Slashdot Mirror

chicksdaddy writes: Lots of studies have shown that assertiveness works in the professional sphere as well as the personal one. It turns out to work pretty well in the cyber criminal sphere, also. Websense Labs has posted a blog warning of a new round of spear phishing attacks that rely on e-mail messages posing as urgent communications from senior officers to lower level employees. The messages demand that the employees wire funds to a destination account provided in the message.

According to Websense, these attacks are low tech. The fraudsters register "typo squatting" domains that look like the target company's domain, but are subtly different. They then set up e-mails at the typo squatted domain designed to mirror legitimate executive email accounts. Like many phishing scams, these attacks rely on the similarities of the domains and often extensive knowledge of key players within the company, creating e-mails that are highly convincing to recipients.

The key element of their attack is – simply – "obeisance," Websense notes. "When the CEO or CFO tells you to do something, you do it." The messages were brief and urgent, included (phony) threads involving other company executives and demanded updates on the progress of the transfer, making the request seem more authentic. Rather than ask the executive for clarification (or scrutinize the FROM line), the employees found it easier to just wire the money to the specified account, Websense reports.

Websense notes the similarities between the technique used in the latest phishing attack and the grain trading firm Scoular in June, 2014. That company was tricked into wiring some $17 million to a bank in China, with employees believing they were acting on the wishes of executives who had communicated through e-mail.

An anonymous reader writes "According to Forbes online, up to 1 billion PCs are at risk of leaking information that could be used as a blueprint for attackers to compromise a network from Microsoft Windows Error Reporting (WER) crash reports that are sent in the clear. Researchers at Websense Labs released a detailed overview of the data contained in the crash reports, shortly after Der Spiegel released documents alleging that nation-state hackers may have used this information to execute highly targeted attacks with a low risk of detection, by crafting attacks specifically for vulnerable applications that are running on the network. Also interesting to think that Microsoft knows exactly what model of phones that you have plugged into your PC..."

An anonymous reader writes "According to Forbes online, up to 1 billion PCs are at risk of leaking information that could be used as a blueprint for attackers to compromise a network from Microsoft Windows Error Reporting (WER) crash reports that are sent in the clear. Researchers at Websense Labs released a detailed overview of the data contained in the crash reports, shortly after Der Spiegel released documents alleging that nation-state hackers may have used this information to execute highly targeted attacks with a low risk of detection, by crafting attacks specifically for vulnerable applications that are running on the network. Also interesting to think that Microsoft knows exactly what model of phones that you have plugged into your PC..."

alphadogg writes with an excerpt from an article over at Network World: "Almost 30,000 WordPress blogs have been infected in a new wave of attacks orchestrated by a cybercriminal gang whose primary goal is to distribute rogue antivirus software, researchers from security firm Websense say. The attacks have resulted in over 200,000 infected pages that redirect users to websites displaying fake antivirus scans. The latest compromises are part of a rogue antivirus distribution campaign that has been going on for months, the Websense researchers said."

coomaria writes "The HoneyGrid scans 40 million Web sites and 10 million emails, so it was bound to find something interesting. Among the things it found was that a staggering 95% of User Generated Content is either malicious in nature or spam." Here is the report's front door; to read the actual report you'll have to give up name, rank, and serial number.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

Slashdot regular Bennett Haselton writes "Websense, a US-based Internet-censoring software maker, claims not to sell to foreign governments that are censoring Internet access for all of their citizens. But the OpenNet Initiative reports that national ISPs in Yemen have been using Websense to filter Internet access for at least the past four years. Will Websense revoke their license? And what would happen then?" Update: 08/10 21:01 GMT by KD : Bennett adds, "After the story ran, Websense sent me this update." "Since we were informed about the potential use of our products by Yemeni ISPs based on government-imposed Internet restrictions in Yemen, we have investigated this potential non-compliance with our anti-censorship policy. Because our product operates based on a database system, we are able to block updated database downloads to locations and to end users where the use of our product would violate law or our corporate policies. We believe that we have identified the specific product subscriptions that are being used for Web filtering by ISPs in Yemen, and in accordance with our policy against government-imposed censorship, we have taken action to discontinue the database downloads to the Yemeni ISPs."

The Internet censoring software maker Websense has a published policy on their website against allowing their software to be used for government-mandated censorship:

Websense does not sell to governments or Internet Service Providers (ISPs) that are engaged in any sort of government-imposed censorship. Any government-mandated censorship projects will not be engaged by Websense. If Websense does win a business and later discovers that the government is requiring all of its national ISPs to engage in censorship of the Web and Web content, we will remove our technology and capabilities from the project.

This supposedly differentiates the company from competitors such as Smartfilter (now owned by McAfee), which according to OpenNet Initiative reports, is used to censor the Internet in several African and Middle Eastern countries including Tunisia, Saudi Arabia, UAE, and Sudan. Websense once enthusiastically competed for the contract to censor Internet access in Saudi Arabia, but has now apparently ceded such markets to Smartfilter.

However, according to the ONI, the two national ISPs in the country of Yemen are using Websense to censor Internet access for all users. The researchers found that some sites are blocked in Yemen that are probably not on Websense's original filtering list, such as the Yemeni Socialist Party, as well as sites that are blocked under standard Websense categories, such as pornography, sex education materials, and "anonymizing and privacy tools" (presumably, proxy sites).

Websense declined to tell me whether they have ever revoked an ISP's license to use Websense after discovering that the ISP was using it in violation of their anti-government-censorship policy. They also declined to say whether they had any ISP customers in Middle Eastern countries, apart from Yemen. (For any Middle Eastern ISP using Websense, there's a high probability that they would be doing it as a result of a government mandated filtering policy, and hence in violation of Websense's stated rules.) But regarding the use of Websense in Yemen, Websense did reply to say simply, "We will look into the matter. If our software is being used in violation of our policy, we will take appropriate action." I think that if they were serious about preventing their software from being used for government censorship, they should have red-flagged any purchase from a national ISP in a country with one of the worst press-freedom ratings in the world, but better late than never.

There are only about 200,000 Internet users in Yemen, compared to over six million in Saudi Arabia, millions more in other censored Middle Eastern countries, and 300 million in Internet-censored China. (And even the Yemenis' Internet access is not filtered all the time, since the ONI report says that the number of concurrent licenses for Websense purchased by the Yemeni ISPs is less than the number of Yemeni Internet users, and when the number of concurrent users exceeds the number of licenses, all requests go through unfiltered!) So it would be a small step towards global liberation of the Internet, but still equivalent to de-censoring Internet access for every resident of Boise if the city had 100% broadband penetration, which is enough to justify putting the squeeze on Websense.

What exactly would happen if Websense did revoke their license for the Yemeni ISPs? They couldn't force the ISPs to uninstall the software, but they could stop allowing them to download further updates to the Websense blocked-site list. Most installations of Websense are configured to download updates to the list every day, to block the latest adult websites as well as to try and stay ahead of newly released proxy sites. Once the list updates stopped, all existing blocked websites would remain blocked, but newly created adult sites and proxy sites would be accessible, and the filtering would gradually become less and less effective. So it would be a concrete victory for Yemeni Internet users, and not just a symbolic gesture.

How would we know if Websense went through with it, anyway, if they refuse to confirm or deny that they have revoked the licenses for Yemen? The ONI declined to tell me how exactly they determined that Yemeni ISPs were using Websense. (Not that I mind; they could have obtained this information with the help of people whose jobs and freedom would be at stake if they were found out, in which case ONI would not be able to share their confidential sources.) Presumably the ONI could repeat their research in the future to determine if Websense were still being used. However, even if they can see that Websense software is still being used to censor the Internet, it may not be easy to tell whether the Yemeni ISPs are still downloading updates to the blocked-site list. My suggestion: Create a new proxy site and don't publicize it anywhere, but report it to Websense for blocking. Test a few days later to verify that it's blocked by Websense, but not by Smartfilter or other popular blocking programs. Then see if it's blocked in Yemen as well. If not, then hopefully that means that Websense cut them off.

And then what? Maybe the Yemeni ISPs will just continue using Websense with a frozen copy of the blocked site list, reasoning that most of the well-known adult sites that users are going to try to visit, are probably already on that list. Maybe they'll set up a shell company in another country, posing as an ISP requesting a legitimate copy of Websense, and buy a new list subscription that way. But it will still be worth it to press Websense into revoking their license, even if it only breaks Internet censorship in Yemen for a few months or a year. At that point, perhaps they'll just take their business to Smartfilter like almost every other Middle Eastern country that censors the Internet.

After all, we shouldn't pick on Websense too much, when Smartfilter is censoring national Internet access for about 100 times that many users in total. If Websense says they don't provide software to government censors, then we should hold them to that. But the real scandal isn't that American censorware companies provide filters to censoring governments while claiming not to, it's that American companies are doing it at all.

An anonymous reader sends news from The Washington Post's Security Fix blog of a new Trojan horse program that takes click fraud to the next level. The Trojan, dubbed FFsearcher by SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise, which attacked some 40,000 Web sites this month. The Trojan takes advantage of Google's "AdSense for Search" API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads. (SecureWorks' writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.) While most search hijackers give themselves away on the victim's machine by redirecting the browser through some no-name search engine, FFsearcher "...converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers' own Web sites, via Google's Custom Search API. Meanwhile, the Trojan manipulates the victim's PC and browser so that the victim never actually sees the attacker-controlled Web site that is hijacking the search, but instead sees the search results as though they were returned directly from Google.com (and with Google.com in the victim browser's address bar, not the address of the attacker controlled site). Adding to the stealth is the fact that search results themselves aren't altered by the attackers, who are merely going after the referral payments should victims click on any of the displayed ads. What's more, the attackers aren't diverting clicks or ad revenue away from advertisers or publishers, as in traditional click fraud: They are simply forcing Google to pay commissions that it wouldn't otherwise have to pay." If FFSearcher were the only piece of malware on the machine, it would have a better chance of staying under the radar.

toomuchtoomuchspam writes "According to Websense, Microsoft's CAPTCHA has been busted again. CAPTCHA was surely a logical move for different service providers to fight against spammers, but it seems to be melting down. 'Realizing the potential for massive abuse from spammers with anti-CAPTCHA capabilities, who could use the clean IP reputation to carry out various attacks over Email and Web space, Microsoft attempted to increase the complexity of their CAPTCHA system. The CAPTCHA system was revised in an attempt to both prevent automatic registrations from computer programs or automated bots, and preserve CAPTCHA's usability and reliability. As this attack shows, those efforts have failed,' says Websense security researcher Prasad. Could there be any better CAPTCHA? A better solution?"

An anonymous reader writes "Websense Security Labs explains the spammer Anti-CAPTCHA operations and mass-mailing strategies. Apparently spammers are using combination of different tactics — proper email accounts, visual social engineering, and fast-flux — representing a strategy, explains their resident CAPTCHA expert. It is evident that spammers are working towards defeating anti-spam filters with their tactics."

Ian Lamont writes "For years, I've been frustrated by Blogger's relatively limited functionality and other problems. For instance, we've heard about Blogger's security flaws since the beginning of this decade. Blogger's latest problem, which lets bots bypass CAPTCHAs in order to set up spam blogs, is not just a sign of Google's disregard for security — it's symptomatic of Google's neglect of its Blogger service. For instance, Blogger is just now rolling out a feature that lets writers publish in the future, years after similar functionality was released in Wordpress and Moveable Type. Is Blogger destined to be a sideshow as long as Google keeps acquiring and building more high-profile services, such as Google Maps and YouTube?"

eldavojohn passes along what may be the last nail in the coffin for CAPTCHA technology. Coming on the heels of credible accounts of the downfall of first Yahoo's and then Gmail's CAPTCHA, Ars Technica is reporting on Websense Security Labs' deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA. Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. Time to dust off Kitten Auth?

eldavojohn passes along what may be the last nail in the coffin for CAPTCHA technology. Coming on the heels of credible accounts of the downfall of first Yahoo's and then Gmail's CAPTCHA, Ars Technica is reporting on Websense Security Labs' deconstruction of the cracking and tuning / exploitation of the Live Hotmail CAPTCHA. Ars calculates that a single zombie computer can sign up over 1400 Live Hotmail accounts in a day, and alternate account creation with spamming. Time to dust off Kitten Auth?

I Don't Believe in Imaginary Property writes "Websense is reporting that Gmail's CAPTCHA has been broken, and that bots are beginning to sign up with a one in five success rate. More interestingly, they have a lot of technical details about how the botnet members coordinate with two different computers during the process. They believe that the second host is either trying to learn to crack the CAPTCHA or that it's a quality check of some sort. Curiously, the bots pretend to read the help information while breaking the CAPTCHA, probably to prevent Google from giving them a timeout message."

A number of readers sent us word about a malware attack that has been underway since Saturday that began with the compromise of more than 1,100 mostly Italian Web sites. Websense claims that more than 10,000 sites have been infected by now, 80% of them in Italy. There are indications that most of the Italian sites are resident at the same large Italian hosting provider. Trend Micro reports on the attack, which is launched from a malicious Iframe tag inserted into pages on compromised sites. For visitors to these sites, this begins a cascade of "drive-by" malware downloads if one of several targeted vulnerabilities is available and unpatched. The first page to which visitors are redirected by the Iframe hosts a recent version of Mpack attack software. Panda has a month-old report on Mpack (PDF) that provides copious detail about its nefarious ways.

Bennett Haselton writes "The anti-immigration site VDARE is publicizing the fact that it has been blocked as a 'hate site' by several Internet blocking programs, although some of them backed off and un-blocked it after receiving a letter from VDARE's lawyer. Since blocking software is bound to remain in use in most public schools for the foreseeable future, this raises the question: Is it possible for a blocking company to define a 'hate site' in a consistent way, without including conservative groups that might file a First Amendment lawsuit if their sites were blocked from public school computers? See what VDARE says about the content on their own site, and how blocking software companies have handled this issue in the past and what they might do this time." This is the first in a series of article by Bennett Haselton, writing for us from the Peacefire group. Read on for the rest of his piece. The anti-immigration site VDARE.com is publicizing the fact that their site is blocked as a "hate site" by several different blocking programs. They don't name the programs, although they say that four companies used to block VDARE and "backed off after receiving a lawyer's letter".

It seems to be working, since according to the online lookup forms provided by WebSense, N2H2, SurfControl and SmartFilter, only SmartFilter lists the site under "hate speech"; the rest either don't categorize it or list it in innocuous categories. (N2H2 lists it as "Web Page Hosting/Free Pages", which makes no sense -- but not only that, N2H2 is now owned by the same company that makes SmartFilter, which means the company has VDARE listed one way in one product, and a different way in another.)

VDARE says they decided that showing legal muscle was a good way to get unblocked, after reading about an experiment Peacefire did in which we found that censorware companies would block sites with anti-gay content when they thought the sites were run by individuals, but would not block the *exact same content* when it was hosted by "mainstream" groups like Focus on the Family. Concludes VDARE: "The obvious reason for the double standard is that the foundations have lawyers on staff, and volunteer lawyers, and the Censorware companies are afraid of them." True -- although we did nominate AFA.net as a "hate site" at about the same time, and it did get blocked by Cyber Patrol, so it is possible if the content is extreme enough.

I'm against blocking VDARE, even from people under 18, but only because I'm against such blocking in general. Polls show that most people under 18 are more liberally-minded about race than their parents, suggesting that if you want to end racism, give minors more rights and freedom of information, not less. There was a big flap when it came out that in some Islamic schools in New York, parents had their children taught with textbooks which said that "the Jews killed their own prophets" and "you will find them ever deceitful", but without more civil rights for people under 18 to seek information for themselves, there's not much that anybody can do about it.

But as for whether VDARE really should be listed as a "hate site", the site owner himself says that VDARE is not "white nationalist", but adds, "We also publish on VDARE.COM a few writers, for example Jared Taylor, whom I would regard as 'white nationalist'". Well even if VDARE itself claims not to be 'white nationalist', if they host white nationalist writings, it's still accurate to classify the site as a place where such content is located. VDARE itself is also listed by the Southern Poverty Law Center as a hate group. VDARE's founder insists they are merely anti-immigration, not white nationalist, although he admits he once thought about adding a chapter to his anti-immigration book Alien Nation about the "last white family" (not the "last non-illegal-immigrant family") to leave Los Angeles.

Like BoingBoing.Net did before them, VDARE is retaliating against the block by encouraging people to learn how to get around blocking software. I wonder if they looked closely at our site first, since we fight censorship from the point of view of advocating greater civil rights for minors, which would probably not be a popular view with VDARE's ultra-conservative base. And if that's not enough, I'm planning to contact WebSense, SurfControl, and any other company that doesn't currently list VDARE as a "hate site", and ask them why not. So, VDARE sends us traffic, and this is how we repay them.

Matthew Skala writes "As reported in SiliconValley.internet.com, filtering-software vendor Websense has received US Patent 6,606,659 on a "System and method for controlling access to internet sites". The new features in the patented system seem to revolve around using time limits instead of filtering sites out entirely; offering users a choice of viewing a site and having it logged, or not viewing it; and a scheme for automatically categorizing sites that looks very much like the "Bayesian filters" we've heard so much about in recent weeks. You may be interested in the filtering company's press release about their patent, or my own view."

Matthew Skala writes "As reported in SiliconValley.internet.com, filtering-software vendor Websense has received US Patent 6,606,659 on a "System and method for controlling access to internet sites". The new features in the patented system seem to revolve around using time limits instead of filtering sites out entirely; offering users a choice of viewing a site and having it logged, or not viewing it; and a scheme for automatically categorizing sites that looks very much like the "Bayesian filters" we've heard so much about in recent weeks. You may be interested in the filtering company's press release about their patent, or my own view."

An anonymous reader writes "Since the FTC fined Zango $3 Million dollars for deceptive installs, security researchers have made a seemingly endless amount of finds with regards dubious Zango affiliates and business practices. Hot on the heels of the fake Youtube videos discovered by Websense earlier in the week comes another foray into Myspace for Zango, via a program of (extremely) limited functionality being spammed across Myspace profiles with the overall aim of people downloading Zango Adware. The program's EULA is also highly suspect, giving the company behind the program the right to spam messages to whoever they want, whenever they want, install Adware whenever they choose and lay the blame of these spam messages entirely at the feet of the end user should the service being used to spam complain about it. In the face of mounting evidence, when will Zango actually hold their hands up and admit their affiliate program is actually still as poor as it ever was?"