You’ve probably seen the news: MySpace has reached an agreement with 49 states to take steps to make their site a safer place for kids. I just have one quick comment.

I think the state governments are attacking this from completely the wrong angle. Governments can put all the pressure they want on MySpace, and as soon as MySpace has adequate controls and age verification, the kids will have moved elsewhere.

Now don’t get me wrong, MySpace certainly has an obligation to do what they can. I’m glad to see them cooperating, especially because they only have a PR incentive to do so. They actually have a disincentive from a business perspective.

The advertisers go to MySpace to reach kids of all ages, so MySpace needs to continue to make it easy for the kids to sign up. But you lose your street cred with the kids when you let the parents in.

Providing parents the controls they want while also giving advertisers the access they demand are objectives that are fundamentally at odds with each other.

Read the rest of this entry »

… so I’m going to make the case that you should simply be blocking them en masse. But first, a little background.

Dynamic Addressing by ISPs

Internet Service Providers (ISPs) own blocks of contiguous IP addresses (aka “netblocks”) that they in turn assign to the computers that connect to the Internet through their service. When you sign up for DSL, Cable or even dial-up service and connect your computer to the Internet, the ISP assigns your computer an IP address from within a netblock it owns.

Some ISPs provide static IP services, where your computer keeps the same IP address all the time. But the vast majority of home computers are signed up for less expensive dynamic IP services, where your computer gets a new address each time it connects to the Internet. The address is often different every time you connect. But it’s always from within the same netblock.

This allows the ISP to sign up more customers than IP addresses it owns, kind of like how a bank is allowed to loan out money it doesn’t actually have in the vault. Since only a percentage of the ISP’s customers are connected at any give time, this works fine.

How to tell if an IP is in one of these Netblocks

My personal DSL provider is DSLExtreme. When my home computer connects to the Internet (actually, it’s my router), it’s always assigned an address in the netblock 72.25.123.0/24, which includes a range of IPs from 72.25.123.0 to 72.25.123.255.

Read the rest of this entry »

We have just released the latest version of our core web filtering appliance - version 2.0.10 of the R3000. General availability of the patch is set for January 7th, but you can contact Tech Support and request it today if you like. We’re going GA after the Holidays to reduce the load on Tech Support, which always sees a spike in activity after a major patch release (despite our best efforts).

There is lots of great stuff in this release. However, in this post I’m going to focus on the changes that affect how we handle proxies: improvements in our HTTPS filtering and pattern-based blocking. I’m going to cover:

• Block page on a pattern block
• New options that enhance HTTPS Medium and tame HTTPS High
• Whitelist feature for pattern detection

Let’s take a look at the details.

Read the rest of this entry »

I am often asked about IPv6, especially as it relates to the 8e6 product line. For those that are unfamiliar with IPv6, it’s a new IP protocol that will replace the current IPv4 protocol at some point in the future. The major driver for the transition to IPv6 is the total number of available IP Addresses. With the current IPv4 protocol the total number of IP addresses available is 4,294,967,296 (2³²).

When IPv4 was originally envisioned the primary users of IP Addresses were research facilities and governments. As more business joined the online community, they of course needed IP Addresses as well. In the 90s there was an explosion in the number of IP Addresses allocated to home users for Internet access from home computers. Now we are seeing more devices using IP Addresses. Cell Phones, wireless e-Books, and wireless MP3 players are now using IP Addresses in order to communicate online.

The problem is that at some point in the future we will simply run out of available IPv4 Addresses. IPv6 on the other hand supports 2¹²⁸ (about 3.4×10³⁸) or (3.4 times 10 with 38 zeros following.) That would leave approximately 5×10²⁸ IP addresses for each and every person alive on our planet today. Needless to say, that’s a lot of addresses.

Read the rest of this entry »

Just like any normal Myspace user, I tend to browse my friends bulletins to see if there is anything of interest that might catch my eye. A Myspace bulletin is like an announcement message, it gets posted to all of your friends bulletin boards for them to see. So, a few days ago, I came across a bulletin from my Myspace “friend” and digg.com founder, Kevin Rose. (I don’t know Kevin, he’s my “friend” in the loosely connected, easily created Myspace way.)

The URL in the bulletin from Kevin takes you to hxxp://stalkertrack.com.

It’s highly unlikely that Kevin intended to send this bulletin. It should be noted that this was not an isolated incident.

This piqued my interest, so I decided to “digg” a little deeper to find out why a few web-savvy folks would openly give out their login credentials to a service that is not promoted or supported by Myspace itself, and is even actively discredited by the Myspace founders.

Read the rest of this entry »

[Thanks to Tarun Mann, a Sales Engineer here at 8e6, for providing the background information for this post.]

The other day I was talking to an 8e6 reseller and he brought up a question that I’ve heard a few times before. He has a customer who wants to prevent users from downloading executable files directly off the Internet. Obviously, the web filter / secure web gateway is the place to enforce this policy.

Although we don’t have a specific feature in the 8e6 web filter (the R3000) directed at this request, our crafty Sales Engineering team has devised a solution. They’ve deployed this solution in many of our customer’s networks - it’s simple and it works.

Read the rest of this entry »

I occasionally get emails from new customers, usually just after they’ve installed the filter for the first time, that read like this:

“How come you guys don’t have proxy.example.com in your database?? I can’t believe you don’t block this proxy! It’s the first one I found!”

They are almost always correct when they say that we didn’t have some given proxy site in our Library. We have many, many thousands of proxy URLs in the Library, but certainly not all of them.

However, they are almost always wrong when they say that we don’t block it.

Read the rest of this entry »

Know thy enemy. Keep your friends close, and your enemies closer. If you are an IT administrator charged with the task of securing your network, the most important knowledge you possess is an in-depth understanding of the threats you’re working to counter.

Some are external threats: How does malware propagate? What techniques does spam email use to evade detection? Some are internal threats: Which of my employees has access to sensitive data? Which programs are my users installing and using to get their jobs done, how do those tools work, and how do I secure them? And of course …

How will my users circumvent the security infrastructure of my network, inadvertently or otherwise?

Read the rest of this entry »

A few weeks ago, I wrote about how you can use the IRC blocking capability of your web filter to detect the presence of bots on your network. In that post, I assumed that we all understood the threat posed by bots — why they’re different from good ol’ fashioned malware infections. I’ve been asked to expand on that a bit, so here goes.

As we all know, the Internet has become a critical business tool and criminals have taken notice. Just as there is money to be made in doing business on the Internet, there is money to be made in carrying out crime on the Internet. And as criminals have focused more on the Internet, their tools have necessarily evolved and become more sophisticated.

Five years ago, the typical virus or worm author’s sole purpose was to gain notoriety and cause end-user headaches. Liabilities were limited to business outages and user downtime. Those are significant liabilities to be sure, but they seem almost quaint in light of the new threat landscape.

Read the rest of this entry »

This is a screenshot of an unsolicited message that has recently been seen on Skype:

If you click through on the link you’ll see a web page with some cute JavaScript that makes it look like a security scan is being done on your computer. The bogus scan then reports that it found malware and recommends downloading a product called “Scan and Repair Utilities 2007″ — which is a well known rogue anti-spyware application. If you click through on that, you’ll be asked for your credit card information.

Read the rest of this entry »