I almost missed this Websense vulnerability, since it was published 12-21-2007, while I was on vacation. I’ve verified it works on one of my client’s networks using Firefox Portable 126.96.36.199, Websense 6.1.1, ISA Server 2004 Standard, and User Agent Switcher 0.6.10.
Mr HinkyDink, who discovered the issue used Websense 6.3.1, so I’m sure other Websense versions are susceptible as well. His instructions are:
I. Install FireFox 2.0.x
II. Obtain and install the User Agent Switcher browser plug-in by Chris Pederick
III. Add the following User Agents to the plug-in
User Agent : RealPlayer G2
Description: MSN Messenger
User Agent : MSMSGS
User Agent : StoneHttpAgent
IV. Change FireFox’s User Agent to any one of the preceding values
V. Browse to a filtered Web site
VI. Content is allowed
Content browsed via this method will be recorded in the Websense database as being in the “Non-HTTP” category.
See also Websense KnowledgeBase article #976, Websense cleaned up this issue in database #92938.
I work with a ton of school districts, all who are required by law to provide content filtering. We constantly struggle to keep ahead of the various methods of bypassing the filter that students find, but I really don’t fault the kids for being curious, or trying to outsmart the adults. I think the fault lies with the teachers who are supposed to be supervising, but instead allow the students to do whatever they want.