DigiCrime Blocked by Snake Oil

Several sources have recently informed me that two different security products are now blocking visits to the DigiCrime web site.

The first is called "WebNOT" from Raptor Systems. According to their web site,

...the optional WebNOT capability prevents inappropriate materials from being downloaded into your site.
Yeah right, like educational materials.

The second was formerly called WebScanX, and is apparently now part of McAfee VirusScan 4.0.

A Questionable Selection Process

What's most disgusting about WebScanX was that they also blocked access to their competitors - specifically, CyberSoft (this has since been removed). Since the US Justice Department has recently become interested in anti-competitive activities in the computer industry, perhaps we will see McAfee investigated in the future.

Vulnerabilities in commercial computer systems are a fact of life, and this is why companies like Raptor and Mcafee are able to sell products. It's beyond comprehension why they would consider DigiCrime as inappropriate. We can only conclude that they like their customers to be utterly clueless. So do hackers.

A Useless Security Strategy

Perhaps more seriously, the strategy used by "site blockers" is totally ineffective against hackers. Site blockers depend on identifying and blocking the so-called "hacker sites", when in fact these are almost always security information sites. This is not a likely source of attack, for the simple reason that such a site would be an advertisement for criminal activity, and easily traceable. Any hacker with half a brain who is bent on mischief would employ a totally different strategy. The best strategy for hacking people through their web browser is to break into a completely legitimate site and implant evil content there. If a hacker broke into a site like www.cnn.com and implanted dangerous content there (perhaps in a hidden frame or selectively to certain clients using active server pages), then they could inflict far greater harm. There would be many more visitors to such a site than would ever visit a "hacker site", and visitors to www.cnn.com would be unsuspecting of attack from that site. Moreover, it would allow a hacker to cover their tracks, since intrusion detection software is only as strong as the weakest link in a system. For a hacker bent on mayhem, this makes a lot more sense than planting harmful content on their own site.

Perhaps a better target would be MSNBC, since that site tries to reconfigure your browser with ActiveX each time you visit it with MSIE.

Products like WebScanX and WebNot would be about as effective against this as a screen door on a submarine. Too bad they only sell assurance of security, rather than actual security.


ADDENDUM added December 10, 1997 Several news agencies have reported today that a hacker group carried out a graffiti attack on the popular Yahoo site and implanted a message threatening such a virus attack. At this time no evidence of such a virus was found, although the site was indeed hacked. In spite of the fact that no virus was found, it was certainly possible in spite of numerous industry PR people falling over themselves trying to deny it. In the meantime, this attack reinforces the fact that the strategy used by censors such as Raptor and McAfee would be of no value against such an attack.

Further information on graffiti attacks used to be available at www.hacked.net. Alas, no more.


Return to DigiCrime (if you can...)