Opinion

Bluelisting – pros and cons

I’m sure most of us are familiar with allowlisting. It’s the idea of filtering applications (or emails, depending on the context) and allowing only those that are explicitly listed.

Well, what about ‘bluelisting’, i.e using a database of digital fingerprints to find pornographic content on a drive?

It’s easy to see why such a solution might be attractive. It could help parents to shield their children from pornographic content. It could help businesses avoid the HR and legal fallout from the presence of such content on corporate systems and eliminate the hit on corporate bandwidth associated with pornographic downloads. And it could help law enforcement agencies track down those storing illegal images.

However, it seems to me that while such an approach may tell us ‘What?’ and ‘Where?’, it does little to tell us ‘Who?’ and ‘How?’; and these are the key questions in a forensic investigation. There have already been several cases of people accused of downloading pornographic content who have claimed that a Trojan was responsible for the download: man cleared of porn charges, trojan responsible for porn and new trial in porn case.

Bluelisting – pros and cons

Your email address will not be published. Required fields are marked *

 

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox