Websense Security Labs Blog

Websense Security Labs discovers, investigates and reports on advanced Internet threats that traditional security
research methods miss.

Latest Blog Posts

View all posts > 

(June 2012) Posts

Dissecting Cleartrip.com website compromise: Malicious ad tactics uncovered

Posted: 29 Jun 2012 12:01 PM | Elad Sharf | 10 comment(s)

The Websense ® ThreatSeeker ® Network discovered on June 27, 2012, that one of the most popular travel websites in India, cleartrip.com, was compromised and served malicious code. The website was informed of this breach and no longer serves malicious code. In this blog, we'd like to share...


Filed under: , , , , ,

Drawing the line on government censorship

Posted: 18 Jun 2012 05:13 PM | RM | no comments

Governments all over the world attempt to restrict what their citizens can see and do online. French NGO Reporters Without Borders compiles annual lists of countries classified as "Enemies of the Internet" and "Under Surveillance". These classifications represent various means of restricting the free flow of information, ranging from blocking access, to arresting dissident bloggers, and worse.


Google is often asked to censor search results or remove YouTube videos, and of course such requests can be perfectly legitimate in the case of defamation, hate speech, and pornography. Google lists removal requests from government agencies and courts in its Transparency Report, and indicates if the material was removed and why (for example, YouTube videos promoting terrorism violate the site's Community Guidelines). In other cases, access to material is restricted in certain countries to comply with local legislation.



Filed under: ,

Believe it or not—even MORE internet porn

Posted: 12 Jun 2012 05:19 PM | RM | no comments


In December of 2011, we blogged about the approval of the .xxx TLD (top-level domain) and discussed issues related to how these sites are categorized and how legitimate companies could avoid having their reputation damaged through an .xxx registration.


Under the banner "The Evolution of Online Responsibility," ICM Registry, the company behind .xxx, is now trying to establish .sex, .porn, and .adult to expand its online offerings. A company spokesman says it is prepared to battle for other sex-related TLDs in order to protect its turf, citing the firm's security and trademark protection practices, as well as its zero-tolerance policy toward child sex abuse.



Filed under:

Malicious URLs in Fake Craigslist Emails

Posted: 06 Jun 2012 07:06 PM | Ran Mosessco | no comments

Today, Websense® Security Labs™ ThreatSeeker™ Network has seen a barrage of malicious emails pretending to be automated notifications from Craigslist. These emails instruct the recipient to click a link to complete a Craigslist request. The URLs in these emails redirect the user to malicious...


Filed under:

Reports of 6.4 Million Stolen LinkedIn Passwords

Posted: 06 Jun 2012 03:44 PM | Carl Leonard | 1 comment(s)

LinkedIn is investigating reports that approximately 6.4 million user passwords have been posted on the Web. While the breach is still unconfirmed by LinkedIn (as of the time that we wrote this blog), they have acknowledged on their Twitter feed that their investigations have begun.

If you're a LinkedIn user, Websense® Security Labs recommends that you change your password immediately to help prevent your password from falling into the wrong hands.


After retrieving the password files that are being distributed on forums in the .ru TLD space, it appears that the passwords are hashed. However, based on samples seen by us, it is easy to translate them into clear text. Our initial investigations reveal that a password of "linkedin" features heavily.

It is uncertain how the hackers retrieved the stolen passwords; however, the passwords that users are finding in the hashed files do appear to be real.



Filed under: , , ,