Blog Archives

150 Ways To Bypass Web Application Firewalls In One Tool


A tool for testing if Web application firewalls (WAFs) are vulnerable to around 150 protocol-level evasion techniques was released at the Black Hat USA 2012 security conference on Wednesday.

The tool and the research that went into its creation are the work of Ivan Ristic, director of engineering at security vendor Qualys and the original author of the popular ModSecurity Web application firewall.

Web application firewalls are designed to protect Web applications from known attacks, such as SQL injection attacks, that are commonly used to compromise websites. They do this by intercepting requests sent by clients and enforcing strict rules about their formatting and payload.

However, there are various methods for sneaking malicious requests that violate these rules past WAFs by modifying certain parts of their headers or the paths of requested URLs. These are known as protocol-level evasion techniques, and WAFs are not properly equipped to deal with them at the moment because the techniques are not very well documented, Ristic said.

The researcher tested the evasion techniques he found primarily against ModSecurity, an open source Web application firewall, but it’s reasonable to assume that other WAFs are vulnerable to some of them as well.

In fact, Ristic said he shared a few of the techniques with others during the research stage and that they had tested them successfully against some commercial WAF products.

Erwin Huber Dohner, head of research and development at Switzerland-based WAF vendor Ergon Informatik, confirmed after seeing Ristic’s presentation that the evasion methods are a problem for the industry.

Source: Tool released at Black Hat contains 150 ways to bypass Web application firewalls | Security – InfoWorld.

The question is will this public release of research kick-start a discussion as Mr. Ristic hopes?



Troubleshooting a Slow Network Connection

Great tips on network troubleshooting from the CompTia IT Pro networking blog.

  • Problem at the physical layer: Many times, I’ve found that slow networks occur because of some sort of problem with a particular device(e.g., a cable modem or a switch), or even the network cable itself. If you’re using a cable modem, try restarting it before contacting anyone or going any further. Check to see that all physical connections are sound; a loose wire can mimic other problems. Start here, and you’ll be able to move forward with confidence. Additional issues can include firmware update problems. One time, I had a cable modem that simply “bricked” because my ISP’s automatic update procedure failed. Other times, I’ve found that a cable modem hasn’t fully installed a firmware update, causing slowness. Sometimes you need to get a new modem; other times, you simply need to either complete the firmware update or simply restart it.
  • Network service problem: Start with diagnosing DNS issues. We all know what a completely failed DNS server can do to you. But have you ever been in a situation where you go to a familiar URL (e.g., and then the browser tells you that it is “looking up” or “resolving” the URL? It will eventually find the URL and resolve it for you. This problem is likely due to a problem with your DNS server of that of your ISP. Restart the service if it’s your own; if you’re using a DNS server provided by the ISP, either switch to a backup server or inform them that there’s a problem. As with the previous piece of advice, actually restarting your computer can help resolve this issue, too. Additional services to consider include domain controllers, Microsoft networking / Samba servers, and torrent services. In some cases, network traffic will run slow because your network isn’t configured to prioritize certain traffic types. In other cases, you’ll need to set up port forwarding so that certain traffic types on your network will be properly forwarded by your router. For those of you interested in how an enterprise network prioritizes traffic, check out the following link about QoS.
  • Computing device issue: I once had a friend of mine who was convinced that his company’s ISP was at fault for slow network speeds. It turned out that his system was infested with spyware, causing a serious slowdown in networking. Removing the spyware solved the problem. In another case, the computing device had a problem because it had the wrong software driver installed for the network card. Resolving that issue resolved the slowdown issue nicely.

Head to the source to find out some other things to investigate when dealing with a slow network connection.

Enhanced by Zemanta

Adding a Delicious share button …

Do you utilize for your website or blog?

Deutsch: Neues Logo Delicious (seit) English: ...

Image via Wikipedia

If you do then you are likely aware of the share options that were implemented.

You may also have noticed that Delicious was not one of the options included.

So how do you create a share button for Delicious?  Utilize this information after clicking on “Add a new service.”

You can then add the service along with the other “Share” options.

Enhanced by Zemanta

Easier to move to self-hosted WordPress

The logo of the blogging software WordPress.
Image via Wikipedia

Have you started your blog on WordPress().com, and then thought about moving on to a self-hosted WordPress installation? The move gives you more freedom, but it also hurts your blog’s SEO rankings. Now, however, WordPress offers a solution: Offsite Redirect.

The new feature, which can be accessed in your dashboard under “Upgrades,” lets you permanently redirect your blog to another web address. The upgrade is not free, but it costs an affordable $12 per year.

Once you purchase the upgrade, you can manage your redirect under Upgrades -> Domains, where you can change the destination URL (or suspend the redirect) as you please. (Source: Mashable)

For those WordPress users that don’t self-host yet, what do you think of this move?

Powered by ScribeFire.


Enhanced by Zemanta

11 hidden security threats and how to stop

This is a must read.

Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users.

Don’t let that happen to you. Read on for descriptions of 11 of the most recent and most malignant security threats, as well as our complete advice on how to halt them in their tracks. (Source: Infoworld)

Here are the threats:

1. Shortened URLs

2. Data Harvesting

3. Social Network Impostors

4. Web Snooping

5. Scareware

6. Trojan horse texts

7. Lost laptops, exposed data

8. Rogue Wi-Fi hotspots

9. Weak Wi-Fi security

10. Endangered data backups

11. Unpatched software

Go here to learn about the threats and how to protect against them.  And learn about 5 security myths as well.

Reblog this post [with Zemanta]

Vetting Twitter links

Image representing Twitter as depicted in Crun...
Image via CrunchBase

This is good.

As Twitter becomes increasingly abused by hackers, Finjan Software released on Tuesday a free browser add-on with a new feature that scans links and warns if they point to a page containing malware.

The SecureTwitter component is wrapped into SecureBrowsing, a plug-in for either the Firefox or Internet Explorer browsers, said Yuval Ben-Itzhak, Finjan’s CTO.

ecureTwitter is designed to warn people about links that people post on the micro-blogging service. Because of Twitter’s 140-character limit, most of the URLs (Uniform Resource Locators) posted have been shortened using services such as or TinyURL.

Those services completely obscure the true destination of the link, which is dangerous since users have no idea that they could be directed straight to a site that will look for software vulnerabilities in order to infect the PC with malware.

Even if a URL isn’t shortened, it’s nearly impossible to tell if a site may host malware since many legitimate sites have been hacked, too.

“The hacker is taking advantage that their content is now being served by legitimate sites, and there’s high traffic on these sites today,” Ben-Itzhak said. “This is how they distribute their malicious code.”

How does it work?

SecureBrowsing shows either a green check next to a link indicating that the target Web site is fine or a red “X” if it’s bad. SecureBrowsing may also show a question mark if the site can’t be scanned.

Upon visiting Twitter, users will see a rotating circle as Finjan is scanning the URLs. The links are sent to Finjan’s data center, which performs the scan and reports back within a couple of seconds. A pop-up window contains a link that will take a user to Finjan’s site for an explanation of why the site has been flagged as bad.

SecureBrowsing will also scan links in other Web-based services and social networking sites such as Bebo, Digg, Slashdot, MySpace, Gmail and for Google and Yahoo searches. (Source: Free security add-on vets Twitter links – InfoWorld Security Center)

Reblog this post [with Zemanta]
%d bloggers like this: