StopBadware transferring operations to University of Tulsa

Posted on June 25, 2015 - 10:01 by ccondon

In 2006, Harvard’s Berkman Center introduced a new project:, a collective effort to protect consumers from bad software and expose the people who profited from it. StopBadware was to be a collaboration between the academic community and leading technology companies, a force for transparency and openness in an increasingly siloed online environment, and a haven for users seeking information about bad software and malicious websites. The project was backed by Internet pioneers in both business and academia: founders Jonathan Zittrain and John Palfrey, advisers Vint Cerf and Esther Dyson, supporting companies including Google and Lenovo. From its first day, StopBadware was a collaboration intended to demonstrate the full promise of the Internet by protecting and expanding user choice.

After almost a decade of collaborative work and more than five years as a standalone nonprofit, StopBadware is shutting down operations as an independent organization and transferring core programs to the University of Tulsa, where they’ll be run by our longtime research adviser, Dr. Tyler Moore. This decision rested upon two pillars: the unpredictability of long-term funding prospects and the strength of our ties to the research community. Ultimately, StopBadware’s board and staff agreed that our mission is better served by re-establishing roots in academia under the capable guidance of Dr. Moore and his team.

The programs we expect to transfer to Tulsa include our independent review process, the StopBadware Data Sharing Program, and maintenance of informational resources and searchable Clearinghouse.

What does this mean in practical terms?

  • Users and webmasters will still be able to look up URLs, IPs, and ASNs in our Clearinghouse and report malicious URLs to our community feed.
  • Website owners whose resources are blacklisted by one or more of our data providers will still be able to request an independent review from StopBadware.
  • Technology companies, independent security researchers, and academic institutions will still be able to contribute malware data feeds to StopBadware’s data sharing program.
  • StopBadware’s shared and proprietary data will still be used to facilitate research on cybercrime and the security ecosystem.
  • Users who encounter browser or search warnings about malware websites will still be able to reach StopBadware information about badware and how to protect their computers.

StopBadware’s Boston-based office and staff will cease operation by September, as will our current board of directors. Over the next few months, we’ll also be shutting down the StopBadware Partner program and the We Stop Badware™ Web Host program in order to let the incoming team in Tulsa focus on the review process, data sharing program, and research projects. The StopBadware Board and outgoing staff have known Tyler Moore since our early days as a Berkman Center project; we have the utmost confidence in his vision and unflagging dedication to StopBadware’s mission.

Over the next two months, we’ll be painting a bigger picture for our community to illustrate StopBadware’s accomplishments, both as an independent nonprofit and as a decade-old project in collaborative security. We’ll also turn our blog over to Dr. Moore part-time so he can expound upon his plans for the new iteration of StopBadware. Like many other good Internet citizens, we welcome the future!

- The StopBadware team

Community news and analysis: May 2015

Posted on June 9, 2015 - 12:54 by ccondon

Featured news

  • How effective are the security questions—and answers—used to protect sensitive accounts and information? Not very, according to new Google research. Read about how easy it is for hackers and bots to guess answers to common questions, and what users can do about it.
  • Google also published research last month on the ad injection economy (key findings here, full report here).
  • Mozilla sent a communication to CAs with root certificates included in Mozilla’s program; Mozilla, acting in the best interest of users, asked CAs to respond to five action items. They’ve stated they intend to publish the responses this month.
  • WordPress users: The Automattic team released WordPress 4.2.2, featuring critical security fixes, the first week of May. Please make sure you’re updated!
  • DomainTools put together their first report profiling malicious domains by delving into domain registration attributes and overlaying this with data on malicious activity. Their summary links to the full report here.

Malware news + analysis

  • ESET: Whitepaper on CPL malware in Brazil
  • Sophos: “PolloCrypt” ransomware sounds as ridiculous as its mascots look—but it’s a real thing targeting Aussie users. Also from Sophos: Can Rombertik malware really destroy your computer? Nope.
  • Fortinet analyses of Rombertik malware and Tinba botnet malware
  • Sucuri: Hacked websites redirect to...Bitcoin?

Other security news

  • SiteLock: Who else is reading your email? A guide to PGP encryption
  • Fortinet: Should new WHO disease-naming guidelines also be applied to malware?

Community news and analysis: April 2015

Posted on May 8, 2015 - 14:54 by ccondon

Featured news

  • Google: Safe Browsing insight into a Javascript-based DDoS attack; the security risks of unwanted ad injectors; new Password Alert Chrome extension protects users from entering Google passwords into phishing sites
  • Mozilla on deprecating non-secure HTTP
  • WordPress 4.2.2 critical security release fixes several cross-site scripting vulnerabilities. (4.2.1, another critical security release, previously fixed a widely covered cross-site scripting vulnerability in the commenting system.)
  • Looking for a different kind of case study? Our partners at Area 1 Security explore phishing...via comic book. Take a look at “Operation Pineapple Sparkle.”

Malware news + analysis

Other security news