Are the vendors listening? presented at DeepSec 2007

by Simon Howard,

Summary : Are vendors listening to the security community? Security researchers have been presenting techniques to bypass commonly implemented technologies for years. White papers are published, ideas are presented and vulnerabilities disclosed. If your organisation is purchasing a new NAC solution from Vendor X, you want to know they have read “Bypassing Network Access Control (NAC) Systems” by Ofir Arkin and that their product has mitigation strategies in place for each attack vector. Even a paper published back in '98 like “Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection by Thomas Ptacek & Timothy Newsham” still provides bypass techniques applicable in today's environment. Testing security products before you buy them is part of the due diligence process. Finding vulnerabilities gains you leverage with the sales rep, while he patches the bugs you get a better product for less cash. During this talk I will take 3APA3A's white paper on “Bypassing content filtering software”, construct a series of tests and run them against the following SMTP filtering products: Trend Micro IMSS Mail Marshall SMTP Ironport Sophos PureMessage Proofpoint Messaging Security Gateway Symantec Mail Security for SMTP At the conclusion of the presentation you can make your own mind up on whether the vendors are listening....