Announcement: Important Information About Recent Website Issues
Please take a few moments to read the following important message.
You may have noticed that Mark’s Daily Apple and PrimalBlueprint.com have been under construction the past couple days. This is the result of both websites having been victims of a cyber attack. Since the attack, my technical support staff has isolated and eliminated all known security risks.
It appears that an individual gained unauthorized and illegal access to our website server, injecting malware on both sites, which potentially could have infected your computer. If at any time you clicked on a “Missing Plugin” link or downloaded a “Java Plugin” while visiting either site it is possible your computer was infected. The malware seems to particularly target PC computers instead of Macs.
Numerous actions have been taken to prevent unauthorized access to our server and to protect your browsing experience. As added security precautions, my team highly suggests the following:
- Windows users should run antivirus software. If you are not running antivirus software or are unsure, visit ESET for a free online virus scan.
- It does not appear that forum accounts were compromised in any way, but for those that have a Mark’s Daily Apple forum account, it would be a good idea to change your forum password anyway.
- Also for those that have a Mark’s Daily Apple forum account, you should change your password on any other website where you use the same or a similar password.
- Always keep your computer updated by using Windows Update on your PC, or Software Update on you Mac.
- Always use an updated web browser and Java plugin. To verify the Java plugin version, visit java.com and click the link for, “Do I have Java?” right under the red button.
If you are a customer of PrimalBlueprint.com you have been sent an email with additional information. If you haven’t received this email and you do hold a website account at PrimalBlueprint.com please check your spam/junk folder. If you still don’t see the email, please email us at contact@primalblueprint.com and we will forward you the message.
(UPDATE: Email messages sent to customers of PrimalBlueprint.com are still going out. They are being sent in batches, so if you haven’t received one yet and expect to, hold tight. If you don’t receive one by the end of the day (02/13) please email us. Thank you.)
Also, for your protection, please note that my team and I will never ask you for personal and/or account information through email correspondence. If you receive an email or phone call asking for your personal information or directing you to a website to enter your personal information, please exercise caution.
I sincerely apologize for any inconvenience this may cause. Please know that we have and will continue to follow industry standard best practices to ensure that your information is safe with us, and that we take this matter very seriously.
As you probably know, no website, large or small, is completely immune to the threat of a cyber attack. With that said, we are as confident as we can be that this recent threat has been eliminated, and that our websites are now safe and secure. If you have any questions or concerns, please email us at contact@primalblueprint.com.
Sincerely,
Mark Sisson
Posted By: Mark Sisson
Thanks much for your candor and professionalism on this. One of the things I love about MDA is that I know you guys tell it how it is. So glad you guys are back!!
Seriously… I was going through withdrawals. Onward and upward, Mark!
Me too! I was in and out of the library many times.
Ditto – - I was seriously wishing I had printed out all of my favorite recipes. Weekends are my favorite time to cook up all kinds of stuff to get through the week. I knew MDA had to be doing something important though.
I was looking for the Turmeric Tea recipe. One thing one can do, and I did, is google for the recipe, then choose the “cached” page. I was able to retrieve the recipe that way.
I, too, had a painful withdrawal.
Great to have you back online, keep up the great work!
Thanks for letting us know.
These things happen, and being open about it is definitely the best way to handle it.
This is the first time I have ever seen a sideways grok… love it!
actually, it’s a grok falling off a cliff.
…with a banana peel following right behind.
Now I understand how my computer got infected. It’s being serviced atm and may take a while before I have it back
Thank you for letting us know- these things happen. I just love MDA so much and I’m so grateful for all your hard work that this inconvenience doesn’t matter.
Cheers for letting us know.
Don’t let the B******* grind you down
Good job getting the sight back up.
site even. bah no edit.
glad to have you back! was really going into withdrawal
Missed you, couldn’t start my day properly with out it. Glad your back.
Thank you for the thorough explanation to both users and customers, and it’s GREAT to see the site back!
I think I speak for everybody when I say that we know that nobody is invincible against hacks – benign or malicious – and so we understand. Thanks for the transparency on the issue.
Absolutely… Though I just wanted to add a very small correction to one of Mark’s statements “my technical support staff has isolated and eliminated all ‘known/identified’ security risks”. Not that anyone expects that even you and your amazing worker bees can fix all issues
Unfortunately it’s the nature of the beast, you’ll always be one step behind the people who do this kind of thing as they’ll work hard to find new ways to do what they do and when plug that gap the vicious circle will just begin again.
Great to see the site back up again though, it’s amazing how much work I had to do to replace my usual mda browsing time
Good to see you back !
Additional help for Windows users, to add to your existing list.
As well as Microsoft & Java updates, make sure you keep on top of other software updates, Adobe in particular.
Try searching for “Secunia Personal Software Inspector (PSI)” and FileHippo.com’s Update Checker.
Ninite.com is also useful.
Peace & Bacon
A.
I second the recommendation of Secunia PSI – it makes keeping other software up-to-date much easier.
Shoot. That’s why I got spam sending emails to my contacts. shoot.
Or even better: don’t install _ANYTHING_ from Adobe. Their programs and plugins have a terrible history of security vulnerabilities, and they just generally don’t give a rip about you. If you absolutely can’t go without Flash (you should be fine without Java), get Chrome and set plugins to require a click to run. FF probably has a similar feature, too.
Flashblock works great for Firefox. You must click for the embeeded flash to run.
the vulnerability was java, not flash
Grok was a Linux user.
+1
+2
+100!!
Grok would have been a punch card user
+1
That made my day! +infinite!
Glad to see the Apple back up and running!
Mark, you and your team are handling this awful situation very openly and professionally – I just want to applaud you for that.
This sort of thing could happen anywhere. It’s a good reminder for all of us to follow regular security protocols: changing passwords often, using unique passwords for each account (nothing wrong with keeping a cheat sheet tucked away safely in your house unless you distrust those in your house), updating everything (web browser, plugins that you use and trust). Update your antivirus software!!! Don’t expect your antivirus software to protect you from a M60 using only a leather shield!
(Grok uses Linux, but I don’t feel like using a partition on my school laptop)
+1
I keep small memo books just for my passwords and use safety measures with those books as well. For instance, I don’t travel with both the laptop and a book together.
lastpass.com is also an amazing tool for creating and storing secure and unique passwords. Mine are all random jibberish.
Great to have the site back, Mark!
Thanks for that suggestion. I was just thinking that a random number generator or some such application would be a good next step for me.
Was going to recommend lastpass.com
I wouldn’t be without it – very secure (I’m an IT contractor so I dug into it before touching it – but do your own research!). Free unless you want it on the iPhone too (in which case it’s $8 a year).
I went over to using lastpass after my password was exposed by the lifehacker.com DB hack. It made changing passwords on many, many sites (I’d held those credentials for low security sites for 14 years!) very much easier.
And now I don’t share the same password across multiple sites (and if you still do – at least make sure you have totally different passwords for anything that allows actual money to change hands! Oh – and then get lastpass
Don’t change your passwords often. The more often you change your password, the more likely you are to write it down, and the more likely it is to be stolen. Having multiple passwords is a good idea though, or using a password manager.
Thanks so much, Mark & Team. Way to go! Great advice all around – in the post and in the comments.
My added 2 cents worth….even if using a (supposedly) “safe” Mac, don’t take security lightly. Install an (additional) firewall and virus protection. Keep them frequently updated and stay current with all security updates issued by Apple and any third party vendors you may use. That goes double if running Windows via bootcamp on said Mac.
I start my day (at the computer) with a routine that includes updating security, synching, and creating a clone/backup of the entire system. This sort of routine only takes a few minutes and has served me well for decades.
Avoid any popups offering to “clean your Mac”. They’ll “clean” it all right….:-(
About emails or phone calls asking for personal info or directing to a website…Just contact (in this instance) Primal Blueprint directly via phone numbers or email that you KNOW are legit and assume the rest are just “phishing”.
Prevention is easier than cure.
I bet Harley “Durianrider” hacked in
I had the nasty little cridder. lol(JavaLoad.exe – Suspicious.Cloud.7.EP), but Norton removed it. So its all good!
I running a scan(as we speak) on my wife’s PC just in case. She likes to visit Mark’s Daily Apple too.
I running a scan? Nice English! I “am”
Just noticed the file name here. That’s different from the one mentioned last week.
Mark,
As a jedi in this universe of new technology, I can offer any and all of my services pro bono if you need any help locking this stuff down.
Banana-boy hired a team of hackers!
Congrats on having a web site so popular that the hackers deemed it worthy to hack!
Thanks for all the hard work getting the site cleaned up and back on-line and thanks for keeping us informed. Grok on!
Just wanted to let any Mac users out there know that Macs were targeted as well, although I don’t whether the malware could actually do anything on a Mac. I have Norton anti-virus running on my Mac and when I logged onto to MDA that morning, my anti-virus software gave me a message about having successfully blocked and removed some kind of malware.
Do you happen to have the name of that malware? If so, we could look it up to see what systems are affected. The one piece of malware that was reported here last week by a member was a worm that only targets Windows users.
However, last I used Norton’s Antivirus (years ago) on a Mac, it seemed to select specifically for third party vendor issues, like the macro virus on MS Word (Mac version).
I currently use Intuit’s Virus Barrier X6 on an Intel based Mac set for interactive malware detection/removal. Didn’t detect anything.
When I visited MDA last week, just before the first time the site crashed, I declined the “opportunity” to “allow” when notified that a javascript certificate had been detected as expired. That action may have protected my computer.
I’d personally suggest uninstalling all mac antivirus software, as it’s a joke. you don’t need to slow down your computer, especially with the huge bloatware that is norton. Virus scanners are valuable on PCs because they can be silently infected. On a Mac, you have to very explicitly give a program access to your system.
Thanks, Andy. I’ve heard this point of view before. I don’t disagree. Its true that Apple provides safeguards that aren’t found on PC’s. Provided of course that users actually pay attention.
Personally, I don’t experience appreciable slowing down with the Intego (mis-typed before when I wrote “Intuit”) Internet Security Barrier X6 – and it gives me peace of mind. Especially since I’ve retired, staying current with changing security threats can be busy work. So, I don’t mind adding the extra layer to the system.
How can you tell if your computer is messed up? Would it get infected just from reading the blog and leaving a comment? That’s all I do.
Yes, that’s all it takes. You need to follow Mark’s advice (above):
“Windows users should run antivirus software. If you are not running antivirus software or are unsure, visit ESET for a free online virus scan.”
Thanks for the info, running Malwarebytes as I type
I’m thinking PETA
Heh.
+1
damn, does that mean I gotta stop eating bread again?
I know I ate bread while the site was down! I have the maturity of a 10 yr old apparently
I missed youuuuuuuuuuuuuuuuu, and everyone else on the site!