BoingBoing No Longer Categorized as “Nudity “ by Secure Computing

August 18, 2008

Back in 2006, Secure Computing classified the popular website BoingBoing.Net as “Nudity” based on intermittent nude images on various pages of the blog.  The uproar became a news cycle and even landed on the editorial pages of The New York Times. (I was Secure Computing’s public relations manager up until February, 2006 - just before all the Boing Boing flap happened.)  Secure Computing stood firm in its decision to classify the site as nudity.  In November, 2007, Secure Computing quietly reclassified the site as “Incidental Nudity” - a new category created by Secure Computing to handle these types of websites.

 Because Secure Computing has recently undergone a lot of changes, I decided to check the database listing again.  Secure has now dropped the “Incidental Nudity” tag, and given  non-controversial categorizations of “Entertainment” and “Blogs/Wiki.”  A screen shot from the Secure Computing URL database lookup at www.trustedsource.org is below:

No Comments » | Filtering, Filtering Companies | Permalink
Posted by filteringfacts

CyberPatrol Launches Blog, Starts Publishing Stats – 70,000 new porn sites in July

August 13, 2008

A few weeks ago I wrote about the new CyberPatrol, spun off as an independent company after the Websense acquisition of SurfControl.  Recently CyberPatrol launched a blog, (which I added to my blogroll) and this week they published some of their database stats

July 2008
New Classified Sites:
·  Weapon related: 6,131
·  Illegal activities:  18,108
·  Gambling:  21,506
·  Pornographic:  71,697
·  Lingerie:  3,219
·  Games:  6,713
·  Parked domains:  119,587
Total:  259,770
As can be seen in the above numbers, pornographic sites far and away dominate the unacceptable category.  According to TopTenReviews, in 2006 there were 4.2 million pornographic websites-12% of all sites.

 70,000 new sites in one month?  How is that possible - are there many porntrepreneurs out there? Yes, it’s very possible, and it’s actually a small number of companies doing this.  When I worked at Secure Computing, we would find some porn servers (a single numeric IP address) hosting up to 5,000 unique fully qualified domain names - most of them minor variations of the same content. That’s the way the porn economy works - it’s all about volume, volume, volume.  A quick search of Google for “porn” today listed  235,000,000 pages.  

When I was at N2H2, we once published a study of the five year growth of porn, that was reported on CNN:

No Comments » | Filtering, Filtering Companies, Internet Safety, Research | Permalink
Posted by filteringfacts

Former Secure Computing Exec starts ZScaler, in-the-cloud filtering

August 5, 2008

The New York Times reports

Web filtering software is moving to the cloud - that all-knowing, pervasive, sometimes unreliable cluster of computers in the digital ether - and it’s going to watch your every move online and tattle to your boss.

Zscaler, a Santa Clara start-up created by serial security entrepreneur Jay Chaudhry, is publicly unveiling itself Monday. Over the last decade, Mr. Chaudhry has founded such companies as AirDefense (sold to Motorola), CipherTrust (sold to Secure Computing), SecureIt (sold to VeriSign) and CoreHarbor (sold to USinterworking.) That makes him kind of like the Brett Favre of security entrepreneurs — he keeps coming back.

Zscaler’s idea is to relieve companies of the tiresome and costly burden of managing Web filtering and security on their own servers. Instead, the cloud-based service, which is rented to companies by the month, acts like a Web proxy, intercepting all incoming and outbound HTTP traffic from employees and scrubbing it for malware and online activity that violates company policy. 

More and more filtering companies are doing this, and IT people love it.   I can tell you having worked in Internet filtering for most of the last decade that IT people hate being “the web police” and would much rather off-load this to a service, where HR people and managers can deal with it from their web browsers. The problem with “in the cloud” filtering always has been the latency issues of sending all your web traffic through a remote proxy. When I was at N2H2 we actually used this model in 1999 for home filtering.  It’s a really nice solution, but we struggled with the latency issue.  Things have improved quite a bit in the decade since, and ZScaler isn’t alone-Websense, Google, and other companies are getting into “in the cloud” filtering as well.

No Comments » | Filtering, Filtering Companies | Permalink
Posted by filteringfacts

Chinese filtering of journalists at the Olympics

August 1, 2008

Yesterday, a lot of news outlets reported that the IOC had acquiesced China to filter the Internet access of 20,000 journalist covering the Olympics.  See The Washington Post, though today China agreed to relax restrictions somewhat (see AP). 

The OpenNet Initiative, an academic consortium that monitors filtering by governments, announced they would be closely monitoring the situation.

 From a PR perspective, this strikes me as big mistake by the Chinese.  Filtering the Internet access of reporters is only going to encourage them to write stories about Falun Gong, censorship, and human rights, not discourage them.

No Comments » | Filtering, Governments, Policy | Permalink
Posted by filteringfacts

New Filter Test by Australian Government Shows Filter Effectiveness

July 30, 2008

Yesterday the Australian Communications and Media Authority released the “Closed environment testing of ISP-level internet content filtering - a report“.  “This report presents the findings of the closed environment testing of ISP-level filters conducted in 2008. The trial was conducted in response to a ministerial direction received in June 2007.  Among the report’s findings: 

• Successful blocking (the proportion of illegal and inappropriate content that should have been blocked that was successfully blocked) was between 88% and 97% with most achieving over 92%. The median rate of successful blocking was improved from the previous trial. 

• Overblocking (the proportion of content that was blocked that should not have been blocked) was between 1% and 6%, with most falling under 3%. The median overblocking rate was significantly improved from the previous trial. 

These findings are consistent with other recent test of filtering effectiveness.  I’ll add this to my Comprehensive Index of Filter Effectiveness Tests 1997-2008 later.

No Comments » | Filtering, Governments, Research | Permalink
Posted by filteringfacts

Can list-based filters keep up with malware anymore?

July 29, 2008

The new Sophos Security Threat Report  is out, with some startling statistics

The first half of 2008 has seen an explosion in threats spread via the web, the preferred vector of attack for financially-motivated cybercriminals. On average, Sophos detects 16,173 malicious webpages every day - or one every five seconds. This is three times faster than the rate seen during 2007.  Over 90 per cent of the webpages that are spreading Trojan horses and spyware are legitimate websites (some belonging to household brands and Fortune 500 companies) that have been hacked through SQL injection.  It is estimated that the total number of unique malware samples in existence now exceeds 11 million, with Sophos currently receiving approximately 20,000 new samples of suspicious software every single day - one every four seconds. 

Traditional web filtering software (like traditional anti-virus software) rely on large databases of identified websites (or viruses).  But with proliferation rates like this, it’s hard to see how a list-based approach can succeed - it will simply get overwhelmed.  Filtering vendors will have to rely increasingly on heuristics, and reputation services.  List-based filters will still be need for more static content, but they won’t be enough to block the flood of malware sites.

2 Comments | Filtering, Malicious Websites, Security | Permalink
Posted by filteringfacts

Review: Livia Web Protection offers the first-rate filtering of Websense for Parents

July 27, 2008

Websense has traditionally been the leader in enterprise filtering, with a robust product that usually scores well in product reviews and is especially good at blocking pornography.   But parents haven’t had much access to Websense’s  filtering as the company has never (except for some sales to ISPs in the 1990s) offered its product to home users.

Now some former Websense managers have started up an Internet security solutions provider called Total Tech.  Their product offering is called Livia Web Protection, and it’s basically Websense’s filtering “in the cloud” - i.e., with the filtering done on remote servers rather than on your desktop.  This is a good thing, because filtering databases have become too large and are updated too frequently now to be practical running on individual desktops as they were in the 1990s. 

Installation and Setup
Livia Web Protection isn’t completely in the cloud, as it does require you to download and install a lightweight client on each desktop. The installation was extremely simple - it automatically started filtering on “Basic” level after a few minutes.  The interface is intuitive and easy-to-use, but is very minimal on features and settings.  The company stated that  additional settings and functionality based on customer feedback will be available in upcoming versions.  There are three settings - “Basic”, which filters pornography, nudity, and malicious or criminal websites, and proxies; “Restrictive,” which filters riskier sites for children such as social networking, sex education, dating, lingerie, etc.; and “Monitor Only”, which generates nice reports of web usage.

Filtering Effectiveness
I decided to test on “Basic” by throwing a bunch of  porn sites at it, as well as some tricks to try and circumvent the filter, and I was in for some pleasant surprises.  First, I generated a list of 100 porn sites using Google, Yahoo, Live, and AltaVista - Livia blocked them all!  Then I tried to circumvent Livia by resolving a couple of adult website names into numeric IP addresses and entering them in the browser, but Livia was on to this trick.  Next I tried about a dozen public anonymous proxies, but Livia blocked them all.  Then tried a couple of language translators at Google and AltaVista, and found they weren’t blocked, so I tried to use them to access adult sites, but Livia intercepted the URL and blocked it.  The same was true of Archive.org, which has a large amount of pornography.  This is a really nice feature that I haven’t seen anywhere else before, as it allows the use of language translators and the Internet Archive without opening up a gaping proxy hole in your filtering.   Finally I went to a couple of image search engines, and found that Livia blocks the images of filtered sites only. This is another great feature as it gets around the “all or nothing” approach to image search engines, which kids love but are a frequent source of exposure to inappropriate images.  But here a little porn slipped through - out of 100 graphic images, 4 showed up as thumbnails, but the sites were inaccessible.

I finally found a hole in the filtering when I went to Flickr.com, which is not blocked in “Basic” mode, and the extensive library of adult images on Flickr were fully accessible.  Flickr and other photo sharing and social networking sites are blocked in the “Restrictive” setting, but you can’t add Flickr to your personal list of blocked sites because Livia doesn’t offer that feature yet.

Monitoring and Reporting
Livia also offers really nice reporting that categorizes web usage, both blocked and allowed.  You can click on any of the categories and see exactly what was blocked. This is a good option for monitoring older children.

Pros:

  • Outstanding filtering. This is about the best quality filtering I’ve seen, blocking everything in my test sample.  I had to work really hard to find anything that wasn’t blocked.
  • No updates necessary. A big problem with many home filters is they require updates to the filtering list. By putting the filtering in the cloud, this isn’t a problem.
  • Good monitoring and reporting. Very simple and informative.  The non-blocked categorization is a nice feature that I don’t think anyone else offers.
  • Extremely simple setup and no maintenance.

Cons:

  • Only protects from web content. If your child uses e-mail, IM, etc. You’ll need other tools to go along with Livia. The company said they plan on  adding application management features in upcoming Livia versions.
  • Limited setting functionality. There are only three settings, and no ability to customize the filtering by adding or deleting your own sites.  Again, the company said future versions will include more setting customization based on customer feedback.
  • A small, but noticeable latency. Because Livia has to connect to remote proxy servers, I did notice a small delay at times in accessing websites.

Verdict: 
For the parent who wants to have secure and robust filtering or monitoring in the home, this is definitely worth the $4.95 per month.  If what you are most concerned about is blocking adult content from your family, this is the product for you.   A free 14-day trial is available at http://www.liviaweb.com

4 Comments | Filtering, Filtering Companies, Internet Safety | Permalink
Posted by filteringfacts

eSchool News Reports on School IT Staff vs. Teen Filter Hackers

July 25, 2008

Interesting article from eSchool News on the keeping school networks from filter hacking

School IT administrators know that some students will do anything to breach network security systems designed to block inappropriate web sites and keep students on task. When a group of school district IT chiefs met recently to discuss the challenges of reining in students armed with tech savvy and a determination to wreak network havoc, their tales were cautionary-but their advice could prove valuable as computers become more common in K-12 schools.

Nearly a dozen school network administrators met July 1 at the National Education Computing Conference (NECC) in San Antonio, where thousands of educators from across the country came to see the latest in classroom technology. During a breakfast meeting, school district IT chiefs suggested recruiting students to help expose network vulnerabilities and warned of a new threat to campus computer security: “war driving.”

Lloyd Brown, director of technology and information services for Virginia’s Henrico County Public Schools, said tech-savvy students in his district recently rallied a group of 30 peers to meet in the quad during their school’s lunch break. Sitting side by side, the students continuously hit the F5 key on their laptops, which refreshes a web page-devouring the school’s internet bandwidth-and eventually broke through the school system’s network filter, allowing students to view pornographic web sites.

No Comments » | Filtering, Policy, Schools, Security | Permalink
Posted by filteringfacts

COPA Struck Down Again, Filters Again Cited as Alternative

July 23, 2008

The decade-long odyssey  of the Child Online Protection Act continues.   Yesterday, the 3rd Circuit Court of Appeals again struck down COPA, and again praised the effectiveness of filtering software.  

 

Some background: after the Communications Decency Act (CDA)  was struck down by the U.S. Supreme Court, Congress passed the Child Online Protection Act (COPA) in  1998.   COPA is more narrowly focused than the CDA, and prohibits commercial websites from making available material that is “harmful to minors,” with penalties of up to $50,000 fines and 6 months in prison.  Like the CDA, COPA was challenged by a coalition of civil liberties groups, and the government has been barred from enforcing COPA since 1998.   I’ve got all the important legal documents associated with the entire 10-year history of COPA (including trial transcripts) here.

 

Like previous COPA rulings and the CDA ruling, this ruling discusses the effectiveness of filtering.  On pages ages 36- “3. Least Restrictive Alternative” discusses the effectiveness of filtering in depth.  Picking up on the trial court’s findings of fact which held that, “filters generally block about 95%

of sexually explicit material.” (Note: see my index of filtering effectiveness tests here).  The appellate court ruling states that, “We agree with the District Court’s conclusion that filters and the Government’s promotion of filters are more effective than COPA,” and further states that, “As the District Court pointed out, filters can be used to block foreign Web sites, which COPA does not regulate.”

 

But it’s not over yet.  CNET’s Declan McCullagh has been closely following the entire history of COPA (he was even a plaintiff in the CDA case in 1996), and thinks it’s possible the Supremes could yet save COPA:

Now the court seems ready for a final ruling probably by next summer–and the more conservative justices conceivably could assemble a majority to uphold COPA as constitutional.  It could work like this: The Supreme Court’s ruling in 2004 against the Justice Department and in favor of the ACLU commanded a narrow 5-4 majority, with justices Stephen Breyer, William Rehnquist, Sandra Day O’Connor, and (separately) Antonin Scalia dissenting.  In the last four years, of course, John Roberts has succeeded Rehnquist and Samuel Alito has succeeded O’Connor, who was often a swing vote on free speech matters. The question for next year is whether the court’s conservatives can pick up a majority, which would uphold COPA as constitutional and breathe life into a decade-old law that everyone else has forgotten about.

 

What would the potential impact of the Supreme Court reversing COPA on the filtering industry be?  Not much, in my opinion.  As I told the New York Times in 2004 after the last Supreme Court ruling:

Had the law been upheld, it would merely have sent providers of pornography overseas, said David Burt, a consultant to the government on antipornography legislation and an executive of Secure Computing, a company that sells filtering software. He joked that the Child Online Protection Act, which goes by the acronym COPA, could more properly be called the ”Cyber Offshoring of Pornography Act.”

 

Not only would there still be lots of porn to filter, but pornography isn’t even the most important reason for filtering sales anymore.  The vast majority of the revenue for filtering software is to businesses, and the main reason businesses purchase filters today is for security (blocking malware sites, phishing sites, etc.)

No Comments » | Filtering, Governments, Internet Porn, Legal, Policy | Permalink
Posted by filteringfacts

How will the great domain name land grab impact filters?

June 30, 2008

As was widely reported last week, ICANN, the organizations  that oversees Internet domain names voted to soon allow more top-level domain names that the familiar .com, .uk, etc.  Many predict this will lead to a “land grab” of domain names as companies look to buy up the best names. (If you’re thinking of betting on this, the buy in purportedly $100,000 a name).  How will this impact filters?  Filtering company Bloxx has some speculation:

 “The recommendations from ICANN will future proof the Internet so that it can be used and enjoyed for many generations to come,” says Bloxx Managing Director, Eamonn Doyle. “However, we predict a land grab for these additional TLDs top level domains which will see a dramatic increase in the number of registered domains and URLs. This will be a significant challenge for first and second-generation web filtering suppliers whose products depend on keeping a URL database up-to-date.”  

“The problem with first and second generation web filters is with the growth and turnover of the web, as soon as a URL database or “blacklist” is updated, it is out of date - - these new recommendations mean this problem has never been clearermore relevant,” explains Doyle. “Third-generation filters, such as Bloxx Tru-View Technology, analyse and categorise sites on the fly and make an informed decision as to what risks are associated with accessing them, and are now clearly the only viable way to manage user access to the web.”

 I agree this will create a lot more domain names, and more work for filtering companies .  When I was at N2H2, we dealt with “parked” domain names - names that were obviously being registered for future use in porn sites by automatically adding newly registered domain names with obviously pornographic words to our pornography category.  This would often later prove unnecessary because many of these registered domains would later to point existing porn sites, and we would block these with a single numeric IP entry.  I remember once seeing 5,000 pornographic domain names that pointed to a single IP.

UPDATE:  Websense’s Security Labs Blog weighs in as well:

Back in 2004, ICANN implemented an “Add Grace Period” (AGP) policy to the registration of new domains. This effectively allowed for a five-day trial period of any newly registered domain. Abuse of this policy almost immediately sky-rocketed as the practice of “domain tasting” took off. Basically, domain tasters will register millions of domains, fill them all with advertisements and then return all domains which do not generate enough traffic just before the five-day grace period expires.

Bob Parsons, of GoDaddy.com, explained the problem best back in 2006: http://www.bobparsons.tv/DomainKiting.html.

Here in Websense Security Labs, we monitor the registration of all new domains, and we can personally attest to the problem caused by abuse of the AGP policy. The policy is not only abused to commit click-fraud. Fast-flux malware authors use the policy to freely register thousands of domains for use by their malware, making the subsequent tracking and shutdown of these domains a daunting task.

That should all end shortly: ICANN today approved a new policy that puts a severe damper on these domain tasters:

“[no] refund for any domain name deleted during the AGP that exceeds 10% of its net new registrations in that month, or fifty domain names, whichever is greater”

No Comments » | Filtering, Filtering Companies | Permalink
Posted by filteringfacts

« Previous Entries