Your Fly Is Open

Netmenaces and Other Internet Stupidity

Calculating Value

2025-06-03 2 min read Attacks

Today is the 154th day of 2025, and I’ve currently contacted 170 organizations to inform them that they have a compromised system connected to the Internet.

The bulk of these compromised systems are the organization’s web servers, and these tend to host new, unlinked pages that advertise questionable content.

At the beginning of the year, on a whim, I decided to make a New Year’s resolution: attempt to find at least one compromised system and contact the owner every day in 2025. At this point, I’m more than a bit surprised at how easy the “finding” part has been.

All of this has prompted me to reflect on the overall impact of my New Year’s resolution.

Because the bulk of the notifications I’ve sent have been “SEO-hack” related, just how much is it worth to an organization to have someone notify them that their website is hosting pages advertising “XXX videos,” “reviews” of herbal supplements (that are ads), or links to “Free Robux/Walmart gift card/V-Bucks/TikTok followers” generators.

$10? $50? $100? $1000?

What is it worth to be able to remove a potential source of reputational harm? What is the value of someone quietly telling you that your website is advertising something skeevy?

If I were to place a value on the potential reputational harm, I think my current 170 notifications are probably worth somewhere north of $100,000.

But that’s just me.

Maybe I’m trying to make myself feel good.

And I do.

It’s not so much about the dollar value of my 2025 hack notifications.

I hate bullies.

There are all kinds of bullying. Physical intimidation. Mental cruelty.

One of the earliest drivers pushing me to work in Security was this: I hate it when smart people use their intelligence to take advantage of others. It’s precisely like someone using their physical stature or prowess to bully a smaller or less athletic person.

These 170 notifications mean more to me than a dollar value can represent.

Each one represents a little justice.

And you can’t put a dollar value on that.

-TL
Tom Liston
Owner, Principal Consultant
Bad Wolf Security, LLC
Mastodon: @tliston@infosec.exchange
Twitter (yes, I know… X): @tliston
June 3, 2025

Notification Uh-Oh
© 2025 by Tom Liston
Bilberry Hugo Theme