The Supreme Court is considering a case today that will likely decide the fate of yet another law aimed at controlling child pornography. The specifics of the case are related to an esoteric aspect of the law — they are trying to determine what is meant by pandering — but it got me thinking about the most difficult problem surrounding this issue: defining what exactly child pornography is.

While it may seem like the distinction between adult pornography and child pornography should be easily defined, in practice, it’s actually very difficult. The individuals engaged in creating this gruesome stuff are expert at walking very thin lines and skirting attempts at legal definitions.

(more…)

[Note: Thanks to Satnam Narang, a security researcher in 8e6 Labs, for helping out with this post.]

Security software vendors are embracing the concept of site reputation. This is the idea that what a site or host has done in the past should be used to decide whether or not you can trust that site in the future.

Everybody is building the concept into new or existing products and services: McAfee has SiteAdvisor for end-point security; Secure Computing has TrustedSource for spam mail detection; I just talked to a small company called RobotGenius that’s taking an interesting approach to site reputation based on their own heuristic analysis of executables downloadable from that site. We here at 8e6 recently introduced the Bad Reputation Domain category into our web filter to achieve a similar objective.

There are myriad sources of data that can feed a reputation decision. Are the executables hosted on a site malicious? Does the HTML contain hidden iframes (which are generally used for malicious purposes) or does the JavaScript attempt to exploit known vulnerabilities? Does the site’s list of links in or links out include other sites with bad reputations?

(more…)

We added seven new categories to the 8e6 Database (aka “the Library”) in the update that went out last night. I’d like to explain the rationale behind these categories as well as talk about some things you might want to take into consideration as you decide how to update your filtering policies.  Note: Only customers running version 2.0 and later of the R3000 will see these new categories.

The categories are:
(more…)

This week we will be taking the final step to remove the Cults, Religious Opinion and Outdoor Recreation categories from the 8e6 Database.

These categories have been empty since March, when, the URLs in the Religious Opinion and Cults categories were moved into the Religion category and the URLs in the Outdoor Recreation category was moved into the Recreation category.

(more…)