Full Disclosure mailing list archives
Correction to latest Colsaire advisories
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Mon, 13 Sep 2004 18:18:09 +0400
Just to keep correctness. Colsaire could provide better service to it's customers by better researching available information on researched topic. Most of reported content filtering bypassing techniques are already known and described in [1] with credentials believed to be valid. MIME RFC2231 encoding issue - David F. Skoll MIME RFC2047 encoding issue - different authors (different problems were discovered, information from Colsaire advisory is not enough). Content-Transfer-Encoding mechanism issue - different authors MIME field multiple occurrence issue - 3APA3A MIME separator issue - 3APA3A MIME field whitespace issue - 3APA3A MIME RFC822 comment issue (at least partially) - 3APA3A There is also a _lot_ of different bypass techniques Colsaire failed to discover. [1] 3APA3A, Bypassing content filtering whitepaper http://www.security.nnov.ru/advisories/content.asp -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles) +-------------o66o--+ / |/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Correction to latest Colsaire advisories 3APA3A (Sep 13)
- Re: Correction to latest Colsaire advisories Andreas Marx (Sep 15)
- <Possible follow-ups>
- Re: Correction to latest Colsaire advisories advisories (Sep 14)
- Re[2]: Correction to latest Colsaire advisories 3APA3A (Sep 14)
- Re[3]: Correction to latest Colsaire advisories advisories (Sep 14)
- Re[4]: Correction to latest Colsaire advisories 3APA3A (Sep 14)