Security consultant's blog found pushing crudware

A prominent IT security consultant has issued a mea culpa after learning a blog he set up on Blogspot and later abandoned was being used to push crudware.

"If I'm supposed to know what I'm doing, what about the 299 million people out there who don't know better?" said Winn Schwartau, an expert in information warfare and computer security education, when asked why his old security blog, SecurityAwareness, was trying to trick visitors into installing crudware called Malware Alarm. "I'd rather cop to it and say I got nailed. We all screw up."

The incident is a cautionary tale for anyone who has ever kept a blog or website and then decided to pull the plug. Schwartau had ditched the Blogspot address for a new URL that was linked to the website of The Security Awareness Company, a business he runs.

View: The Reg

Report a problem with article
Previous Story

Red Hat to MS: Let's Talk Interoperability

Next Story

ASUS P5K Deluxe WiFi-AP Edition review

12 Comments

Commenting is disabled on this article.

i like the fact that he takes full responsibility, whether he's at fault or not. that's a refreshing attitude for me, as i live in the good ol' US of Abdicate responsibility.

shmengie said,
the good ol' US of Abdicate responsibility.
It isn't just the USA, but anyway.

Good to see he has taken it on the chin, however it is a bit unthoughtful for a security consultant to not close past websites etc. fully.

yeah, and it's the worst I've heard yet. What's next? Ruin-my-day-ware? Make-me-sad-ware? Or my personal favorite, poopyware.

so He ditches his blog, someone goes in after him, sets it up after he's abandoned it and no longer is affiliated with it, and makes it a "crudware" site, and he's to blame? *scratches my head*

Fire and Flames said,
so He ditches his blog, someone goes in after him, sets it up after he's abandoned it and no longer is affiliated with it, and makes it a "crudware" site, and he's to blame? *scratches my head*

I couldn't quite figure that one out either.

Hows it his fault?

If you understand the information security field than you would know about the CIA triangle. Anyways, this effects him in the sense that it cripples the second tripod of the CIA triangle. (Confidentiality, Integrity, Availability) ... it damages the integrity of his work and credibility. As a security consultant, he should be fully aware of previous websites which have been operated in his name and make sure to properly secure the account password, close the account, or check up on the vacated site every so often and report misuse to the operator.

Budious said,
If you understand the information security field than you would know about the CIA triangle. Anyways, this effects him in the sense that it cripples the second tripod of the CIA triangle. (Confidentiality, Integrity, Availability) ... it damages the integrity of his work and credibility. As a security consultant, he should be fully aware of previous websites which have been operated in his name and make sure to properly secure the account password, close the account, or check up on the vacated site every so often and report misuse to the operator.

umm so if i buy a domain name, use it for a while then stop renewing it cause i don't need it and don't want to pay for somethign i will never use. Someoen else buys the domain and sets up a dodgy site. this is in no way his fault, he has no access to the domain.

report misuse to the operator, the person doing the dodgy stuff is the operator, the ISP will not do anytign about it unless they are doing somethign illegal.

so what you say may be nice in theory but in reality is almost impossible to manage, most of your comments seem to have no basis.