From: Andrew S. <asu...@su...> - 2007-05-31 20:46:52
|
On Thu, May 31, 2007 at 04:02:47PM -0400, Family Heritage Books wrote: > Recently I ran across an article in eweek > http://www.eweek.com/article2/0,1895,2130397,00.asp?kc=EWKNLEDP051607B > basically saying that there is a serious security hole affecting > virtually every major firewall and intrusion prevention system available. > It seems to involve a network evasion technique that uses full-width and > half-width unicode characters to allow malware to evade detection by an > IPS or firewall. > > Does anyone know if this is an issue that affects Shorewall. The article's a load of nonsense. This is neither a new problem (Schneier raised it in 2000, that's probably the first widely known instance of it) nor a problem affecting firewalls. Unicode is a security disaster area, but it's got nothing to do with shorewall. Furthermore, the article makes the fairly useless claim that 92 randomly selected products 'may' have issues ("we don't know, nobody's looked"); I demonstrate the uselessness of this claim thusly: All known software packages may cause your computer to transform into a large green elephant, since no vendors currently test their products for elephant colouration, so we don't know how many packages will actually do it. Lastly, they're using an unhelpful definition of "virtually every major firewall and intrusion prevention system available", defining "major" as "the ones we didn't bother to look at but felt like listing". Lousy bit of journalism. Most of it is fiction. |