A tool for testing if Web application firewalls (WAFs) are vulnerable to around 150 protocol-level evasion techniques was released at the Black Hat USA 2012 security conference on Wednesday.
The tool and the research that went into its creation are the work of Ivan Ristic, director of engineering at security vendor Qualys and the original author of the popular ModSecurity Web application firewall.
Web application firewalls are designed to protect Web applications from known attacks, such as SQL injection attacks, that are commonly used to compromise websites. They do this by intercepting requests sent by clients and enforcing strict rules about their formatting and payload.
However, there are various methods for sneaking malicious requests that violate these rules past WAFs by modifying certain parts of their headers or the paths of requested URLs. These are known as protocol-level evasion techniques, and WAFs are not properly equipped to deal with them at the moment because the techniques are not very well documented, Ristic said.
The researcher tested the evasion techniques he found primarily against ModSecurity, an open source Web application firewall, but it’s reasonable to assume that other WAFs are vulnerable to some of them as well.
In fact, Ristic said he shared a few of the techniques with others during the research stage and that they had tested them successfully against some commercial WAF products.
Erwin Huber Dohner, head of research and development at Switzerland-based WAF vendor Ergon Informatik, confirmed after seeing Ristic’s presentation that the evasion methods are a problem for the industry.
The question is will this public release of research kick-start a discussion as Mr. Ristic hopes?
- Vulnerabilities in open source WAF ModSecurity (net-security.org)
- Protocol-Level Evasion of Web Application Firewalls (community.qualys.com)
- Web Application Firewalls and the False Sense of Security They can Create (acunetix.com)
Great tips on network troubleshooting from the CompTia IT Pro networking blog.
- Problem at the physical layer: Many times, I’ve found that slow networks occur because of some sort of problem with a particular device(e.g., a cable modem or a switch), or even the network cable itself. If you’re using a cable modem, try restarting it before contacting anyone or going any further. Check to see that all physical connections are sound; a loose wire can mimic other problems. Start here, and you’ll be able to move forward with confidence. Additional issues can include firmware update problems. One time, I had a cable modem that simply “bricked” because my ISP’s automatic update procedure failed. Other times, I’ve found that a cable modem hasn’t fully installed a firmware update, causing slowness. Sometimes you need to get a new modem; other times, you simply need to either complete the firmware update or simply restart it.
- Network service problem: Start with diagnosing DNS issues. We all know what a completely failed DNS server can do to you. But have you ever been in a situation where you go to a familiar URL (e.g., http://www.bbc.co.uk) and then the browser tells you that it is “looking up” or “resolving” the URL? It will eventually find the URL and resolve it for you. This problem is likely due to a problem with your DNS server of that of your ISP. Restart the service if it’s your own; if you’re using a DNS server provided by the ISP, either switch to a backup server or inform them that there’s a problem. As with the previous piece of advice, actually restarting your computer can help resolve this issue, too. Additional services to consider include domain controllers, Microsoft networking / Samba servers, and torrent services. In some cases, network traffic will run slow because your network isn’t configured to prioritize certain traffic types. In other cases, you’ll need to set up port forwarding so that certain traffic types on your network will be properly forwarded by your router. For those of you interested in how an enterprise network prioritizes traffic, check out the following link about QoS.
- Computing device issue: I once had a friend of mine who was convinced that his company’s ISP was at fault for slow network speeds. It turned out that his system was infested with spyware, causing a serious slowdown in networking. Removing the spyware solved the problem. In another case, the computing device had a problem because it had the wrong software driver installed for the network card. Resolving that issue resolved the slowdown issue nicely.
Head to the source to find out some other things to investigate when dealing with a slow network connection.
- FBI Report on DNSChanger Malware (bespacific.com)
- Google Public DNS serves 70 billion daily requests (slashgear.com)
Have you started your blog on WordPress().com, and then thought about moving on to a self-hosted WordPress installation? The move gives you more freedom, but it also hurts your blog’s SEO rankings. Now, however, WordPress offers a solution: Offsite Redirect.
The new feature, which can be accessed in your dashboard under “Upgrades,” lets you permanently redirect your WordPress.com blog to another web address. The upgrade is not free, but it costs an affordable $12 per year.
For those WordPress users that don’t self-host yet, what do you think of this move?
Powered by ScribeFire.
- Hello, Goodbye: Offsite Redirect Upgrade – WordPress.com (en.blog.wordpress.com)
- Leaving WordPress.com? Your traffic and SEO will follow with Offsite Redirect. (thenextweb.com)
- Optimize WordPress Single post with SEO-Tool – Keyword Density Checker WordPress Plugin (shoutmeloud.com)
- Full Circle: WordPress.com Adopts Windows Live Spaces (technobabbl.es)
This is a must read.
Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users.
Don’t let that happen to you. Read on for descriptions of 11 of the most recent and most malignant security threats, as well as our complete advice on how to halt them in their tracks. (Source: Infoworld)
Here are the threats:
1. Shortened URLs
2. Data Harvesting
3. Social Network Impostors
4. Web Snooping
6. Trojan horse texts
7. Lost laptops, exposed data
9. Weak Wi-Fi security
10. Endangered data backups
11. Unpatched software
Go here to learn about the threats and how to protect against them. And learn about 5 security myths as well.
Related articles by Zemanta
- 5 Top Tips on How to Stay Safe While Using WiFi Abroad (travelblissful.com)
- Fake Spyware Blockers Are the New Internet Threat In 2010 (prweb.com)
- Pop-Up Security Warnings Pose Threats (deurainfosec.com)
This is good.
ecureTwitter is designed to warn people about links that people post on the micro-blogging service. Because of Twitter’s 140-character limit, most of the URLs (Uniform Resource Locators) posted have been shortened using services such as Bit.ly or TinyURL.
Those services completely obscure the true destination of the link, which is dangerous since users have no idea that they could be directed straight to a site that will look for software vulnerabilities in order to infect the PC with malware.
Even if a URL isn’t shortened, it’s nearly impossible to tell if a site may host malware since many legitimate sites have been hacked, too.
“The hacker is taking advantage that their content is now being served by legitimate sites, and there’s high traffic on these sites today,” Ben-Itzhak said. “This is how they distribute their malicious code.”
How does it work?
SecureBrowsing shows either a green check next to a link indicating that the target Web site is fine or a red “X” if it’s bad. SecureBrowsing may also show a question mark if the site can’t be scanned.
Upon visiting Twitter, users will see a rotating circle as Finjan is scanning the URLs. The links are sent to Finjan’s data center, which performs the scan and reports back within a couple of seconds. A pop-up window contains a link that will take a user to Finjan’s site for an explanation of why the site has been flagged as bad.
SecureBrowsing will also scan links in other Web-based services and social networking sites such as Bebo, Digg, Slashdot, MySpace, Gmail and for Google and Yahoo searches. (Source: Free security add-on vets Twitter links – InfoWorld Security Center)
Related articles by Zemanta
- bit.ly Campaigns with Google Analytics (thenextweb.com)
- Techcrunch VS Mashable: Traditional or New Media! (ceoworld.biz)
- Long URL Please Prevents You From Getting Rick Rolled (Firefox) (makeuseof.com)