It’s that time of year again — the NCAA basketball tournament is upon us. This time of year always throws a spotlight on web filtering, as Enterprises are faced with the prospect of their employees frittering away time and valuable network bandwidth watching hoops.

The tools available on the Internet for following this year’s tournament are getting more varied and sophisticated, throwing open new security and bandwidth concerns, as well as raising the old specter of productivity problems.

Security

If you’re blocking your users from watching the tournament, then you’ve got to consider the ways that they might attempt to circumvent that policy. The key thing here is that video streaming isn’t just about web sites and media players anymore.

(more…)

As the average Internet user wises up to the the classic fraudster angles, criminals have to move to new targets. People are getting better at recognizing emails phishing for their Bank of America online banking credentials. We’ve all seen 419 scams in our inboxes, which are looking for you to front money for a bigger payout down the line (aka “advance fee fraud”).

As a result, the bad guys have had to turn their attention to new targets. In 2007, we saw attacks looking to get at employers’ Monster.com accounts, individuals’ MySpace and Facebook contacts as well as Salesforce credentials. There has also been a rise in classic phishing emails targeting smaller banks or banks in emerging economies, where the average end user isn’t as experienced at dealing with phish.

But in our hurry to stay on top of the latest trends, we can sometimes lose sight of the tried-and-true fraud techniques that still work.

And sometimes it’s easier to be fooled when the threat is directed at our employers.

I recently had the following two emails forwarded to me. Folks were asking: are these for real?

(more…)

The guys at OpenDNS made an interesting announcement yesterday. They’re building a community authored directory of web sites to enhance their DNS-based web filtering service. OpenDNS is a free DNS service that anybody can use simply by changing their computer’s DNS settings.

This is how a DNS-based filtering service works. You change your network settings (typically the one’s served up dynamically by your DHCP server) to use the DNS servers from OpenDNS. When a user types playboy.com into the address bar, the web browser attempts to find the IP address for playboy.com using DNS. But the OpenDNS servers don’t return the real IP address for playboy. Instead they return the IP address of a server that sends the user a block page. Hey presto, the user is blocked. Frankly, it’s brilliant in its simplicity. And the community categorization approach is extra brilliant.

A DNS-based filtering solution is great at snuffing out inadvertent browsing of bad web content. When my five-year-old uses our home computer and starts clicking around on stuff, I’d like to simply prevent him from accidentally viewing nasty sites that might come back in a Google search. A DNS-based approach will absolutely solve this problem.

But my five-year-old is not what I would call a determined attacker.

(more…)

Just like any normal Myspace user, I tend to browse my friends bulletins to see if there is anything of interest that might catch my eye. A Myspace bulletin is like an announcement message, it gets posted to all of your friends bulletin boards for them to see. So, a few days ago, I came across a bulletin from my Myspace “friend” and digg.com founder, Kevin Rose. (I don’t know Kevin, he’s my “friend” in the loosely connected, easily created Myspace way.)

The URL in the bulletin from Kevin takes you to hxxp://stalkertrack.com.

It’s highly unlikely that Kevin intended to send this bulletin. It should be noted that this was not an isolated incident.

This piqued my interest, so I decided to “digg” a little deeper to find out why a few web-savvy folks would openly give out their login credentials to a service that is not promoted or supported by Myspace itself, and is even actively discredited by the Myspace founders.

(more…)

This is a screenshot of an unsolicited message that has recently been seen on Skype:

If you click through on the link you’ll see a web page with some cute JavaScript that makes it look like a security scan is being done on your computer. The bogus scan then reports that it found malware and recommends downloading a product called “Scan and Repair Utilities 2007″ — which is a well known rogue anti-spyware application. If you click through on that, you’ll be asked for your credit card information.

(more…)

The RIAA just won what is likely to be a landmark case in establishing the criteria for proving intent in serving copyrighted music over P2P networks. The RIAA has brought thousands of cases against individual users - this was the first one to go to a jury trial. And it raises the stakes surrounding any organization’s liability for ignoring P2P usage on their network.

This is best illustrated by example. I was reminded of a recent issue with an 8e6 customer that Tech Support brought me in on.

Our web filter blocks peer-to-peer applications via packet signatures. There are lots of good reasons to block P2P, but this customer purchased our product because their CIO was receiving emails like this (selected excerpts):

(more…)

MessageLabs released a study last week on malicious emails. They found that attackers using email to distribute threats are increasing relying on users to click through on links in the email, as opposed to clicking on attachments.

This means a couple of things to me:

(1) Most everybody has deployed AV at the mail gateway.

(2) Your web filter is becoming an ever more important device in securing your network.

(3) Users need more training.

(more…)

Any IT Manager can tell you that the biggest bang for your budget dollar comes from training. Simply training your users some security 101 — don’t haphazardly double click on email attachments, pay attention to file extensions, don’t click on links in unsolicited emails and IMs, learn to recognize a phish — drastically reduces your attack surface. Even with the evolution of blended threats and with the steady stream of newly exploitable vulnerabilities announced each day, the single biggest threat propagation vector is still attachments on mass emails.

(more…)