On Wed, 2005-01-12 at 19:27 -0800, Steven Rakick wrote: > First off, this technique doesn't add an additional > layer of user interaction like zipping a file and/or > password protecting it. No, I meant zip encoding as in gzip'ed web content. I wasn't referring to ZIP archives user have to open. > This evening I noticed that my CheckPoint Firewall-1 > (with SmartDefense) now has a new option to "Block > Encoded Images". It doesn't actually detect the > exploit code, but at least someones starting to at > least give you an option to defend yourself by > blocking RFC 2397 formatted images. Any idea how it does that? Does it look for encoding patterns or does it decode and then check? The later might have an adverse performance impact on busy sites. Cheers, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html