Java Whitelisting, Honeynet Project, HTTP Comments Displayer - Episode 350, Part 3 - October 25, 2013

As with most sizable organizations it is near impossible to uninstall or completely disable Java which sent us on a hunt for a feasible way to contain Java based attacks. What we came up with was restricting it to run only in trusted zones. This worked for APPLET tags when encountered in IE.

What this does is block any applet from running if it is not part of a trusted internet zone. First thing is to identify all the internal trusted zones and add them. Next allow the user to trust their own zones. Most of the time it seemed they knew when there was an applet they wanted to run.

The Honeynet Project is a lnon-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools to improve Internet security. With Chapters around the world, our volunteers have contributed to fight again malware (such as Confickr), discovering new attacks and creating security tools used by businesses and government agencies all over the world. The organization continues to be on the cutting edge of security research by working to analyze the latest attacks and educating the public about threats to information systems across the world.

Why would use use HTTP Comments displayer? This nmap script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information may be present within these comments. While this does not necessarily represent a breach in security, this information can be leveraged by an attacker for exploitation.