[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e9d9d4020712131045o6f70f600w4057f2817b4d990@mail.gmail.com>
Date: Thu, 13 Dec 2007 12:45:52 -0600
From: reepex <reepex@...il.com>
To: "Hubbard, Dan" <dhubbard@...sense.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: Fwd: Websense 6.3.1 Filtering Bypass
automatic updates with notification? Silent patching? Microsoft tactics?
I also knew websense was a joke but now you have come to this?
On Dec 13, 2007 8:49 AM, Hubbard, Dan <dhubbard@...sense.com> wrote:
> An added note on this...
>
> Customers do not need to download nor install any new patch for this
> fix. It was automatically updated and installed with our nightly
> protocol signature updates.
>
>
>
>
>
>
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of The
> Security Community
> Sent: Wednesday, December 12, 2007 3:32 PM
> To: bugtraq@...urityfocus.com; Full-Disclosure
> Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass
>
> Mr. HinkyDink would like to share the following with the Security
> Community...
>
> ---------- Forwarded message ----------
> From: <dink@...inkydink.com>
> Date: Dec 12, 2007 6:05 PM
> Subject: Websense 6.3.1 Filtering Bypass
> To: thesecuritycommunity@...il.com
>
>
>
> Please share this with your little friends...
>
> ------------------------------------------
>
> Websense Policy Filtering Bypass
> ================================
> discovered by mrhinkydink
>
>
> PRODUCT: Websense Enterprise 6.3.1
>
> EXPOSURE: Web Filtering Bypass
>
> SYNOPSIS
> ========
>
> By spoofing the User-Agent header it is possible to bypass filtering
> and,
> to a lesser extent, monitoring in a Websense Enterprise 6.3.1
> environment.
>
> PROOF OF CONCEPT
> ================
>
> The following was tested in an unpatched 6.3.1 system using the ISA
> Server
> integration product. It is assumed it will work with other integration
> products but this has not been tested. Other User Agents may also work.
>
> I. Install FireFox 2.0.x
>
> II. Obtain and install the User Agent Switcher browser plug-in by Chris
> Pederick
>
> III. Add the following User Agents to the plug-in
>
> Description: RealPlayer
> User Agent : RealPlayer G2
>
> Description: MSN Messenger
> User Agent : MSMSGS
>
> Description: WebEx
> User Agent : StoneHttpAgent
>
> IV. Change FireFox's User Agent to any one of the preceding values
>
> V. Browse to a filtered Web site
>
> VI. Content is allowed
>
> Content browsed via this method will be recorded in the Websense
> database
> as being in the "Non-HTTP" category.
>
> Demonstration: http://www.youtube.com/watch?v=pKv41ge8XcQ
>
> SEE ALSO
> ========
> Websense KnowledgeBase article #976
>
> The vendor acknowledges this behavior in the aforementioned article.
>
> WORKAROUND
> ==========
> Disable the protocols mentioned above.
>
> VENDOR RESPONSE
> ===============
> Websense has repaired this issue in database #92938
>
> NOTICE
> ======
> mrhinkydink is not to be confused with the blogger by the same name
> at www.dailykos.com
>
> c. MMVII mrhinkydink
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> Protected by Websense Messaging Security ? www.websense.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists