automatic updates with notification? Silent patching? Microsoft tactics? <br><br>I also knew websense was a joke but now you have come to this?<br><br><br><div class="gmail_quote">On Dec 13, 2007 8:49 AM, Hubbard, Dan <
<a href="mailto:dhubbard@websense.com">dhubbard@websense.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">An added note on this...
<br><br>Customers do not need to download nor install any new patch for this<br>fix. It was automatically updated and installed with our nightly<br>protocol signature updates.<br><div><div></div><div class="Wj3C7c"><br><br>
<br><br><br><br><br>-----Original Message-----<br>From: <a href="mailto:full-disclosure-bounces@lists.grok.org.uk">full-disclosure-bounces@lists.grok.org.uk</a><br>[mailto:<a href="mailto:full-disclosure-bounces@lists.grok.org.uk">
full-disclosure-bounces@lists.grok.org.uk</a>] On Behalf Of The<br>Security Community<br>Sent: Wednesday, December 12, 2007 3:32 PM<br>To: <a href="mailto:bugtraq@securityfocus.com">bugtraq@securityfocus.com</a>; Full-Disclosure
<br>Subject: [Full-disclosure] Fwd: Websense 6.3.1 Filtering Bypass<br><br>Mr. HinkyDink would like to share the following with the Security<br>Community...<br><br>---------- Forwarded message ----------<br>From: <<a href="mailto:dink@mrhinkydink.com">
dink@mrhinkydink.com</a>><br>Date: Dec 12, 2007 6:05 PM<br>Subject: Websense 6.3.1 Filtering Bypass<br>To: <a href="mailto:thesecuritycommunity@gmail.com">thesecuritycommunity@gmail.com</a><br><br><br><br>Please share this with your little friends...
<br><br>------------------------------------------<br><br>Websense Policy Filtering Bypass<br>================================<br>discovered by mrhinkydink<br><br><br>PRODUCT: Websense Enterprise 6.3.1<br><br>EXPOSURE: Web Filtering Bypass
<br><br>SYNOPSIS<br>========<br><br>By spoofing the User-Agent header it is possible to bypass filtering<br>and,<br>to a lesser extent, monitoring in a Websense Enterprise 6.3.1<br>environment.<br><br>PROOF OF CONCEPT<br>
================<br><br>The following was tested in an unpatched 6.3.1 system using the ISA<br>Server<br>integration product. It is assumed it will work with other integration<br>products but this has not been tested. Other User Agents may also work.
<br><br>I. Install FireFox 2.0.x<br><br>II. Obtain and install the User Agent Switcher browser plug-in by Chris<br> Pederick<br><br>III. Add the following User Agents to the plug-in<br><br> Description: RealPlayer
<br> User Agent : RealPlayer G2<br><br> Description: MSN Messenger<br> User Agent : MSMSGS<br><br> Description: WebEx<br> User Agent : StoneHttpAgent<br><br>IV. Change FireFox's User Agent to any one of the preceding values
<br><br>V. Browse to a filtered Web site<br><br>VI. Content is allowed<br><br>Content browsed via this method will be recorded in the Websense<br>database<br>as being in the "Non-HTTP" category.<br><br>Demonstration:
<a href="http://www.youtube.com/watch?v=pKv41ge8XcQ" target="_blank">http://www.youtube.com/watch?v=pKv41ge8XcQ</a><br><br>SEE ALSO<br>========<br>Websense KnowledgeBase article #976<br><br>The vendor acknowledges this behavior in the aforementioned article.
<br><br>WORKAROUND<br>==========<br>Disable the protocols mentioned above.<br><br>VENDOR RESPONSE<br>===============<br>Websense has repaired this issue in database #92938<br><br>NOTICE<br>======<br>mrhinkydink is not to be confused with the blogger by the same name
<br>at <a href="http://www.dailykos.com" target="_blank">www.dailykos.com</a><br><br>c. MMVII mrhinkydink<br><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br><br><br></div></div> Protected by Websense Messaging Security ?
<a href="http://www.websense.com" target="_blank">www.websense.com</a><br><div><div></div><div class="Wj3C7c"><br>_______________________________________________<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" target="_blank">
http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/" target="_blank">http://secunia.com/</a><br></div></div></blockquote></div><br>