automatic updates with notification? Silent patching? Microsoft tactics? I also knew websense was a joke but now you have come to this?
On Dec 13, 2007 8:49 AM, Hubbard, Dan <[EMAIL PROTECTED]> wrote: > An added note on this... > > Customers do not need to download nor install any new patch for this > fix. It was automatically updated and installed with our nightly > protocol signature updates. > > > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of The > Security Community > Sent: Wednesday, December 12, 2007 3:32 PM > To: [EMAIL PROTECTED]; Full-Disclosure > Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass > > Mr. HinkyDink would like to share the following with the Security > Community... > > ---------- Forwarded message ---------- > From: <[EMAIL PROTECTED]> > Date: Dec 12, 2007 6:05 PM > Subject: Websense 6.3.1 Filtering Bypass > To: [EMAIL PROTECTED] > > > > Please share this with your little friends... > > ------------------------------------------ > > Websense Policy Filtering Bypass > ================================ > discovered by mrhinkydink > > > PRODUCT: Websense Enterprise 6.3.1 > > EXPOSURE: Web Filtering Bypass > > SYNOPSIS > ======== > > By spoofing the User-Agent header it is possible to bypass filtering > and, > to a lesser extent, monitoring in a Websense Enterprise 6.3.1 > environment. > > PROOF OF CONCEPT > ================ > > The following was tested in an unpatched 6.3.1 system using the ISA > Server > integration product. It is assumed it will work with other integration > products but this has not been tested. Other User Agents may also work. > > I. Install FireFox 2.0.x > > II. Obtain and install the User Agent Switcher browser plug-in by Chris > Pederick > > III. Add the following User Agents to the plug-in > > Description: RealPlayer > User Agent : RealPlayer G2 > > Description: MSN Messenger > User Agent : MSMSGS > > Description: WebEx > User Agent : StoneHttpAgent > > IV. Change FireFox's User Agent to any one of the preceding values > > V. Browse to a filtered Web site > > VI. Content is allowed > > Content browsed via this method will be recorded in the Websense > database > as being in the "Non-HTTP" category. > > Demonstration: http://www.youtube.com/watch?v=pKv41ge8XcQ > > SEE ALSO > ======== > Websense KnowledgeBase article #976 > > The vendor acknowledges this behavior in the aforementioned article. > > WORKAROUND > ========== > Disable the protocols mentioned above. > > VENDOR RESPONSE > =============== > Websense has repaired this issue in database #92938 > > NOTICE > ====== > mrhinkydink is not to be confused with the blogger by the same name > at www.dailykos.com > > c. MMVII mrhinkydink > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > > Protected by Websense Messaging Security ? www.websense.com > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/