iliadmin1 Absent Member.
Absent Member.
666 views

Blocking Scripts and Remote Access in Messages

Read about the issue of the Ropemaker attack that can be launched against desktop email clients that was disclosed from Mimecast and it got me thinking. Is it possible in a Groupwise system or in the client to block a message from retrieving remote data automatically if it is an HTML formatted message? Is there a user setting that would allow email users to block automatic execution of a remote resource—like a remotely hosted CSS file for instance?

I thought in my recent past with GW8 I turned off allowing scripts to run in messages (I have no idea where that is in 2014R2). Maybe I am hallucinating? I distinctly remember (or hallucinated) getting a message and having it tell me scripts are disabled, and testing by saying allow and having it tell me it would not. Do I need a ?

I know this is a new attack, but I was wondering if anyone new whether Micro Focus would be addressing it to help mitigate the attack since most people seem to prefer HTML messages and do not like to have their GW using plain text (at least in my environment).

Food for thought!

Val

GW 2018 & Mobility Service-Version: 18.1.0 Build: 410 on SLES 12SP3, GW Client 18.02 (Build 131493) on Windows 7 64bit; server OES 11 on SLES 11 SP3; eDirectory 9.1 on SLES12SP3 and eDirectory 8.8sp8 on SLES11 SP3
Labels (1)
0 Likes
4 Replies
iliadmin1 Absent Member.
Absent Member.

Re: Blocking Scripts and Remote Access in Messages

Dagnabbit! I *knew* once I posted I'd find that I was not hallucinating! I found the original TID, https://www.novell.com/support/kb/doc.php?id=7012063. It was a registry key you had to create/set. I wonder if this would work to prevent the Ropemaker attack?

Val

GW 2018 & Mobility Service-Version: 18.1.0 Build: 410 on SLES 12SP3, GW Client 18.02 (Build 131493) on Windows 7 64bit; server OES 11 on SLES 11 SP3; eDirectory 9.1 on SLES12SP3 and eDirectory 8.8sp8 on SLES11 SP3
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Blocking Scripts and Remote Access in Messages

Hi Val,

Micro Focus Secure Gateway 🙂 The security product for GroupWise.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Knowledge Partner
Knowledge Partner

Re: Blocking Scripts and Remote Access in Messages

In article <iliadmin.83sv1z@no-mx.forums.microfocus.com>, Iliadmin wrote:
> Dagnabbit! I *knew* once I posted I'd find that I was not
> hallucinating!

That is always the way it is. Long ago I adopted the habit of writing
such potential posts in a text editor and gave it a little time to
'ferment' before posting. A word processor would also do the trick. I
found it also allowed me to present a better written post by giving myself
the time to switch to editor mode and let me simmer down from most rants.

> I found the original TID,
> https://www.novell.com/support/kb/doc.php?id=7012063. It was a registry
> key you had to create/set. I wonder if this would work to prevent the
> Ropemaker attack?

I don't think so, as those are more at blocking the scripting languages
rather than style sheets. The best spot for protection would be anything
done at the web interface side of things such as WebSense (now a part of
Forcepoint) as that would see the pulling of the css file and then any
efforts to go to that bad url.
Another approach would be something like what NoScript does, but done for
IE which is what GroupWise uses for rendering html (at least was last I
checked) thought that has its own issues as it is somewhat user involved
(lots of having to decide "do I trust this site").

The down side of reading via NNTP, you had me scratching my head at "Do I
need a 5915?" Such that I had to go see the very nice "Reality Check"
icon. Now to find one that says "Reality Czech" as I'm sure that exists
somewhere and would be fun to use as well 😉


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
iliadmin1 Absent Member.
Absent Member.

Re: Blocking Scripts and Remote Access in Messages

LOL - thanks for the reply. I appreciate it. We do use NoScripts in some cases, I find most of my users do not like it, they can't figure it out and what to allow/not allow. They tended to just allow scripts globally, so that was not good. I'll see what else I can
find. Maybe with our Mimecast the URL protect will block some of this. I can check on that. I'll also check what protections I have at my perimeter.

GW 2018 & Mobility Service-Version: 18.1.0 Build: 410 on SLES 12SP3, GW Client 18.02 (Build 131493) on Windows 7 64bit; server OES 11 on SLES 11 SP3; eDirectory 9.1 on SLES12SP3 and eDirectory 8.8sp8 on SLES11 SP3
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.