Colsaire could provide better service to it's customers by better
researching available information on researched topic.
Most of reported content filtering bypassing techniques are already
known and described in [1] with credentials believed to be valid.
MIME RFC2231 encoding issue - David F. Skoll
MIME RFC2047 encoding issue - different authors (different problems were
discovered, information from Colsaire advisory is not enough).
Content-Transfer-Encoding mechanism issue - different authors
MIME field multiple occurrence issue - 3APA3A
MIME separator issue - 3APA3A
MIME field whitespace issue - 3APA3A
MIME RFC822 comment issue (at least partially) - 3APA3A
There is also a _lot_ of different bypass techniques Colsaire failed to
discover.
--
http://www.security.nnov.ru
/\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
Just to keep correctness.
Colsaire could provide better service to it's customers by better
researching available information on researched topic.
Most of reported content filtering bypassing techniques are already
known and described in [1] with credentials believed to be valid.
MIME RFC2231 encoding issue - David F. Skoll
MIME RFC2047 encoding issue - different authors (different problems were
discovered, information from Colsaire advisory is not enough).
Content-Transfer-Encoding mechanism issue - different authors
MIME field multiple occurrence issue - 3APA3A
MIME separator issue - 3APA3A
MIME field whitespace issue - 3APA3A
MIME RFC822 comment issue (at least partially) - 3APA3A
There is also a _lot_ of different bypass techniques Colsaire failed to
discover.
[1] 3APA3A, Bypassing content filtering whitepaper
http://www.security.nnov.ru/advisories/content.asp
--
http://www.security.nnov.ru
/\_/ { , . } |+--oQQo->{ ^ }<-----+ | ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
|/
[ reply ]