Marks Daily Apple
Serving up health and fitness insights (daily, of course) with a side of irreverence.
14 Feb

Announcement: Important Information About Recent Website Issues

Please take a few moments to read the following important message.

You may have noticed that Mark’s Daily Apple and PrimalBlueprint.com have been under construction the past couple days. This is the result of both websites having been victims of a cyber attack. Since the attack, my technical support staff has isolated and eliminated all known security risks.

It appears that an individual gained unauthorized and illegal access to our website server, injecting malware on both sites, which potentially could have infected your computer. If at any time you clicked on a “Missing Plugin” link or downloaded a “Java Plugin” while visiting either site it is possible your computer was infected. The malware seems to particularly target PC computers instead of Macs.

Numerous actions have been taken to prevent unauthorized access to our server and to protect your browsing experience. As added security precautions, my team highly suggests the following:

  1. Windows users should run antivirus software. If you are not running antivirus software or are unsure, visit ESET for a free online virus scan.
  2. It does not appear that forum accounts were compromised in any way, but for those that have a Mark’s Daily Apple forum account, it would be a good idea to change your forum password anyway.
  3. Also for those that have a Mark’s Daily Apple forum account, you should change your password on any other website where you use the same or a similar password.
  4. Always keep your computer updated by using Windows Update on your PC, or Software Update on you Mac.
  5. Always use an updated web browser and Java plugin. To verify the Java plugin version, visit java.com and click the link for, “Do I have Java?” right under the red button.

If you are a customer of PrimalBlueprint.com you have been sent an email with additional information. If you haven’t received this email and you do hold a website account at PrimalBlueprint.com please check your spam/junk folder. If you still don’t see the email, please email us at contact@primalblueprint.com and we will forward you the message.

(UPDATE: Email messages sent to customers of PrimalBlueprint.com are still going out. They are being sent in batches, so if you haven’t received one yet and expect to, hold tight. If you don’t receive one by the end of the day (02/13) please email us. Thank you.)

Also, for your protection, please note that my team and I will never ask you for personal and/or account information through email correspondence. If you receive an email or phone call asking for your personal information or directing you to a website to enter your personal information, please exercise caution.

I sincerely apologize for any inconvenience this may cause. Please know that we have and will continue to follow industry standard best practices to ensure that your information is safe with us, and that we take this matter very seriously.

As you probably know, no website, large or small, is completely immune to the threat of a cyber attack. With that said, we are as confident as we can be that this recent threat has been eliminated, and that our websites are now safe and secure. If you have any questions or concerns, please email us at contact@primalblueprint.com.

Sincerely,

Mark Sisson

You want comments? We got comments:

Imagine you’re George Clooney. Take a moment to admire your grooming and wit. Okay, now imagine someone walks up to you and asks, “What’s your name?” You say, “I’m George Clooney.” Or maybe you say, “I’m the Clooninator!” You don’t say “I’m George of George Clooney Sells Movies Blog” and you certainly don’t say, “I’m Clooney Weight Loss Plan”. So while spam is technically meat, it ain’t anywhere near Primal. Please nickname yourself something your friends would call you.

  1. Thanks much for your candor and professionalism on this. One of the things I love about MDA is that I know you guys tell it how it is. So glad you guys are back!!

    Cindy wrote on February 13th, 2012
  2. Seriously… I was going through withdrawals. Onward and upward, Mark!

    Tomas wrote on February 13th, 2012
    • Me too! I was in and out of the library many times.

      Animanarchy wrote on February 13th, 2012
    • Ditto – - I was seriously wishing I had printed out all of my favorite recipes. Weekends are my favorite time to cook up all kinds of stuff to get through the week. I knew MDA had to be doing something important though.

      Sandra wrote on February 13th, 2012
      • I was looking for the Turmeric Tea recipe. One thing one can do, and I did, is google for the recipe, then choose the “cached” page. I was able to retrieve the recipe that way.

        I, too, had a painful withdrawal. :)

        Joy Beer wrote on February 13th, 2012
  3. Great to have you back online, keep up the great work!

    Always_running wrote on February 13th, 2012
  4. Thanks for letting us know.

    These things happen, and being open about it is definitely the best way to handle it.

    Stevemid wrote on February 13th, 2012
    • This is the first time I have ever seen a sideways grok… love it!

      Primal Toad wrote on February 15th, 2012
      • actually, it’s a grok falling off a cliff.

        moi wrote on February 17th, 2012
        • …with a banana peel following right behind.

          moi wrote on February 17th, 2012
  5. Now I understand how my computer got infected. It’s being serviced atm and may take a while before I have it back :-(
    Thank you for letting us know- these things happen. I just love MDA so much and I’m so grateful for all your hard work that this inconvenience doesn’t matter.

    PrimalinLondon wrote on February 13th, 2012
  6. Cheers for letting us know.

    Don’t let the B******* grind you down :)

    Good job getting the sight back up.

    Onge wrote on February 13th, 2012
  7. site even. bah no edit. :)

    Onge wrote on February 13th, 2012
  8. glad to have you back! was really going into withdrawal :)

    Marion wrote on February 13th, 2012
  9. Missed you, couldn’t start my day properly with out it. Glad your back.

    Jodie Jantz wrote on February 13th, 2012
  10. Thank you for the thorough explanation to both users and customers, and it’s GREAT to see the site back!

    I think I speak for everybody when I say that we know that nobody is invincible against hacks – benign or malicious – and so we understand. Thanks for the transparency on the issue.

    DavidBrennan wrote on February 13th, 2012
    • Absolutely… Though I just wanted to add a very small correction to one of Mark’s statements “my technical support staff has isolated and eliminated all ‘known/identified’ security risks”. Not that anyone expects that even you and your amazing worker bees can fix all issues :)

      Unfortunately it’s the nature of the beast, you’ll always be one step behind the people who do this kind of thing as they’ll work hard to find new ways to do what they do and when plug that gap the vicious circle will just begin again.

      Great to see the site back up again though, it’s amazing how much work I had to do to replace my usual mda browsing time ;-)

      Misabi wrote on February 13th, 2012
  11. Good to see you back !

    Additional help for Windows users, to add to your existing list.

    As well as Microsoft & Java updates, make sure you keep on top of other software updates, Adobe in particular.

    Try searching for “Secunia Personal Software Inspector (PSI)” and FileHippo.com’s Update Checker.

    Ninite.com is also useful.

    Peace & Bacon
    A.

    Andrew Bradshaw wrote on February 13th, 2012
    • I second the recommendation of Secunia PSI – it makes keeping other software up-to-date much easier.

      Linda wrote on February 13th, 2012
  12. Shoot. That’s why I got spam sending emails to my contacts. shoot.

    francisman wrote on February 13th, 2012
  13. Or even better: don’t install _ANYTHING_ from Adobe. Their programs and plugins have a terrible history of security vulnerabilities, and they just generally don’t give a rip about you. If you absolutely can’t go without Flash (you should be fine without Java), get Chrome and set plugins to require a click to run. FF probably has a similar feature, too.

    Tyler wrote on February 13th, 2012
    • Flashblock works great for Firefox. You must click for the embeeded flash to run.

      dankanco wrote on February 13th, 2012
    • the vulnerability was java, not flash

      Andy wrote on February 13th, 2012
  14. Grok was a Linux user.

    SoCalBonnie wrote on February 13th, 2012
    • +1

      Tyler wrote on February 13th, 2012
      • +2

        Alex wrote on February 13th, 2012
    • Grok would have been a punch card user :)

      liberty1776 wrote on February 13th, 2012
      • +1

        rarebird wrote on February 13th, 2012
    • That made my day! +infinite!

      Judo wrote on February 17th, 2012
  15. Glad to see the Apple back up and running!

    Robert wrote on February 13th, 2012
  16. :( No forums yet?? I’m dieing without my journal…

    Peter Soliman wrote on February 13th, 2012
  17. Mark, you and your team are handling this awful situation very openly and professionally – I just want to applaud you for that.

    Tony Mach wrote on February 13th, 2012
  18. This sort of thing could happen anywhere. It’s a good reminder for all of us to follow regular security protocols: changing passwords often, using unique passwords for each account (nothing wrong with keeping a cheat sheet tucked away safely in your house unless you distrust those in your house), updating everything (web browser, plugins that you use and trust). Update your antivirus software!!! Don’t expect your antivirus software to protect you from a M60 using only a leather shield!

    (Grok uses Linux, but I don’t feel like using a partition on my school laptop)

    Rachel wrote on February 13th, 2012
    • +1

      I keep small memo books just for my passwords and use safety measures with those books as well. For instance, I don’t travel with both the laptop and a book together.

      rarebird wrote on February 13th, 2012
    • lastpass.com is also an amazing tool for creating and storing secure and unique passwords. Mine are all random jibberish.

      Great to have the site back, Mark!

      FoCo wrote on February 13th, 2012
      • Thanks for that suggestion. I was just thinking that a random number generator or some such application would be a good next step for me.

        rarebird wrote on February 13th, 2012
      • Was going to recommend lastpass.com

        I wouldn’t be without it – very secure (I’m an IT contractor so I dug into it before touching it – but do your own research!). Free unless you want it on the iPhone too (in which case it’s $8 a year).

        I went over to using lastpass after my password was exposed by the lifehacker.com DB hack. It made changing passwords on many, many sites (I’d held those credentials for low security sites for 14 years!) very much easier.

        And now I don’t share the same password across multiple sites (and if you still do – at least make sure you have totally different passwords for anything that allows actual money to change hands! Oh – and then get lastpass ;)

        RedYetiDave wrote on February 13th, 2012
    • Don’t change your passwords often. The more often you change your password, the more likely you are to write it down, and the more likely it is to be stolen. Having multiple passwords is a good idea though, or using a password manager.

      Andy wrote on February 14th, 2012
  19. Thanks so much, Mark & Team. Way to go! Great advice all around – in the post and in the comments.

    My added 2 cents worth….even if using a (supposedly) “safe” Mac, don’t take security lightly. Install an (additional) firewall and virus protection. Keep them frequently updated and stay current with all security updates issued by Apple and any third party vendors you may use. That goes double if running Windows via bootcamp on said Mac.

    I start my day (at the computer) with a routine that includes updating security, synching, and creating a clone/backup of the entire system. This sort of routine only takes a few minutes and has served me well for decades.

    Avoid any popups offering to “clean your Mac”. They’ll “clean” it all right….:-(

    About emails or phone calls asking for personal info or directing to a website…Just contact (in this instance) Primal Blueprint directly via phone numbers or email that you KNOW are legit and assume the rest are just “phishing”.

    Prevention is easier than cure.

    rarebird wrote on February 13th, 2012
  20. I bet Harley “Durianrider” hacked in :)

    BobT wrote on February 13th, 2012
  21. I had the nasty little cridder. lol(JavaLoad.exe – Suspicious.Cloud.7.EP), but Norton removed it. So its all good!
    I running a scan(as we speak) on my wife’s PC just in case. She likes to visit Mark’s Daily Apple too.

    Joe wrote on February 13th, 2012
    • I running a scan? Nice English! I “am”

      Joe wrote on February 13th, 2012
    • Just noticed the file name here. That’s different from the one mentioned last week.

      rarebird wrote on February 13th, 2012
  22. Mark,

    As a jedi in this universe of new technology, I can offer any and all of my services pro bono if you need any help locking this stuff down.

    robert wilke wrote on February 13th, 2012
  23. Banana-boy hired a team of hackers!

    Anne wrote on February 13th, 2012
  24. Congrats on having a web site so popular that the hackers deemed it worthy to hack! :) Thanks for all the hard work getting the site cleaned up and back on-line and thanks for keeping us informed. Grok on!

    Peace Karen wrote on February 13th, 2012
  25. Just wanted to let any Mac users out there know that Macs were targeted as well, although I don’t whether the malware could actually do anything on a Mac. I have Norton anti-virus running on my Mac and when I logged onto to MDA that morning, my anti-virus software gave me a message about having successfully blocked and removed some kind of malware.

    Lulu wrote on February 13th, 2012
    • Do you happen to have the name of that malware? If so, we could look it up to see what systems are affected. The one piece of malware that was reported here last week by a member was a worm that only targets Windows users.

      However, last I used Norton’s Antivirus (years ago) on a Mac, it seemed to select specifically for third party vendor issues, like the macro virus on MS Word (Mac version).

      I currently use Intuit’s Virus Barrier X6 on an Intel based Mac set for interactive malware detection/removal. Didn’t detect anything.

      When I visited MDA last week, just before the first time the site crashed, I declined the “opportunity” to “allow” when notified that a javascript certificate had been detected as expired. That action may have protected my computer.

      rarebird wrote on February 13th, 2012
    • I’d personally suggest uninstalling all mac antivirus software, as it’s a joke. you don’t need to slow down your computer, especially with the huge bloatware that is norton. Virus scanners are valuable on PCs because they can be silently infected. On a Mac, you have to very explicitly give a program access to your system.

      Andy wrote on February 13th, 2012
      • Thanks, Andy. I’ve heard this point of view before. I don’t disagree. Its true that Apple provides safeguards that aren’t found on PC’s. Provided of course that users actually pay attention.

        Personally, I don’t experience appreciable slowing down with the Intego (mis-typed before when I wrote “Intuit”) Internet Security Barrier X6 – and it gives me peace of mind. Especially since I’ve retired, staying current with changing security threats can be busy work. So, I don’t mind adding the extra layer to the system.

        rarebird wrote on February 13th, 2012
  26. How can you tell if your computer is messed up? Would it get infected just from reading the blog and leaving a comment? That’s all I do.

    rabbit_trail wrote on February 13th, 2012
    • Yes, that’s all it takes. You need to follow Mark’s advice (above):

      “Windows users should run antivirus software. If you are not running antivirus software or are unsure, visit ESET for a free online virus scan.”

      rarebird wrote on February 13th, 2012
  27. Thanks for the info, running Malwarebytes as I type

    Vance wrote on February 13th, 2012
  28. I’m thinking PETA

    Cindy wrote on February 13th, 2012
    • Heh.

      +1

      Martine wrote on February 13th, 2012
  29. damn, does that mean I gotta stop eating bread again?

    mike wrote on February 13th, 2012
    • I know I ate bread while the site was down! I have the maturity of a 10 yr old apparently

      mande wrote on February 13th, 2012
  30. I missed youuuuuuuuuuuuuuuuu, and everyone else on the site!

    DEBRAKADABRA wrote on February 13th, 2012
  31. Malware: one thing a low inflammatory diet cannot stop :)

    liberty1776 wrote on February 13th, 2012
  32. I miss you so much! dont ever leave us again

    wind up bird wrote on February 13th, 2012
  33. Hey you still owe us Friday’s success story. Many of us wait all week for that one post.

    Thanks

    Bulldwgs wrote on February 13th, 2012
    • No he doesn’t. The Friday story was posted just before the site went down again. Its still here.

      rarebird wrote on February 13th, 2012
      • We need more then just ONE success story a week. I just love them.

        DEBRAKADABRA wrote on February 13th, 2012
  34. Damn vegans

    Felix wrote on February 13th, 2012
    • LOL that’s what I was thinking Haha.

      Onge wrote on February 13th, 2012
  35. I am glad you are back online

    VishKari wrote on February 13th, 2012
  36. I was going into withdrawal without MDA. Mother-in-law passed away Thursday night and I was looking for comfort. (family seeking comfort in carbs and sugar.)
    Thanks for solving the problem so I could get my MDA fix this morning.

    Lynn wrote on February 13th, 2012
  37. Ahhh, I got infected with malware and was wondering how. This is definitely it. Thanks for the info. I restored my system so all is back to normal, glad the site is back up as well :D.

    Renae wrote on February 13th, 2012
  38. Ok, I’ve put away the paper bag. Since I’m the only person I know on BP, I was having anxiety issues. Welcome back and don’t mind me if I have to touch ya’ll often for reassurance.

    TruckerLady wrote on February 13th, 2012
    • Gosh, maybe I’ve underestimated the value of my “going primal” buddy! Better give him a Valentine’s day card or at least a thank you note.

      Hope you can find a local, 3-D primal buddy, too :-).

      rarebird wrote on February 13th, 2012
      • For sure, although I may have dramatized my reaction a wee bit. ;) As I travel constantly, even a local buddy would forget about me. This website, and the people here, are my most valuable touchstone.

        TruckerLady wrote on February 13th, 2012
        • Yeah, I kinda figured you were using a dramatic flair to make your point :-). I get it. For a post-modern nomad such as yourself, the Internet provides a tribe or community as real as any others. I had a mobile office for a decade before I retired and my network was world wide. Some of my 3-D extended family now began as Internet contacts years ago.

          rarebird wrote on February 14th, 2012
  39. Glad the site is back! :) Sorry this happened to you guys and thanks for letting us know.

    Lizzy wrote on February 13th, 2012
  40. Ahhhh…so that was how I got my friend, trojan.maljava. Great.

    Jan's Sushi Bar wrote on February 13th, 2012

Leave a Reply

If you'd like to add an avatar to all of your comments click here!

© 2014 Mark's Daily Apple