hate to use IE in this context, for obvious reasons, and don't think we should be forcing users in that direction. Yes, I can go to a Unix box and use curl or wget but that probably makes me an atypical user.
FWIW, take it as the viewpoint of one who's currently going through the mill.