HoneyJax: new web 2.0 honeypot systems unveiled by Websense
At the Defcon security conference in Las Vegas this week, security service provider Websense released details of a new honeypot technology aimed at capturing malicious activities in the web 2.0 space such as social networking and AJAX-enabled commercial web sites.
This is active client technology, designed to interact with web 2.0 sites in order to attract and document abuse. It comes in three flavours. Passive HoneyJax creates and monitors tempting accounts in existing web 2.0 space, such as social networking and auction sites, but does not actively promote them to potential users. Active HoneyJax, however, employs agents that join networks, solicit joiners to the HoneyJax-created network, and respond to requests in the same manner that a real user might. The third type, Passive Aggressive HoneyJax uses social engineering to attract users by use of popular themes such as music, contests or people directories.
Dan Hubbard, VP of research at Websense, told heise Security that considerable interest has already been shown in HoneyJax by security service providers, large-scale corporate sites using web 2.0 technologies and law enforcement agencies. He added that although the new tools are primarily to be deployed by Websense, "...we encourage others, with the right skills, motives, and uses, to deploy them for their own purposes. Provided they are following terms and conditions of site owners, etc."
- honeyjax_defcon2007 (PDF), Defcon HoneyJax presentation from Websense
- Websense Implements Early-Warning System for Web 2.0 Threats, Press release from Websense