adison verlicewelp, #k12 #sysadmins , I found a new #vulnerability of #contentkeeper #cloud AKA CK-Express TP extension client side.
the new vulnerability still evolves around DNS, but still works either way.
I have moved to enterprise cloud flare gateway and modified a DNS configuration.
the problem with blocking is it still goes someware.
so let me tell you an even better solution for this: DNS remapping!
specifically, remapping all requests to contentkeeper.net and it's related subdomains to 0.0.0.0 which means CK doesn't even know what it doesn't connect to.
again, fokes, this is why you don't use client side agents for web filtering!
this is not a good idea!
again, you're trusting contentkeeper will be able to connect without a single problem.
the problem with the last flaw was that it attempted to display a block page. but this? this is even better because it can't do anything at all, even during the first initialization process ,it will simply think the device is completely offline with no network connection.
and like the last one that simply blocked rather than remapped, it gives a device not supported error.
it still needs to be on first reinitialization, but this will work.
here's how it works.
first, a user makes a DNS request not to block, but to remap, DNS entries from contentkeeper.net to 0.0.0.0 . ideally, also connections to contentkeeper.com, goguardian.com, and some other services to the same IP (this is completely possible to do on cloud flares end in 1 policy) but that's out of the scope of this.
next, they point to their DNS string which cloud flare has assigned them, or, if it has a static DNS IP, point to that.
of course, again, it needs to point on startup, either through the signin screen or before opening chrome. even better, turn off the wifi for a bit, go to the settings of the saved networks, then from there change the nameservers, bam!
and once done, if CK-ETP attempts to start, it will not work.
yes, I have found a nother #security vulnerability which is even better than reblock.
#cybersecurity #security #webfiltering #cipa #contentkeeper
the new vulnerability still evolves around DNS, but still works either way.
I have moved to enterprise cloud flare gateway and modified a DNS configuration.
the problem with blocking is it still goes someware.
so let me tell you an even better solution for this: DNS remapping!
specifically, remapping all requests to contentkeeper.net and it's related subdomains to 0.0.0.0 which means CK doesn't even know what it doesn't connect to.
again, fokes, this is why you don't use client side agents for web filtering!
this is not a good idea!
again, you're trusting contentkeeper will be able to connect without a single problem.
the problem with the last flaw was that it attempted to display a block page. but this? this is even better because it can't do anything at all, even during the first initialization process ,it will simply think the device is completely offline with no network connection.
and like the last one that simply blocked rather than remapped, it gives a device not supported error.
it still needs to be on first reinitialization, but this will work.
here's how it works.
first, a user makes a DNS request not to block, but to remap, DNS entries from contentkeeper.net to 0.0.0.0 . ideally, also connections to contentkeeper.com, goguardian.com, and some other services to the same IP (this is completely possible to do on cloud flares end in 1 policy) but that's out of the scope of this.
next, they point to their DNS string which cloud flare has assigned them, or, if it has a static DNS IP, point to that.
of course, again, it needs to point on startup, either through the signin screen or before opening chrome. even better, turn off the wifi for a bit, go to the settings of the saved networks, then from there change the nameservers, bam!
and once done, if CK-ETP attempts to start, it will not work.
yes, I have found a nother #security vulnerability which is even better than reblock.
#cybersecurity #security #webfiltering #cipa #contentkeeper
