Facebook turns to Websense for malicious URL detection

[~BD~]

Facebook has partnered with security vendor Websense to protect its
users from third-party malicious URLs spammed on the social networking
website, the companies said Monday.

Facebook has been plagued by malware distribution campaigns, survey
scams and other types of threats for years now and despite the company's
best efforts the attacks continue.

The site's blocking mechanisms have improved over time, but spammers are
determined to find ways around them since social media has become one of
the primary malware propagation channels.

Most attacks involve users clicking on links that point to malicious web
pages outside of Facebook's control, so to counter this, the company
passes requests to external resources through its own URL redirector.

This allows it to check links against third party and self-maintained
blocklists. Earlier this year, the company announced a partnership with
Web of Trust (WOT), a provider of community-powered URL reputation
services, in order to better detect spam links on the website.

But with attackers capable of switching malicious URLs very quickly it's
hard to keep up using only a blacklist-based approach. That's why
Facebook chose Websense, which brings to the table a cloud-based
scanning engine capable of checking third-party pages in real-time
before allowing users to visit them.

http://www.computerworld.com/s/artic...lities+News%29

OR http://preview.************/5uvcsuv

[Virus Guy]

~BD~ wrote:

> Facebook has partnered with security vendor Websense to protect its
> users from third-party malicious URLs spammed on the social
> networking website,

> to counter this, the company passes requests to external resources
> through its own URL redirector.
>
> This allows it to check links against third party and self-
> maintained blocklists.

What it really allows is Facebook to know which links are clicked on,
and by whom. This is necessary if you need to keep track of clicking
for ad-revenue purposes.

What I don't understand is this: Why can't Facebook scan all user posts
for embedded URL's and yank known-bad URL's from the post (or deny the
post all together) in real time?

The NNTP server I use (aioe.org) scans every post using uribl.com and
occasionally my post is rejected because it contains a "banned" URL.

Facebook could easily scan all user content as it's created/posted and
axe any that contain known-bad URL's.

It could also scan for bad URL's after the content has been posted (even
long after) as the content is being browsed by users. The content would
be served only after a negative scan.

PS:

This thread was being cross-posted to alt.politics.scorched-earth. I
had to remove that group because this server deemed that it was an
"illegal cross-post". For some reason the admin of this serve has
suffered too much flack over allowing posts to be cross-posted to that
group, most likely the admin has a thin skin and this is an
over-reaction that is not duplicated by other usenet admins.

[~BD~]

Virus Guy wrote:
> ~BD~ wrote:
>
>> Facebook has partnered with security vendor Websense to protect its
>> users from third-party malicious URLs spammed on the social
>> networking website,
>
>> to counter this, the company passes requests to external resources
>> through its own URL redirector.
>>
>> This allows it to check links against third party and self-
>> maintained blocklists.
>
> What it really allows is Facebook to know which links are clicked on,
> and by whom. This is necessary if you need to keep track of clicking
> for ad-revenue purposes.
>
> What I don't understand is this: Why can't Facebook scan all user posts
> for embedded URL's and yank known-bad URL's from the post (or deny the
> post all together) in real time?

You may well have a good point there. How about raising this directly
with FaceBook? If you don't want to do so yourself for any reason, I'll
be happy to copy this post of yours there myself. Let me know, please!

Write on the wall, here: http://www.facebook.com/security?sk=wall

> The NNTP server I use (aioe.org) scans every post using uribl.com and
> occasionally my post is rejected because it contains a "banned" URL.
>
> Facebook could easily scan all user content as it's created/posted and
> axe any that contain known-bad URL's.
>
> It could also scan for bad URL's after the content has been posted (even
> long after) as the content is being browsed by users. The content would
> be served only after a negative scan.

Indeed. Have you read *A Guide to Facebook Security* available here?

https://www.facebook.com/safety/atta...20Security.pdf

It has some very good information, IMO.

> PS:
>
> This thread was being cross-posted to alt.politics.scorched-earth. I
> had to remove that group because this server deemed that it was an
> "illegal cross-post". For some reason the admin of this serve has
> suffered too much flack over allowing posts to be cross-posted to that
> group, most likely the admin has a thin skin and this is an
> over-reaction that is not duplicated by other usenet admins.

Thanks for letting me know. I'll add back SE so folk can see your
response! :-)

[Bullwinkle.]

How about you do it in your own words, you chicken ****
***** man.

You always wnat someone else to do the work.

No wonder your wife was gald you were not home all those nights.


"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j6jubp$nj2$1@dont-email.me...
You may well have a good point there. How about raising this directly
with FaceBook? If you don't want to do so yourself for any reason, I'll
be happy to copy this post of yours there myself. Let me know, please!

Write on the wall, here: http://www.facebook.com/security?sk=wall

[~BD~]

Extract from 'A Guide to Facebook Security'

Another great tool to help you avoid clickjacking is Web of Trust (WOT).
WOT is a free browser tool that maintains a database of known safe sites
as well as malicious sites reported by the WOT community.

Attempt to visit a known malicious site and WOT warns you in advance.
The WOT download is simple to install; just visit www.mywot.com.

Security Tips
• Keep software up to date.
• Don’t click on suspicious links. • Use available security tools.

Facebook also has checks in place to detect malicious and spammy
websites. Adding WOT to the existing Facebook checks gives you one more
tool in your arsenal against hackers. The two checks work together to
provide a joint warning system if you attempt to visit a site reported
to have malware, phishing, or spam:

[Bullwinkle.]

How about you do it in your own words, you chicken ****
***** man.

You always wnat someone else to do the work.

No wonder your wife was gald you were not home all those nights.


"~BD~" <~BD~@nomail.afraid.org> wrote in message
news:j6jubp$nj2$1@dont-email.me...
You may well have a good point there. How about raising this directly
with FaceBook? If you don't want to do so yourself for any reason, I'll
be happy to copy this post of yours there myself. Let me know, please!

Write on the wall, here: http://www.facebook.com/security?sk=wall

[Virus Guy]

~BD~ wrote:

> > What I don't understand is this: Why can't Facebook scan all user
> > posts for embedded URL's and yank known-bad URL's from the post (or
> > deny the post all together) in real time?
>
> You may well have a good point there. How about raising this directly
> with FaceBook? If you don't want to do so yourself for any reason,
> I'll be happy to copy this post of yours there myself. Let me know,
> please!

I do not interact in any way with facebook, and block all their known
server-names in my hosts file.

So if you want to post my comments to them, go right ahead.

[~BD~]

Virus Guy wrote:
> ~BD~ wrote:
>
>>> What I don't understand is this: Why can't Facebook scan all user
>>> posts for embedded URL's and yank known-bad URL's from the post (or
>>> deny the post all together) in real time?
>>
>> You may well have a good point there. How about raising this directly
>> with FaceBook? If you don't want to do so yourself for any reason,
>> I'll be happy to copy this post of yours there myself. Let me know,
>> please!
>
> I do not interact in any way with facebook, and block all their known
> server-names in my hosts file.

Why is that? When my niece did the world tour earlier this year, it was
great to see her photographs of Los Angeles, San Francisco, Australia,
New Zealand, Malaysia and India - in real time, as it were!

> So if you want to post my comments to them, go right ahead.

Thank you. I've posted you words exactly as posted here. I'll let you
know of any response.

[~BD~]

~BD~ wrote:
> Virus Guy wrote:
>> ~BD~ wrote:
>>
>>>> What I don't understand is this: Why can't Facebook scan all user
>>>> posts for embedded URL's and yank known-bad URL's from the post (or
>>>> deny the post all together) in real time?
>>>
>>> You may well have a good point there. How about raising this directly
>>> with FaceBook? If you don't want to do so yourself for any reason,
>>> I'll be happy to copy this post of yours there myself. Let me know,
>>> please!
>>
>> I do not interact in any way with facebook, and block all their known
>> server-names in my hosts file.
>
> Why is that? When my niece did the world tour earlier this year, it was
> great to see her photographs of Los Angeles, San Francisco, Australia,
> New Zealand, Malaysia and India - in real time, as it were!
>
>> So if you want to post my comments to them, go right ahead.
>
> Thank you. I've posted you words exactly as posted here. I'll let you
> know of any response.
>

[Peter Foldes]

"~BD~" <~BD~@nomail.afraid.org> wrote in message news:j6k6n7$aid$1@dont-email.me...

> Why is that? When my niece did the world tour earlier this year, it was great to
> see her photographs of Los Angeles, San Francisco, Australia, New Zealand,
> Malaysia and India - in real time, as it were!



Do not be surprised you idiot. I also block all of Facebook also and for the same
reason as Virus Guy. Many knowing about Malware and computers also do exactly the
same.

Also I completely agree wit Virus Guy about using aioe.org server instead of
eternal.september.

JS