Simplysecurity

Ok, does anybody use Websense as a Web filtering product?

I was 'trapped' in Websense Corporate 6.3 for about 3 minutes. That was the time, that I needed to view some forbidden sites, like Internet Auctions, or sport news. The security and development level of this product is slight zero.

Reminding: Websense Corporate filters web content and denies it, or accepts. There are many options, and the best are- reports generated whenever needed, which shows us our workers productivity by counting how long they are surfing on the Internet. Websense is number 1. in the world, and for sure it has no commercial 'enemies'.
Ok, how to do it? I found 5 ways in 3 minutes. One of them HTTP-Tunnel:

[root@pldmachine ~]# htc -V
htc (httptunnel) 3.3

[root@pldmachine ~]# hts -V
hts (httptunnel) 3.3

Just use your home machine as server, and start a client at work. Forward port on server into your sshd, or into your local proxy. That will allow you to surf through your home proxy through http-tunnel. No 'expert' IT skills needed here. You can even use Windows HTTP-Tunnel client and some free server.

Another idea was to use java/activex for redirection. It was working just fine! Freeware applets allow you to use Browser in Browser Window. You can surf where ever you want.

There are many more, the mistakes are made while detecting the content of destination addresses and header (mime) processing. Also the http-Tunnel connection isn't logged correctly. There is a bug in Reporting module which just don't show the right numbers. You can use the tunnel for 24 hours, it will show you 30 minutes. Websense as a number 1 in the world, should present us better software. Instead we have software which even a student will find after few hours of use.
ps. Websense programmers are funny - learn to detect HTTP-Tunnels
If you want to read about more methods please buy Computer Week 05/07. I will publish next news about it in a week. Till then, *cheers*, surf in work!


PL: Websense odpowiedzialny za filtrowanie zawartości WWW, można ominąć w 3 minuty.
Najpopularniejszy produkt na świecie szokuje prymitywnością skanowania zawartości, a także zabezpieczeniami. Testując ten produkt, odniosłem wrażenie że jest to program napisany przez studenta a nie produkt, który jest światowym liderem.
Zapraszam do lektury po Polsku za dwa tygodnie w tygodniku Computerworld.

Did any one think about hardcore values ?

"The basic data unit in computers is bits, and every 8 bits are converted to a byte. In the process, the actual bits never change, but rather the logical meaning. For instance, the difference between a signed and unsigned is up to the program to recognize the MSB as sign bit nor data bit. As there is no absolute way to define a group of bits, different interpretation becomes possible." - from smashthestack paper,
There was only one interpratation of hardcore value number 58623, as a ret addr using its value jmp *%ESP.

58623 translates into FFE4 and that means JMP *%ESP

But I found a second one, that gives more possibilities when playing with the process. 54527 translates into FFD4 and that means CALL *%ESP.
(gdb) x/1i main+22
0x80483ba : call *%esp

0x80483ba will not change durring next debug(next run), why? 2.6 kernel doesn't randomise this sector. Why? Google more,
I will publish a project about this value in few days.

Hauptthema backdooring. Ich veröffentlichte eine neue backdooring Methode, die backdooring Nonp2p genannt wurde. Ich füge Projekt dem blaass.net Aufstellungsort an den Tagen hinzu. Bis dann besuchen Sie:

I was lecturing on a security conference in Krakau-PL. Topic touched: backdooring & hacking. I published a new techique called Nonp2p backdooring. I will add description shortly. Till then, visit:

La matière principale backdooring. J'ai édité une nouvelle méthode backdooring appelée Nonp2p backdooring. J'ajouterai le projet à l'emplacement de blaass.net des jours. Jusqu'à puis visitez :


security.proidea.org.pl