Bugtraq mailing list archives
Re: SurfControl Bypass Vulnerability
From: ASMDood <asmdood () NC RR COM>
Date: Fri, 23 Mar 2001 06:49:05 -0500
Yeah, I wrote that article. I also found the ones mentioned below. It seems as if the database (encrypted or not), only acts as a reference. No actual reverse DNS lookups are happening and no checking further than straight text against the database are happening. Maybe this has something to do with the report that came out a couple of weeks ago when it was reported that the most effective filter only works 80% of the time. What I *really* don't get is why one day some website like www.microsoft.com or www.mindspring.com will be fine, and the next day (after the nightly update) it's now being blocked as "Sexually Explicit". Something isn't right with that picture. Now, if they had a category for "Mediocre Software", I'd understand it. ========================================================= As far as I know, this, or close variations on this (ie, 0yyy.0yyy.0yyy.0yyy, or turning the whole thing into binary, removing the dots, and reconverting to decimal, hex, etc.) work on most, if not all web censors/filters. Reference 2600, Vol 17, #3, Fall 2000 (www.2600.com), p43. Sean Kelly -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Witter, Franklin Sent: Tuesday, March 20, 2001 12:07 PM To: BUGTRAQ () SECURITYFOCUS COM Subject: SurfControl Bypass Vulnerability
Current thread:
- Re: SurfControl Bypass Vulnerability, (continued)
- Re: SurfControl Bypass Vulnerability Paul Cardon (Mar 23)
- Re: SurfControl Bypass Vulnerability Dan Harkless (Mar 25)
- Re: SurfControl Bypass Vulnerability Ben Ford (Mar 26)
- Re: SurfControl Bypass Vulnerability Valdis Kletnieks (Mar 26)
- Re: SurfControl Bypass Vulnerability c0ncept (Mar 26)
- Re: SurfControl Bypass Vulnerability Ryan Russell (Mar 26)