lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <883C6B6D74BBFB43A0504DB58B1F537F0999322C@SSDEXCH1B.websense.com>
Date: Thu, 13 Dec 2007 13:44:36 -0800
From: "Hubbard, Dan" <dhubbard@...sense.com>
To: "reepex" <reepex@...il.com>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: Fwd: Websense 6.3.1 Filtering Bypass

It's a patch to the protocol signature database, happens nightly. 

 

 

 

From: reepex [mailto:reepex@...il.com] 
Sent: Thursday, December 13, 2007 10:46 AM
To: Hubbard, Dan; full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass

 

automatic updates with notification? Silent patching? Microsoft tactics?


I also knew websense was a joke but now you have come to this?



On Dec 13, 2007 8:49 AM, Hubbard, Dan < dhubbard@...sense.com> wrote:

An added note on this... 

Customers do not need to download nor install any new patch for this
fix. It was automatically updated and installed with our nightly
protocol signature updates.








-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto: full-disclosure-bounces@...ts.grok.org.uk
<mailto:full-disclosure-bounces@...ts.grok.org.uk> ] On Behalf Of The
Security Community
Sent: Wednesday, December 12, 2007 3:32 PM
To: bugtraq@...urityfocus.com; Full-Disclosure 
Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass

Mr. HinkyDink would like to share the following with the Security
Community...

---------- Forwarded message ----------
From:  < dink@...inkydink.com <mailto:dink@...inkydink.com> >
Date: Dec 12, 2007 6:05 PM
Subject: Websense 6.3.1 Filtering Bypass
To: thesecuritycommunity@...il.com



Please share this with your little friends... 

------------------------------------------

Websense Policy Filtering Bypass
================================
discovered by mrhinkydink


PRODUCT: Websense Enterprise 6.3.1

EXPOSURE: Web Filtering Bypass 

SYNOPSIS
========

By spoofing the User-Agent header it is possible to bypass filtering
and,
to a lesser extent, monitoring in a Websense Enterprise 6.3.1
environment.

PROOF OF CONCEPT
================

The following was tested in an unpatched 6.3.1 system using the ISA
Server
integration product.  It is assumed it will work with other integration
products but this has not been tested.  Other User Agents may also work.


I.  Install FireFox 2.0.x

II. Obtain and install the User Agent Switcher browser plug-in  by Chris
   Pederick

III. Add the following User Agents to the plug-in

    Description: RealPlayer 
    User Agent : RealPlayer G2

    Description: MSN Messenger
    User Agent : MSMSGS

    Description: WebEx
    User Agent : StoneHttpAgent

IV.  Change FireFox's User Agent to any one of the preceding values 

V.   Browse to a filtered Web site

VI.  Content is allowed

Content browsed via this method will be recorded in the Websense
database
as being in the "Non-HTTP" category.

Demonstration: http://www.youtube.com/watch?v=pKv41ge8XcQ

SEE ALSO
========
Websense KnowledgeBase article #976

The vendor acknowledges this behavior in the aforementioned article. 

WORKAROUND
==========
Disable the protocols mentioned above.

VENDOR RESPONSE
===============
Websense has repaired this issue in database #92938

NOTICE
======
mrhinkydink is not to be confused with the blogger by the same name 
at www.dailykos.com

c. MMVII mrhinkydink

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



 Protected by Websense Messaging Security ? www.websense.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/





Click here
<https://www.mailcontrol.com/sr/Jo+9N2kMkss75ZucUpZhRp2tihLnD5c4rWWfdAaP
U9YfGN7ptLE6OsoAO+XvfwiHtEzvgPLjSZPxcw3B5Y5XDyPFvOGuUpO5Q87uxOwIFjMpxw1i
utg6REZstBhj9JnKPoif2919X!Ptf6Kif6flhzLOBSUMW3t2nYXR!5Lo3JL+oiz30xcCB4E7
ak4hnJfmdA+ZQfG1SxBSBKtqujQEyHUQ!9WMdjXr>  to report this email as spam.


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ