Google's security team got in touch to alert me that their scans have indeed found a malware script hidden in some LA Observed pages. They don't think it's infecting visitors, but might try to send you to sites that can do your computer some harm. It's a good idea to have your shields up and, of course, don't follow any links or referrals from LAO that aren't obvious in a post. The script is hidden enough that it's not something I can clean up at this end, so I'm working with my web host (Total Choice Hosting) and Google to remove the script and beef up the server's protections. If it becomes necessary, updates will be posted on Facebook, Twitter and Kevin Roderick.com.
* Update to the update: The malicious script was tucked in with the ads in the right hand-column. That module has been taken off-line for now, so there should be no risk of infection even if the alert keeps popping up for awhile.
** Update³: Every page of LA Observed is clean. Now it's a matter of Google clearing its alert, which will tell stopbadaware.org to stop flagging LA Observed, which will mean that Firefox and Safari can stop warning people (excessively, I'd say) that LAO is an "attack site." This can take a day or so, I'm told, but I'm hopeful it will happen sooner. Internet Explorer reaches the site fine.
Yesterday: Google's malware warning