Zscaler reports on ‘blackhat’ SEO numbers for December 2010

24. January 2011 · Comments Off on Zscaler reports on ‘blackhat’ SEO numbers for December 2010 · Categories: blog · Tags: , , ,

Zscaler reports on ‘blackhat’ SEO numbers for December 2010.

One of the Social Engineering risks a user must cope with is malicious web page links that show up in Google searches. Google is aware of this problem and works to weed out the “blackhat” website pages that attempt to fool Google’s algorithms.

While Google’s efforts are improving, Zscaler is reporting that in December 2010, Google flagged only 44% of the “blackhat” links that Zscaler identified.

Full disclosure – Zscaler is a Cymbel partner.

Zscaler Research: Why the web has not switched to SSL-only yet?

29. November 2010 · Comments Off on Zscaler Research: Why the web has not switched to SSL-only yet? · Categories: blog · Tags: , ,

Zscaler Research: Why the web has not switched to SSL-only yet?.

Great post following up on the Firesheep threat, detailing the reasons why more websites are not using SSL:

  • Server overhead
  • Increased latency
  • Challenge for CDNs
  • Wildcard certificates are not enough
  • Mixed HTTP/HTTPS: the chicken & the egg problem

Zscaler did a follow up blog post, SSL: the sites which don’t want to protect their users, highlighting popular sites which do not use SSL.

Full disclosure – Zscaler is a Cymbel partner.

YouTube – Black Hat Spam SEO

14. October 2010 · Comments Off on YouTube – Black Hat Spam SEO · Categories: Security-Compliance · Tags: ,

YouTube – Black Hat Spam SEO.

Interesting presentation on Black Hat Spam SEO by Zscaler’s Julien Sobrier.

Fake YouTube page used to infect soccer fans

11. July 2010 · Comments Off on Fake YouTube page used to infect soccer fans · Categories: blog · Tags: , ,

Zscaler discusses yet another example of blackhats drawing unsuspecting fans to fake web pages containing malware. This time it’s a fake YouTube page designed to attract soccer fans during the World Cup.

I call this type of attack, “inside-out,” in the sense that the attacker draws an insider out to a web-page to initiate the attack rather than using the traditional “outside-in” direct attack method of finding and exploiting a network or application vulnerability. While traditional vulnerability assessments are still important, they do not provide the complete picture of your risks.

This is why we recommend a Next Generation Firewall or a Secure Web Gateway which offers protection from this type of social engineering attack.