IT Security Solution To Prevent Abuse Usage of HanWEB

(Hong Kong, 30 April 2013)

KanHan has recently received inquiries concerning the scanning result of Google Safe-Browsing function on real-time HanWEB translation server. The Google result indicates HanWEB is redirecting browsers to hosts with malicious software not found in the domain using HanWEB's on-the-fly translation function from Traditional Chinese to Simplified Chinese.  We would like to clarify that HanWEB is a passive web application server which by itself will only handle links specified in the realm of the domain.  In absolute no possibility external link is introduced without the specific coding of HanWEB usage.  In fact, HanWEB does not store any external files and reject content translation for external sites via redirection without proper permission setting.

Our investigation into reported incidents has come to the finding that hackers are making use the un-protected HanWEB application server to pretend links originated from the affected domain, for example,
http://sc.xxx.gov.hk/gb/www.malicioussoftware.com/

KanHan is now introducing HanWEB 4.5 upgrade package to help HanWEB users close the security loophole on the usage of HanWEB.  The upgrade consists of:

Security Features:

  1. Provide a new encrypted mechanism in modifying HanWEB system configuration files.
  2. Provide a new security module to block all external website redirections and secure white-list setting for trusted external links.
  3. Upgrade to latest version of OpenSSL (version 1.0)
  4. Provide an alert system on access to suspicious links via HanWEB. Support TLS 1.1 and TLS 1.2
  5. Mitigate The BEAST (Browser Exploit against SSL/TLS) attack

WCAG Feature:

  1. Support Language attribute on the HTML element relates to Success Criterion 3.1.1 (Language of Page)

Please contact your respective account service manager or by e-mail to info@kanhan.com for your enquiries and service arrangement.

back