Hackin9

InfoSec News


Traveling a lot? You may still be one of the unlucky few who not only connects to hotel networks regulary, but doesnt have easy access to a VPN to bypass all the nastyness they introduce. In addition, even some normal ISPs do introduce a feature called transparent proxy to manage traffic. Transparent proxies are nice in that they are easy to setup up and invisible (transparent) to the user. However, the browser isnt aware of them, and as a result the transparent proxy even if configured non-malicious can still cause confusion bout the same origin policy browser depend on to isolate web sites from each other.

A transperent proxy works in conjunction with a firewall. The firewall will route traffic to the proxy, but changing the desitination IP address of the packet to the proxys IP address. The proxy now relies on the Host header to identify the target site. As a result, the relationship between IP address and host name that the client established is lost.

There is a pretty simple test to figure out if you are behind a simple transparent proxy: Telnet to a random IP address (e.g. 192.0.2.1) on port 80. Then, copy/past a simple HTTP request, that includes the host header (the part you type is shown in bold font:

telnet 192.0.2.1 80

Trying 192.0.2.1...

Connected to 192.0.2.1 (192.0.2.1).

Escape character is ^].

GET /infocon.txt HTTP/1.1

Host: isc.sans.edu



If this works, and you are connected to isc.sans.edu and not 192.0.2.1 (which doesnt exist), then you are behind a proxy. The response may now also include headers inserted by the proxy. For example (abbreviated):

charset=UTF-8

Via: 1.0 localhost:3128 (squid/2.7.STABLE9) --- PROXY HEADER





And other similar headers. (X-Cache-Lookup, X-Cache ...)



If https connections are proxied, you will also see SSL warnings. Disconnect if you see them. Using an open internet connection without a VPN to tunnel you back to the safety of the known-evil home ISP is your best choice. There are plenty of decent options. Some home routers now include either OpenVPN or IPsec gateways. Personally, I like OpenVPN, but for mobile devices, IPsec is more common. You may need both anyway as some special-evil networks block VPN connections. OpenVPN for example can even work by encapsulating your TCP/IP traffic in HTTP requests that will be passed along by an evil transparent proxy. Setting up a PPP connection over SSH is another option, but it is less supported by non-linux clients. Of course, you should still use SSL to connect to critical services to get an end-to-end authenticated and encrypted tunnel.



------


Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
New Zealand's High Court ruled Wednesday that Kim Dotcom and a Megaupload colleague can pursue damages against police and one of the country's spy services for illegally intercepting their communications.
 
The latest predictions from research firm IDC show a continuing increase in tablet sales from the end of 2012 all the way through 2016, according to the company's latest Worldwide Quarterly Tablet Tracker.
 
NASA today announced plans to extend its work on Mars and even send up another robotic rover in 2020.
 
The cybercriminals connected to the notorious Zeus Trojan are using the Cutwail botnet to distribute spam designed to steal account credentials.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Detecting product piracy and intellectual property theft is expensive, but adding a hidden 'watermark' may make the process easier and cost-effective.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Speaking at the company's first user conference, Amazon Web Services CISO Stephen Schmidt said security in the cloud is a shared responsibility.

Add to digg Add to StumbleUpon Add to del.icio.us Add to Google
 
Citigroup is cutting 11,000 jobs, many in IT, as part of a restructuring announced Wednesday.
 
ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
 
CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
 
SAP has turned heads in recent years with a number of high-profile acquisitions, scooping up SuccessFactors, Sybase and Ariba for more than $13 billion collectively. But company executives also maintain they intend to increase revenues through aggressive organic growth.
 
Skype hasn't officially confirmed rumors of a video messaging service that's supposed to be coming to its platform, but an update to its terms of service on Wednesday did the job.
 
Coworking promises to improve productivity while improving work-life balance. Whether you're an enterprise with remote employees who want a professional work environment or a start-up firm too small for your own office, you can benefit from coworking.
 
Twitter and Instagram are feuding, and Instagram has gone so far as to disable an integration tool, leaving pictures difficult to view on Twitter.
 
Apple and Samsung will return on Thursday to the San Jose courtroom where they battled over cell phone patents earlier this year, and Apple subsequently won damages of $1.05 billion.
 
Seven international electronics manufacturers were fined a total of $1.92 billion by the European Commission on Wednesday for conspiring to fix the price cathode-ray tubes in two separate cartels between 1996 and 2006.
 
An online advertising firm accused of spying on the browser histories of consumers has reached a settlement with the U.S. Federal Trade Commission barring it from further browser history sniffing, the agency announced.
 
The U.S. states of Washington, Massachusetts and Delaware have made the most progress in promoting broadband and in providing a broadband-friendly business climate, according to a new study by trade group TechNet.
 
Ruby on Rails CVE-2012-3464 Cross Site Scripting Vulnerability
 
Buffalo LinkStation LS-WTGL Default Admin Account & Guest Access Information
 
Re: Stack overflow in Microsoft HTML Help 6.1 (CHM files)
 
[security bulletin] HPSB3C02831 SSRT100661 rev.1 - HP Intelligent Management Center User Access Manager (UAM), Remote Execution of Arbitrary Code
 
Apple yesterday updated its iWork suite -- Pages, Numbers and Keynote -- for the iPad and iPhone, beefing up compatibility with Microsoft's Office.
 
You can never have too much digital storage, and the day will come--sooner than you think--when you won't be able to squeeze a single new file onto your computer's hard drive. And if your primary computer is a laptop or an all-in-one desktop, you won't be able to solve the problem by opening the case and tossing in a supplemental drive.
 
Seven international electronics manufacturers were fined a total of a!1.47 billion by the European Commission on Wednesday for conspiring to fix the price cathode-ray tubes (CRTs) in two separate cartels between 1996 and 2006.
 
Every time a new iPhone launches, AppStore downloads soar -- and app developers cheer.
 
Rajiv Srivastava, VP and GM at HP India, spoke to us about the company's position in the market, increasing focus on delivering cloud services, and roadmap for the SMB segment.
 
Sophos's 2013 Security Threat Report is out and notes the good year the Blackhole exploit kit had and how many Blackhole sites are sited in the US. It also suggests that ransomware is going to become more aggressive and irreversible


 
RETIRED: MariaDB CVE-2012-5579 Buffer Overflow Vulnerability
 
Oracle MySQL and MariaDB 'acl_get()' Buffer Overflow Vulnerability
 
[security bulletin] HPSBMU02816 SSRT100949 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access
 
CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
 
CVE-2012-3546 Apache Tomcat Bypass of security constraints
 
CVE-2012-4534 Apache Tomcat denial of service
 
 
RETIRED: Dovecot 'mail-search.c' Denial of Service Vulnerability
 
[security bulletin] HPSBPI02807 SSRT100928 rev.1 - HP LaserJet Pro 400 Multi Function Printers, Remote Unauthorized Access
 
AT&T Wednesday kicked-off a free text messaging alert service designed to help retail customers find discounts and promotions at nearby stores.
 
Less than a year after a major update to its Red Hat Enterprise Virtualization (RHEL) package, Red Hat has upgraded the software to offer more advanced storage capabilities.
 
AT&T is on pace to sell a record number of smartphones in the fourth quarter, with strong sales of the iPhone 5 and Android phones such as the LG Optimus G and HTC One X, AT&T Mobile CEO Ralph de la Vega said today
 
Xen 'extent_order' Values Multiple Local Denial of Service Vulnerabilities
 
A good way to secure sensitive data in the cloud is encryption. But there are trade-offs.
 
New iMacs are coming from inside the country! Elsewhere, Apple lets you buy iPhone 5s until your heart is content, and Ashton Kutcher's Steve Jobs impression is a little eerie. The remainders for Tuesday, December 4, 2012 are just dancing in the dark.
 
Nokia Siemens Networks is selling off its second business unit in less than a week, and has announced the closure of another, as it focuses on its more profitable mobile broadband networking activities.
 
Google on Tuesday rolled out version 2.0 of Gmail for iOS, a redesigned upgrade that supports up to five email accounts on Apple's iPhone and iPad.
 
Seven international electronics manufacturers were fined a total of $1.92 billion by the European Commission on Wednesday for conspiring to fix the price cathode-ray tubes in two separate cartels between 1996 and 2006.
 
Nokia said its new Lumia 620 handset is its most affordable Windows Phone 8 smartphone yet, priced $249 when bought without a contract.
 
Google Chrome OS Prior to 23.0.1271.94 CVE-2012-5129 Heap Based Buffer Overflow Vulnerability
 
Xen Grant Table Local Denial of Service Vulnerability
 
Xen CVE-2012-5514 Local Denial of Service Vulnerability
 
Xen 'XENMEM_exchange' Local Privilege Escalation Vulnerability
 
Qualcomm is preparing two new quad-core processors for the mainstream smartphone market, with support for several Chinese standards.
 
Despite information technology's ever increasing role in the economy, IT wages remain persistently flat. This may be tech's inconvenient truth.
 
Yahoo has acquired a video chat startup OnTheAir as the company focuses on mobile applications and services.
 
China Mobile, the country's largest mobile carrier, will develop its own company-branded handsets, while hoping to eventually strike a deal with Apple for the iPhone.
 
Hewlett-Packard is bringing a twist to its business laptop design with the new EliteBook Revolve, which is the company's first Windows 8 touchscreen laptop that can double up as a tablet in some circumstances.
 
Password crackers can be optimised to be about 20 per cent faster by eliminating unnecessary XOR operations


 
SSH Tectia Server Unauthorized Password Change Security Bypass Vulnerability
 
Internet Storm Center Infocon Status