Last week, China's largest software programmers' Web site CSDN (China Software Developer Network) was hacked, and account information for more than 6 million users was leaked and quickly spread via the Internet. One day later, Tianya, the biggest Chinese online forum, was reportedly hacked for the account information of 40 million users. This cyber attack has continued, with several well-known sites like the Duowan game, the 7k7k game, the e-commerce sites 360buy and Dangdang, some popular social networking and dating sites being hacked and user data leaked. Some sites' databases have been published on the Internet and can be easily downloaded.

Part of the CSDN leaked database download is shown here:

This incident is the largest data leak ever in China. The public databases contained personal account information, including user names, passwords, and email addresses. This data leak has caused great concern among millions of Chinese "netizens," especially those who use the same user name and password to access multiple Web sites. Clearly, this practice increases risk for these users, as criminals can easily use information from 1 account to log in to a user's other accounts to obtain even banking information.

CSDN and Tianya have since admitted that a user account data leak occurred, but the root cause and scale of the leaks are still under investigation. Both organizations have issued public apologies to users and urged them to change their passwords immediately. They have also asked the police for help.

A contributing factor to the severity of the data leaks is that much of the user information stored in the companies' databases was in plain text with no encryption. CSDN has admitted that old passwords in a backup file were saved in plain text until the year 2009, when they started to encrypt all user information. Unfortunately, the plain text personal data leaked to criminals affected millions of users and will certainly raise great concerns about Web security in the future. 

In an analysis of this data leak, some experts conclude that it was the result of a professional hacker attack technique called "Drag Database." In this technique, hackers first try to exploit the vulnerabilities of a target site. They then inject a Trojan to compromise the site and get the administrator authority to export the user database table, which they either store for future use or upload to the Internet for others to download. This underground industry can earn huge profits for hackers. 

This incident taught a profound lesson to both the Internet industry and individual Internet users. Users should enhance the protection of their personal account information by setting complicated passwords that are hard to crack and changing those passwords regularly. Internet companies should strengthen their user data management, and improve security guarantees and emergency response capabilities.

Websense made five predictions for security trends in the year 2011, and this huge data leak exactly matched the third prediction in that list:

Prediction #3: Status update: More corporate data breaches will occur over social media channels. 

• Search poisoning won’t be limited to Google, it will migrate to Facebook. Hackers will manipulate Facebook search algorithms to trick users into visiting fake brand and celebrity pages and increase exposure to malware.

• Employees will post confidential corporate data to public pages.

• Social media users will also be vulnerable to spam and malicious data-stealing content.

Websense security products can protected customers from this kind of data leakage incidents through our DLP(Data Loss Prevention) technology and TRITON™ solutions.

You may already know about the recent launch of the .xxx domain that is designed for websites with adult content. 

That is just the tip of the iceberg. ICANN (Internet Corporation for Assigned Names and Numbers), the organization that coordinates the Internet’s addressing system, has announced a major evolution in the naming possibilities for generic top-level domains (gTLDs).

Most Internet users are familiar with current gTLDs such as .com, .org, .edu, and so forth. Of course, there are also ccTLDs, two-letter country-code top-level domains, such as .us, .uk, .fr, .il (about 250 at the moment).

Beginning in 2012, ICANN is planning to allow any word in any alphabet (including non-ASCII) to be used as a gTLD, opening up the possibility for .pizza, .chocolate, .vodka, .מזלטוב ("Good luck" in Hebrew), and just about anything else you can imagine. 

ICANN anticipates that hundreds of new gTLDs will be added to the current 22. 

But don’t expect to see .fred or .smithfamily anytime soon, since the process for obtaining a gTLD is much more complex and expensive than getting a vanity plate for the family car. You’ll need to jump through a lot of legal and regulatory hoops, survive multiple reviews and objections, and pony up at least U.S. $185,000 in evaluation fees. Despite all this, ICANN expects to receive about 400-500 applications in the first round of applications (submissions will be accepted from January 12 through April 12, 2012). If you feel inspired to create a new ".something" and have a lot of spare change, check out the Applicant Guidebook for detailed information on how to apply for a new generic top-level domain.

What name would you be willing to pay $185,000 to have?

No matter what names are registered, you can bet that through various means, cybercrime syndicates will figure out how to take advantage of the situation. Websense® customers will still be protected with our Advanced Classification Engine, ACE, that will filter websites based on the content of the site and not necessarily on the top-level domain. 

We blogged about the Epsilon data breach to give our customers a heads-up on the situation.  Recently, our ThreatSeeker® Network discovered a Web attack that takes advantage of the unfortunate news.  As with anything our ThreatSeeker Network discovers, Websense customers are protected by ACE, our Advanced Classification Engine.

The attack is hosted on a Web page that has a very professional look and feel, and uses convincing social engineering techniques to lure victims.  The attack page is basically a cut-and-paste copy of the HTML code from the original Epsilon press release. This provides the professional appearance of the Epsilon site to lure victims. The big difference is that the attack page provides a malicious binary download.

Screenshot of the Epsilon attack page:

Screenshot of the attack page source code:

The attack page tries to get visitors to download the malicious binary by convincing them that there was an update to the press release dated April 8th.  The "update" states that Epsilon's investigation into the data leak has revealed that personally identifiable information was lost in the attack. The fake update goes on to state that people can check to see if their personal information was lost by downloading and installing an "Epsilon Secure Connect Tool."  The downloaded file is called EpsilonSecureConnect.exe and has little detection as a Trojan dropper.

With the end of the Christmas and New Year periods, Websense has seen the first notable spike in the number of spam messages processed by our Hosted Email Security services.  Could this spike indicate an upturn toward pre-November 2010 spam levels, or alternatively could it be just a blip in the spam universe?

Recently we spoke with several news agencies discussing the decline in spam volumes during the Christmas period and December 2010.  You can familiarize yourself with that story by looking at the article here on the BBC.

Today we noticed a spike in activity starting just after midnight on Monday morning UK time.  As long as there is profit in spam, global spam senders are not going to go away any time soon.

This spike is evident in the graph below which charts messages processed per second over the last 3 weeks:

Over the last 6 months the sharp decrease over the Christmas period is even more apparent:

The spike in spam today appears to be attributable to medical spam using Russian domains that we have seen used before.  This spam has a subject like "<email address> VIAGRA Official <random number>%"

Example subjects in malicious emails we are seeing today come from spam senders known to our service and include subjects such as:

    * Your friend invited you to Twitter!
    * You have received A Hallmark E-Card!
    * You have got a new message on Facebook!
    * Shipping update for your Amazon.com order

We will continue to monitor the situation and as usual, Websense customers are protected against the Return Of The Spam using ACE, our Advanced Classification Engine technology.

We are pleased to announce today that Karabunga, Inc., the company behind Defensio, will be joining forces with Websense, Inc. (NSDQ: WBSN).

This is obviously a big day for us and we are very excited to be teaming up with one of the Internet's leading security companies.

So what does this mean for you, our beloved users?  You can take comfort in knowing that that we currently have no plans to change the existing service -- so just go ahead, keep using Defensio and keep spreading the good word.  It is definitely here to stay and will remain free for personal bloggers.

Websense has developed some revolutionary technology that we will be able to leverage in the very near future. This means more effective spam filtering for you and some headaches for the bad guys. We'd like send out a huge thanks to everyone (users, developers, bloggers) that has contributed to making Defensio what it is today. Without you, none of this would have been made possible.  THANK YOU!

If you have not started using our API yet, there has never been a better time to take the plunge. Now with Websense in our corner, the Defensio of tomorrow will be even better!

See the official announcement from Websense.

With WordPress 2.7 just around the corner, you know we've been working hard to support it, right?  And today, we're happy to announce that we're ready for 2.7!

If you're using the release candidate of WordPress 2.7, you can upgrade to Defensio for WordPress 2.0 through the "plugins" page of your WordPress installation, or simply by downloading the archive here.

Please note that WordPress 2.7 is not yet released and some things may change.  You can count on us to do our best at keeping up with our friends in San Francisco.

This release is the first public release for WP 2.7 and while it has been extensively tested, a few things may break with 2.7 or with "legacy" versions of WP. If you experience problems, please report them to us.  

Please note that we also deprecated support for versions of WordPress older than 2.3.  It may still work, but we don't support it.  If you're in this situation, it might be a good idea to upgrade your WordPress installation.

Hope you enjoy this new release!

Google recently acquired Textcube, a Korean blogging platform that looks very promising.  To our surprise, we discovered that a Defensio plugin was already available for Textcube!

We're glad to add it to our list of supported platforms.  You can download it on the Defensio for Textcube page.

I guess we're doing a good job at filtering spam!  Spammers hate us and they attacked us last night. Unfortunately, it might have resulted in a few bumps for you, for example, spam making it through.

Although attacks are hard to prevent, we've taken steps to make our servers more resistant in the future.  Sorry for the inconvenience.

Good news!

By popular request, we just started hosting our WordPress plugin code on GitHub!  You can now stay up-to-date with our development effort and even help us by implementing the features you want.

GitHub (and Git) make collaborating on software easy.  Everybody can now fork our plugin to implement new features or fix a bug.  We'll be happy to integrate any changes we feel will benefit other users.

If you're not that much of a coder, you can still help!  We definitely need people to test the freshly baked code you'll find at GitHub.

Our GitHub page is at http://github.com/defensio.  Oh... and if you don't know what Git is yet, you should definitely check out PeepCode's great video on the subject ($9, but worth every penny).

We have also created a ticket tracker at Lighthouse.  You can now submit your bugs or feature requests here: http://karabunga.lighthouseapp.com

Happy collaboration!

WordPress 2.6 was released this morning.  Defensio works fine with it, so upgrade without fear!