Bodward

• A. Aergrer <a.aergrer@bodward.de>
• B. Bierlhm <>
• c.crolmnts@bodward.de
• e.ehrbhrad at bodward dot de
• F. Feoidcsh <f.feoidcsh@bodward.de>
• G. Gflo <>
• h.hloegr@bodward.de
• j.jngu at bodward dot de
• K. Keiln <k.keiln@bodward.de>
• L. Lineen <>
• m.mnga@bodward.de
• o.lmo at bodward dot de
• P. Plua <p.plua@bodward.de>
• Q. Qeur <>
• r.rhmei@bodward.de
• t.tngao at bodward dot de

Scannerdaemon

• A. Aergrer <a.aergrer@scannerdaemon.de>
• B. Bierlhm <>
• c.crolmnts@scannerdaemon.de
• e.ehrbhrad at scannerdaemon dot de
• F. Feoidcsh <f.feoidcsh@scannerdaemon.de>
• G. Gflo <>
• h.hloegr@scannerdaemon.de
• j.jngu at scannerdaemon dot de
• K. Keiln <k.keiln@scannerdaemon.de>
• L. Lineen <>
• m.mnga@scannerdaemon.de
• o.lmo at scannerdaemon dot de
• P. Plua <p.plua@scannerdaemon.de>
• Q. Qeur <>
• r.rhmei@scannerdaemon.de
• t.tngao at scannerdaemon dot de

plakat-drucker

• A. Aergrer <a.aergrer@plakat-drucker.de>
• B. Bierlhm <>
• c.crolmnts@plakat-drucker.de
• e.ehrbhrad at plakat-drucker dot de
• F. Feoidcsh <f.feoidcsh@plakat-drucker.de>
• G. Gflo <>
• h.hloegr@plakat-drucker.de
• j.jngu at plakat-drucker dot de
• K. Keiln <k.keiln@plakat-drucker.de>
• L. Lineen <>
• m.mnga@plakat-drucker.de
• o.lmo at plakat-drucker dot de
• P. Plua <p.plua@plakat-drucker.de>
• Q. Qeur <>
• r.rhmei@plakat-drucker.de
• t.tngao at plakat-drucker dot de

huwig-werner

• A. Aergrer <a.aergrer@huwig-werner.de>
• B. Bierlhm <>
• c.crolmnts@huwig-werner.de
• e.ehrbhrad at huwig-werner dot de
• F. Feoidcsh <f.feoidcsh@huwig-werner.de>
• G. Gflo <>
• h.hloegr@huwig-werner.de
• j.jngu at huwig-werner dot de
• K. Keiln <k.keiln@huwig-werner.de>
• L. Lineen <>
• m.mnga@huwig-werner.de
• o.lmo at huwig-werner dot de
• P. Plua <p.plua@huwig-werner.de>
• Q. Qeur <>
• r.rhmei@huwig-werner.de
• t.tngao at huwig-werner dot de

voip-saarland

• A. Aergrer <a.aergrer@voip-saarland.de>
• B. Bierlhm <>
• c.crolmnts@voip-saarland.de
• e.ehrbhrad at voip-saarland dot de
• F. Feoidcsh <f.feoidcsh@voip-saarland.de>
• G. Gflo <>
• h.hloegr@voip-saarland.de
• j.jngu at voip-saarland dot de
• K. Keiln <k.keiln@voip-saarland.de>
• L. Lineen <>
• m.mnga@voip-saarland.de
• o.lmo at voip-saarland dot de
• P. Plua <p.plua@voip-saarland.de>
• Q. Qeur <>
• r.rhmei@voip-saarland.de
• t.tngao at voip-saarland dot de

voip-experten

• A. Aergrer <a.aergrer@voip-experten.de>
• B. Bierlhm <>
• c.crolmnts@voip-experten.de
• e.ehrbhrad at voip-experten dot de
• F. Feoidcsh <f.feoidcsh@voip-experten.de>
• G. Gflo <>
• h.hloegr@voip-experten.de
• j.jngu at voip-experten dot de
• K. Keiln <k.keiln@voip-experten.de>
• L. Lineen <>
• m.mnga@voip-experten.de
• o.lmo at voip-experten dot de
• P. Plua <p.plua@voip-experten.de>
• Q. Qeur <>
• r.rhmei@voip-experten.de
• t.tngao at voip-experten dot de

ox-experten

• A. Aergrer <a.aergrer@ox-experten.de>
• B. Bierlhm <>
• c.crolmnts@ox-experten.de
• e.ehrbhrad at ox-experten dot de
• F. Feoidcsh <f.feoidcsh@ox-experten.de>
• G. Gflo <>
• h.hloegr@ox-experten.de
• j.jngu at ox-experten dot de
• K. Keiln <k.keiln@ox-experten.de>
• L. Lineen <>
• m.mnga@ox-experten.de
• o.lmo at ox-experten dot de
• P. Plua <p.plua@ox-experten.de>
• Q. Qeur <>
• r.rhmei@ox-experten.de
• t.tngao at ox-experten dot de

ox-info

• A. Aergrer <a.aergrer@ox-info.de>
• B. Bierlhm <>
• c.crolmnts@ox-info.de
• e.ehrbhrad at ox-info dot de
• F. Feoidcsh <f.feoidcsh@ox-info.de>
• G. Gflo <>
• h.hloegr@ox-info.de
• j.jngu at ox-info dot de
• K. Keiln <k.keiln@ox-info.de>
• L. Lineen <>
• m.mnga@ox-info.de
• o.lmo at ox-info dot de
• P. Plua <p.plua@ox-info.de>
• Q. Qeur <>
• r.rhmei@ox-info.de
• t.tngao at ox-info dot de

openox

• A. Aergrer <a.aergrer@openox.de>
• B. Bierlhm <>
• c.crolmnts@openox.de
• e.ehrbhrad at openox dot de
• F. Feoidcsh <f.feoidcsh@openox.de>
• G. Gflo <>
• h.hloegr@openox.de
• j.jngu at openox dot de
• K. Keiln <k.keiln@openox.de>
• L. Lineen <>
• m.mnga@openox.de
• o.lmo at openox dot de
• P. Plua <p.plua@openox.de>
• Q. Qeur <>
• r.rhmei@openox.de
• t.tngao at openox dot de

vpn-experten

• A. Aergrer <a.aergrer@vpn-experten.de>
• B. Bierlhm <>
• c.crolmnts@vpn-experten.de
• e.ehrbhrad at vpn-experten dot de
• F. Feoidcsh <f.feoidcsh@vpn-experten.de>
• G. Gflo <>
• h.hloegr@vpn-experten.de
• j.jngu at vpn-experten dot de
• K. Keiln <k.keiln@vpn-experten.de>
• L. Lineen <>
• m.mnga@vpn-experten.de
• o.lmo at vpn-experten dot de
• P. Plua <p.plua@vpn-experten.de>
• Q. Qeur <>
• r.rhmei@vpn-experten.de
• t.tngao at vpn-experten dot de

Deutsche Version verfügbar

Bypassing of web filters by using ASCII

If you can read the text in the yellow box, then you browser displays US-ASCII correctly and you should check if you firewall/virus scanner detects viruses/spam encoded in ASCII. If the box does not show, click here.

Background ASCII

The character set ASCII encodes every character with 7 bits. Internet connections transmit octets with 8 bits. If the content of such a transmission is encoded in ASCII, the most significant bit must be ignored.

The security problem

Of the tested browsers Firefox 1.5, Opera 8.5 and InternetExplorer 6, only the InternetExplorer does this correctly, the others evaluate the bit and display the characters as if they were from the character set ISO-8859-1. Although the behaviour of the InternetExplorer is the correct one, this creates a security risk: the author of a web page can set the bit on arbitrary characters without changing the look of the page. But virus scanners and content filters see completely different characters, so that there programs cannot detect viruses or spam.

This offers spammers and virus writers the possibility to bypass installed spam and virus filters. We checked several filter products and all of these failed to detect the manipulated web pages. But it should be quite easy to close this hole by clearing the most significant bit on ASCII encoded web pages before analysing them.

History

Contact: