Posted by Trancer on Oct 16 2009
Hello readers. In this post I’d like to talk about Bezeq International SafeNet service. Bezeq Int is the most common ISP in Israel and like most of the ISP’s out there, Bezeq Int offer their customers a security service called SafeNet, which they recommend users to buy so they could surf the web in a safer manner.
As stated on Bezeq Int SafeNet page (and details), this service cost 13.90 NIS a month and should be some kind of content filtering system, providing users protection from Malware (viruses, worms, trojan horses, spyware), HTML exploits, malicious Activ-X and JAVA code, Fishing web sites and more (note I deliberately misspelled the definitions, that’s how it’s wrote on the SafeNet service specification page).
Well, after running a series of tests I can surly say Bezeq Int SafeNet service provide non of these protections what so ever. In fact, it doesn’t provide any sort of active protection. The only protection SafeNet service provides is blocking supposedly malicious web sites using an out-of-date domain names blacklist.
For example, trying to access Packet Storm Security web site will result in a redirection to a Bezeq Int domain, displaying this SafeNet message:
Click to enlarge.
The SafeNet service blacklist doesn’t include milw0rm and other hacking related web sites. I even ran test against active Malware serving pages, Phishing web sites and rouge Anti-Virus sites, non of which have been blocked by Bezeq Int SafeNet service.
Furthermore, the SafeNet service domain blacklist function can be bypassed rather easily. It is possible to access blacklisted domains using their IP addresses:
Click to enlarge.
In conclusion, Bezeq Int SafeNat service provide users no affective protection against any kind of threat and Bezeq Int doesn’t provide their customers any of the promised functions stated on the SafeNet service specification.
In my opinion, Bezeq Int SafeNet service is a total rip-off and if you are registered to it I recommend you’d cancel the service immediately.
Categories: Articles, Security News
9 Comments | 
Comments RSS | 
TrackBack URL
Posted by Trancer on Oct 16 2009
Hello readers, I wrote a new Metaspoit exploit module for the HTTPDX h_handlepeer() function stack-based buffer overflow vulnerability.
The vulnerability was found in HTTPDX HTTP/FTP server version 1.4 by Pankaj Kohli and the original exploit can be found on his website – httpdx 1.4 GET Request Remote Buffer Overflow Exploit (0day).
This module exploits a stack-based buffer overflow vulnerability in HTTPDX HTTP server 1.4. The vulnerability is caused due to a boundary error within the “h_handlepeer()” function in http.cpp. By sending an overly long HTTP request, an attacker can overrun a buffer and execute arbitrary code.
Download httpdx_handlepeer.rb.
Also on Metasploit.
References:
CVE-2009-3711
OSVDB 58714
Categories: Exploits, Metasploit
0 Comments | Comments RSS | TrackBack URL
RSS 2.0
ATOM 1.0
RDF 1.0
Links OPML
OpenSearch
