The Supreme Court is considering a case today that will likely decide the fate of yet another law aimed at controlling child pornography. The specifics of the case are related to an esoteric aspect of the law — they are trying to determine what is meant by pandering — but it got me thinking about the most difficult problem surrounding this issue: defining what exactly child pornography is.

While it may seem like the distinction between adult pornography and child pornography should be easily defined, in practice, it’s actually very difficult. The individuals engaged in creating this gruesome stuff are expert at walking very thin lines and skirting attempts at legal definitions.

(more…)

[Note: Thanks to Satnam Narang, a security researcher in 8e6 Labs, for helping out with this post.]

Security software vendors are embracing the concept of site reputation. This is the idea that what a site or host has done in the past should be used to decide whether or not you can trust that site in the future.

Everybody is building the concept into new or existing products and services: McAfee has SiteAdvisor for end-point security; Secure Computing has TrustedSource for spam mail detection; I just talked to a small company called RobotGenius that’s taking an interesting approach to site reputation based on their own heuristic analysis of executables downloadable from that site. We here at 8e6 recently introduced the Bad Reputation Domain category into our web filter to achieve a similar objective.

There are myriad sources of data that can feed a reputation decision. Are the executables hosted on a site malicious? Does the HTML contain hidden iframes (which are generally used for malicious purposes) or does the JavaScript attempt to exploit known vulnerabilities? Does the site’s list of links in or links out include other sites with bad reputations?

(more…)

We added seven new categories to the 8e6 Database (aka “the Library”) in the update that went out last night. I’d like to explain the rationale behind these categories as well as talk about some things you might want to take into consideration as you decide how to update your filtering policies.  Note: Only customers running version 2.0 and later of the R3000 will see these new categories.

The categories are:
(more…)

I worked for many years at Symantec in the Enterprise Security Group, where I wrote a slew of code for Symantec’s antivirus and client security products. In my time there, I talked to lots of IT Admins who were tasked (saddled?) with the responsibility of managing huge deployments of desktop security.

Their most difficult problems were always in the area of installation and deployment. Things like: How can you help me find all of the computers on my network that need AV installed on them? Can your product identify the source of an infection, so I can go find that computer and clean it up? It was all about managing and probing those dark corners of the network where desktop security wasn’t already deployed.

The solution is to use the security products that are at your gateway.

(more…)

The RIAA just won what is likely to be a landmark case in establishing the criteria for proving intent in serving copyrighted music over P2P networks. The RIAA has brought thousands of cases against individual users - this was the first one to go to a jury trial. And it raises the stakes surrounding any organization’s liability for ignoring P2P usage on their network.

This is best illustrated by example. I was reminded of a recent issue with an 8e6 customer that Tech Support brought me in on.

Our web filter blocks peer-to-peer applications via packet signatures. There are lots of good reasons to block P2P, but this customer purchased our product because their CIO was receiving emails like this (selected excerpts):

(more…)

MessageLabs released a study last week on malicious emails. They found that attackers using email to distribute threats are increasing relying on users to click through on links in the email, as opposed to clicking on attachments.

This means a couple of things to me:

(1) Most everybody has deployed AV at the mail gateway.

(2) Your web filter is becoming an ever more important device in securing your network.

(3) Users need more training.

(more…)