July 29, 2008
The new Sophos Security Threat Report is out, with some startling statistics:
The first half of 2008 has seen an explosion in threats spread via the web, the preferred vector of attack for financially-motivated cybercriminals. On average, Sophos detects 16,173 malicious webpages every day - or one every five seconds. This is three times faster than the rate seen during 2007. Over 90 per cent of the webpages that are spreading Trojan horses and spyware are legitimate websites (some belonging to household brands and Fortune 500 companies) that have been hacked through SQL injection. It is estimated that the total number of unique malware samples in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new samples of suspicious software every single day - one every four seconds.
Traditional web filtering software (like traditional anti-virus software) rely on large databases of identified websites (or viruses). But with proliferation rates like this, it’s hard to see how a list-based approach can succeed - it will simply get overwhelmed. Filtering vendors will have to rely increasingly on heuristics, and reputation services. List-based filters will still be need for more static content, but they won’t be enough to block the flood of malware sites.
2 Comments | 
Filtering, Malicious Websites, Security | 
Permalink
Posted by filteringfacts
July 25, 2008
Interesting article from eSchool News on the keeping school networks from filter hacking:
School IT administrators know that some students will do anything to breach network security systems designed to block inappropriate web sites and keep students on task. When a group of school district IT chiefs met recently to discuss the challenges of reining in students armed with tech savvy and a determination to wreak network havoc, their tales were cautionary-but their advice could prove valuable as computers become more common in K-12 schools.
Nearly a dozen school network administrators met July 1 at the National Education Computing Conference (NECC) in San Antonio, where thousands of educators from across the country came to see the latest in classroom technology. During a breakfast meeting, school district IT chiefs suggested recruiting students to help expose network vulnerabilities and warned of a new threat to campus computer security: “war driving.”
Lloyd Brown, director of technology and information services for Virginia’s Henrico County Public Schools, said tech-savvy students in his district recently rallied a group of 30 peers to meet in the quad during their school’s lunch break. Sitting side by side, the students continuously hit the F5 key on their laptops, which refreshes a web page-devouring the school’s internet bandwidth-and eventually broke through the school system’s network filter, allowing students to view pornographic web sites.
No Comments » | Filtering, Policy, Schools, Security | Permalink
Posted by filteringfacts
April 14, 2008
This from the security vendor Sophos, as reported in InfoWorld:
Up to 80 percent of Web sites flagged as malicious by anti-virus and search engine indexes are legitimate businesses, according to security experts. Experts said while the security industry is on top of conventional spam and phishing attacks, more effort needs to be put into preventing and eliminating so-called drive-by-downloads. The attacks allow hackers to redirect massive amounts of traffic by inserting malicious iFrames into legitimate Web sites. The hacks are usually invisible to Web site visitors and do not often draw attention from security personnel because they only require a single line of code to be manipulated. A 2007 Sophos survey found that more than 80 percent of Web sites listed as malicious were legitimate organizations that had been compromised by various attacks including iframe injections.
This is harsh for many small business that depend on search engine traffic for customers. They get tagged by Google as a malware site and not too many potential customers will visit - or maybe ever go back. As the article points out, it can very difficult to track down the right webmaster contact:
“We’ve begun sending email notifications to some of the Web masters of sites that we flag for badware. We don’t have a perfect process for determining a Web master’s e-mail address, so for now we’re sending the notifications to likely Web master aliases for the domain in question,” Harton said.
When I worked at Secure Computing and N2H2 people would sometimes ask why we didn’t notify webmasters that their site had been blocked, and the answer is that’s a lot more difficult than you would think.
No Comments » | Filtering, Malicious Websites, Security | Permalink
Posted by filteringfacts
February 4, 2008
From The State:
Lexington County Public Library patrons can no longer access such social networking Web sites as Facebook, YouTube and Match.com at the library.The primary reason for the decision was research that shows social networking sites can make computer systems vulnerable to viruses, said Dan MacNeill, executive director of the Lexington County Public Library.“This is security for our network system, our computers.”The library hasn’t encountered such problems, but library officials said they want to be proactive.“We knew it was going to be a problem for some folks … and it was not done without a tremendous amount of thought, and a tremendous amount of research,” said David Fellows, chairman of the Lexington County Library Board and owner of a computer business.Greenville County and some libraries in North Carolina also have restricted the use of social networking sites, said Sam Hastings, director of the University of South Carolina’s School of Library and Information science.
Sad to say this is accurate. Web 2.0 is becoming a huge attack vector, as this Network World article describes.
1 Comment | Filtering, Libraries, Malicious Websites, Security | Permalink
Posted by filteringfacts
January 13, 2008
Research firm IDC has a news analyst report out:
A growing market, IDC forecasts the Web Security market to grow from US $1.2 billion in 2006 to US $2.3 billion in 2011. According to the study, “Worldwide Web Security 2007-2011 Forecast and 2006 Vendor Shares”, by IDC Analyst Brian Burke, the demand and interest in Web security solutions is being fueled by corporate concerns about Internet threats that have become increasingly complex. Some of the key Web security trends identified by IDC include Web 2.0 technologies, blended Web-based threats and data loss prevention.
It’s been clear for several years now that security is the most important sales driver for filtering in the business sector, surpassing liability from sexual harassment suits and lost productivity. I agree with IDC’s take on the future:
“The increasing popularity of Web 2.0 is opening the door for both inbound and outbound security risks. Coupled with the growing sophistication of blended Web-based attacks, IDC anticipates that Web security vendors will absolutely need to be able to monitor Web traffic bi-directionally,” said Brian Burke, program director for IDC’s security products program.
Websense has the most market share at 21 percent. I haven’t seen this report yet – I’ll take a look when I do.
No Comments » | Filtering, Filtering Companies, Research, Security, Workplace | Permalink
Posted by filteringfacts
December 28, 2007
My kids are both huge Webkinz fans, so they were bummed when they couldn’t get most of this week while they were on vacation because the site is “experiencing technical difficulties.” 
I think this “important message” posted on the site may offer a clue:
Important Message from Webkinz World
We at Webkinz World are fully aware that members are using tools to attempt to cheat on our site. We want to make our position on the use of these tools very, very clear.
First of all, remember that any attempt to circumvent the security of our site violates the User Agreement. Accordingly, any use of a cheating tool will lead to the immediate and permanent termination of the account on which the tool was used. Whether the account has one pet or 50, the account will be closed. All codes for pets on the closed account will remain used.
You will not receive a warning, and it will not matter whether you have used the tool (or used other means to attempt to circumvent the security of our site), once or many times.
Also note, as we have stated before, all activity that occurs on an account is the responsibility of the member who is registered on that account. If a “friend” or anyone else used your account to cheat on our site, you will still be the one who loses your account.
If you ever find a large amount of KinzCash on your account that you know you did not achieve, DO NOT USE IT. Contact us immediately and we will remove the excess KinzCash and you will not lose your account.
We have already terminated the accounts of dozens of members who have cheated on our site. It saddens us each time we have to close an account, but we must protect the security of our site and we will continue to do so.
Sincerely,
GANZ
6 Comments | Internet Safety, Security | Permalink
Posted by filteringfacts
December 18, 2007
Interersting post from the 8e6 blog on proxies. I added 8e6’s blog to my blogroll, as well as Websense’s.
8e6 says:
Well when it comes to your web filter and secure web gateway, the primary circumvention method your users are going to use is proxies. If you’re not familiar with the issues surrounding proxies, this whitepaper is a good place to start. I’m going to assume you already know why they need to be blocked. In this post, I’m going to focus on the what and the how.
There are basically five types of proxies:
- Client-based proxies
- HTTP web-based proxies
- Secure public web-based proxies
- Secure anonymous web-based proxies
- Open proxies
I’ll cover each in turn.
No Comments » | Filtering Companies, Security | Permalink
Posted by filteringfacts
December 17, 2007
From the London Times:
Facebook is suing a Canadian company that specialises in online pornography, alleging that it hacked into the social networking site’s computers in an attempt to obtain the personal information of Facebook users. An Ontario-based company that trades under the name SlickCash was named in a complaint filed last week by Facebook in San Jose, California. According to wire reports, Facebook alleges that the SlickCash, which is run by a company called Istra Holdings, and a number of other defendants attempted to access Facebook’s servers at least 200,000 times in a two-week period in June.
No Comments » | Internet Pornography, Malicious Websites, Security | Permalink
Posted by filteringfacts
December 15, 2007
Some really good advice from InformationWeek:
According to experts with Cyveillance, a company hired by large banks, pharmaceutical companies and ISPs to keep an eye out for emerging attacks — including phishing campaigns, a lot of people seem to think it’s fun to click through to fraudulent sites these days to taunt the URL’s operators by using their online forms to curse them out. Rather than providing their personal information, these people find joy in filling in the forms with expletives and other forms of derisive invective. However, as you might have already guessed, merely by pointing their browsers to the phishing sites, many of these users are getting nailed by drive-by exploits that target holes in the applications, Cyveillance officials said.
In my experience if you’re on a Windows PC using Internet Explorer with up-to-date patches on both, and the right IE security settings, along with a good, up-to-date anti-malware program, — you probably won’t get infected just from looking at one of these sites. But why take that chance?
No Comments » | Malicious Websites, Phishing, Security | Permalink
Posted by filteringfacts
Welcome to Filtering Facts, the premier source for news and research about Internet filtering. Filtering Facts contains hundreds of 