April 15, 2005
Websense, which makes security software marketed to corporations, generated a lot of publicity this week with a warning about "toxic blogs."
The company says it discovered that crooks have created blogs designed to infect visitors with malicious software, including key-loggers and password stealers.
I'm not sure why this is a big story. Sure, it's a clever idea to plant malware in a seemingly safe public place.
But there's a key point missing from the Websense PR and most of the news coverage I've seen.
As an infection vector, a blog is ultimately like any other web page. To fall victim to Trojan horse software or "drive by" downloads implanted in a blog, you must be using a vulnerable web browser and be unprotected by anti-virus software.
In other words, if you're vulnerable to toxic blogs, you're probably already infected with malicious software.
Posted by brian at April 15, 2005 10:31 AM
Well, the infection vector represented by th web page is just a protocol handled by some vulnerable client. Indeed, you might have noted that an email can embed content for media rendering capable MUA.
I wonder about the impact of RSS feed capable clients reaching larger audiences or as embedded portions of aggregate RSS feed services. Sadly, that's not mentioned in their release. How long before embedded cookie tracking services and richer content such as Flash is being pused via RSS? That's the new defacement race/vector paradigm.
The main point of Websense, is that is served from a web site service that happens to be a new twist on the older method of using free web hosting services to deliver the malicious payloads.
Since Websense is in the business of providing content filtering services for business productivity, it would make sense that they toot the horn that assures the Websense customer base (or those using competing services/products to the coverage Websense can provide.
They sell the hard crunchy outside product and the stuff to product the creamy inside as well. What you highlight is that the soft creamy inside is no longer viable. That's exactly what they want to get more market adoption on with their client policy products.
Disclosure: I've used competing products to Websense and I'd be shocked if the other vendors didn't have something other means to trump up threat of not using the vendor products to protect the edge of networks -- then sweetly await someone to point out security requires layers and host level protection which the vendor also markets.
Posted by: Jay Cuthrell at April 15, 2005 1:44 PM