Last month, Websense Security Labs http://securitylabs.websense.com/ issued its latest security trends report. To anyone of a sensitive disposition it is a depressing document.

You think you can rely on the good reputation of a renowned, well-ordered, ethical organisation to have a clean website? Think again.

According to Websense a massive attack earlier in the year compromised hundreds of respectable websites. MSNBC, ZDNet, Wired, the United Nations and a large UK government site were among those hit. If a user’s browser opened one of the many compromised sites, a carefully crafted iframe HTML tag redirected the user to a malicious site packed with exploits. As a result, malicious code, designed to steal confidential information, was launched on vulnerable machines.

But at least if you have your email from a sound outfit like Gmail, Yahoo or MSN, separating out the spam and securing your own stuff, that’s OK? Uh-uh. No, sir!

Spammers have been able to sign up for email accounts on a mass basis by using sophisticated tools and bots to break the CAPTCHA system. That’s the technique using weird and wonky letters that only a human was supposed to be able to decipher. Now the evil spammers have cracked CAPTCHA, they have access to a wide portfolio of services and domains to launch attacks on millions of users worldwide, anonymously and free of charge.

So you always check very carefully the URL in the address bar and stick to the official pages. Sorry, that may not be enough.

Web 2.0 is arriving and it means users can edit web content and upload files. (Think You-tube stuff; think E-Bay adverts) Without adequate security technologies and practices, hackers can use mash-ups and unattended code injection to alter web pages. The URL you have carefully checked may identify the origin but can no longer be relied on as being true of every bit of content on the Web page you’re using.

Is it no wonder that the commercial progress of Websense Inc http://www.websense.com/global/ continues on its upward track? The URL filtering technology for which Websense was created has grown and spawned new product areas as the Web itself has widened and deepened.
Its in-house developments have been complemented by acquisitions: Inktomi source code filtering in 2006, PortAuthority content technology and SurfControl premises solutions, both in 2007.

Evidence that the market is coalescing is marked by Websense’s competitors. Symantec got Vontu while MacAfee got Reconnex.
An obvious challenge at the moment is dealing with social websites, ensuring that incoming content is clean. However in the corporate and government spaces, endpoints are where the serious thinking is taking place. How does the organisation stop the leakage of information out through email attachments, instant messaging, PDAs or the humble memory stick? A variety of techniques have been developed for Data Loss Prevention (DLP), some longer established than others. Keywords, document registration, lexical analysis, fingerprints, natural language profiles and other more abstruse techniques are available. Websense claims that it is even able to do filtering on financial documents.

Websense Security Lab uses ThreatSeeker to inspect and categorise 40 million websites per hour, sharing that information with all its customers. A knowledge based system is used to achieve such high rates of processing in this security research and intelligence grid. Its power and effectiveness accounts for the whingeing seen from certain surfing freaks. (see below)

Websense hosted security provides a centralised email filtering service, blocking threats before they reach customers’ networks. Available world-wide, it has been taken up by American customers particularly.

The Websense Security Gateway sits at a customer’s premises. With links to ThreatSeeker data, it can automatically categorise content and deal with malware in realtime. It is easy to use and the customer creates its own individual policy.

Websense Security Gateway is very scaleable and can sit on a blade server. All Websense business – now up to 50,000 accounts - is handled through channels. Websense sees its business in terms of 3 distinct solution sets in Web, Data and Messaging Security. Put all those together and Websense calls it Essential Information Protection. Hmmm.

Data Security involves a number of issues if it is to be effective yet flexible enough to meet the demands of Web 2.0 business, administration and entertainment needs. Contextual Awareness is one of the factors but human frailties and flaws in process will be ongoing issues.

Look at some blogs such as http://johannburkard.de/blog/www/spam/websense-block-web-sense.html

“Websense, Inc. is one of the busiest net abusers. Their stealth scanning never stops. [examples given] If you go through your own log files, you’ll notice that Websense never uses the same user agent twice (simply to never show up in statistics)”.
Or what about the lady librarian at http://maclibrary.edublogs.org/2008/08/12/tuesday-tidbits-thinking-out-aloud-about-poetry/

“The day turned out well. People participated. No one sat there chatting with their neighbor out of sheer boredom. Everyone shared a poem draft they had written. The time flew and of course, we ran out of time. My greatest frustration was when attempting to share some of the blogs I frequent and ran up against the “Websense” blocking of certain sites. Drat! Blogspot.com is one such site that is unilaterally blocked. Grrrr!”
Here we have ordinary folks, unaware of the dangers and blaming their protector.
More insidious are deliberate attempts such as this one described at Techpedia, http://technopedia.info/tech/2008/08/12/ultrasurf-probably-the-best-proxy-server.html
“Great discoveries are mostly derived out of absolute necessities in life. At office, we have Websense enabled which blocks almost every second website on the Internet especially webmails. My perennial search for a proxy server ended with UltraSurf proxy server application.
Other proxy servers that I stumbled upon were mostly web based and browsing speeds were lethargic. Many components like Javascript and Flash on websites were disabled and on top of that, pop-up ads. Damn!!!
The way UltraSurf works is just magical. The application is sized around 200 KB and works sans installation…I have checked with my network administrator and this application doesn’t leave any traces behind. The Mac address is hidden and so is the origin IP address. Network admins can never make out that the proxy server has been enabled and there is no dang proof on your system to suggest that you have used the application. Just ensure to keep UltraSurf at a hidden location and share this love with your colleagues”.
Similar stuff can be found on You-Tube such as http://youtube.com/watch?v=Lf1teSojvfQ
“my second video detailing ways to get around or bypass websense. thhis one takes a little more time but almost 100% guarantees you getting through websense. take a look at my other video on websense also”
It was gratifying to see a response a little later at http://youtube.com/watch?v=pKv41ge8XcQ
“Shameless self-promotion video describing how to bypass Websense. NOTE: the method described has been fixed. Sorry, kids. . “

Human frailties will take a whiles longer to sort. In the meantime it seems Websense and other companies in the field are keeping abreast of the threats – just.