According to you, what’s the single most-downloaded file from my site http://DidierStevens.com? It’s neither welcome.html nor robots.txt.
Post your guess as a comment.
Comment by blabla — Tuesday 8 July 2008 @ 21:15
That’s a very good guess, but it’s not favicon.
Comment by Didier Stevens — Tuesday 8 July 2008 @ 21:35
Comment by Marcin — Tuesday 8 July 2008 @ 21:51
The XML file for you RSS Feed.
Comment by Brooks Garrett — Tuesday 8 July 2008 @ 21:51
Comment by Didier Stevens — Tuesday 8 July 2008 @ 21:55
@Brooks Garrett: my blog is actually hosted by WordPress.com, that’s why I restricted the poll to the domain DidierStevens.com
Comment by Didier Stevens — Tuesday 8 July 2008 @ 21:58
rss+xml file at /feed/ ?
Comment by aramosf — Tuesday 8 July 2008 @ 22:04
No, the poll is for domain DidierStevens.com, not the sub-domain blog.DidierStevens.com.
Comment by Didier Stevens — Tuesday 8 July 2008 @ 22:12
Comment by Kris Quinby — Tuesday 8 July 2008 @ 22:29
Comment by Didier Stevens — Tuesday 8 July 2008 @ 22:39
Comment by Cater Soke — Wednesday 9 July 2008 @ 1:15
If you can trust Google (and I’m assuming the period covered is since you started the blog), it would be http://www.didierstevens.com/files/data/SafeBoot.zip
Of course, in my opinion, it should be UserAssist or possibly https://didierstevens.files.wordpress.com/2006/11/20040613-001.jpg
Comment by Matthew — Wednesday 9 July 2008 @ 2:05
Comment by PJ — Wednesday 9 July 2008 @ 2:30
@Cater Soke: LOL, but that’s not it.
Comment by Didier Stevens — Wednesday 9 July 2008 @ 6:37
@Matthew: well done! It’s SafeBoot.zip.
Can you post a comment explaining how you found out? Thanks
Comment by Didier Stevens — Wednesday 9 July 2008 @ 6:39
@PJ: not urchin
Comment by Didier Stevens — Wednesday 9 July 2008 @ 6:40
Too bad it’s not secret-hacking-projects.txt …
Comment by Joes — Wednesday 9 July 2008 @ 9:48
It was really an educated guess. Googling for your bare domain (at least at the time) returned a post on restoring safe mode that pointed to the file as the second result (first was your home page).
It’s fashionable to deride Google’s search intelligence, but their ranking algorithm, which favors resources with a higher number of links pointing to them, works most of the time.
This got me thinking about popularity, specifically the relative number of people on the net who have been the victim of a particular class of malware vs the number who would find your site researching malware analysis, reverse engineering or forensics.
I felt more comfortable with this view after reading your responses to earlier guesses and querying Google for the common file package formats (ie zip) you use with results limited to your domain.
So, no real magic here.
Comment by matthew — Wednesday 9 July 2008 @ 11:44
[…] A Second Little Poll Filed under: Poll — Didier Stevens @ 6:51 The answer to the question I asked yesterday is: SafeBoot.zip. Excellent deduction work Matthew. […]
Pingback by A Second Little Poll « Didier Stevens — Thursday 10 July 2008 @ 6:52
[…] or Infector? Filed under: Malware — Didier Stevens @ 10:32 My first and second little poll lead up to this […]
Pingback by Infectee or Infector? « Didier Stevens — Saturday 12 July 2008 @ 10:34
RSS feed for comments on this post. TrackBack URI
Fill in your details below or click an icon to log in:
You are commenting using your WordPress.com account. ( Log Out / Change )
You are commenting using your Twitter account. ( Log Out / Change )
You are commenting using your Facebook account. ( Log Out / Change )
You are commenting using your Google+ account. ( Log Out / Change )
Connecting to %s
Notify me of new comments via email.
Notify me of new posts via email.
Blog at WordPress.com.
Get every new post delivered to your Inbox.
Join 451 other followers