We have publically released our analysis on the Internet 2.0 Cloaking Firewall and published 4x CVEs based on vulnerabilities identified in the Azure instance of Internet 2.0’s Internet Cloaking Firewall. Beyond the identified risks, absence of documentation, and restrictions for product users, our assessment has deduced that the product is based entirely on open-source technologies, with no additional contributions besides cosmetic updates to the interface and some configuration settings. Our assessment indicates this product does not have any unique qualities that warrant the granting of a patent or indication of innovation. Given this assessment, Mercury has also deduced that greater value for money could be achieved through simply employing the open-source technologies on which the Internet Cloaking Firewall is based.
I note that our timeline from discovery, to disclosure to the vendor and release of our report, has been compressed. The short response and inconsistency in their observation of the product implied that it was unlikely that identified vulnerabilities would be remediated, which has seen us publish ahead of an industry-standard 90-day disclosure timeline.
Mercury acknowledges its team of Edward Farrell, Caleb House, and Oliver Judson, as well as support from Sick Codes and others in the analysis.
Should you have any questions on our report or seek amplifying information, please contact [email protected]
Thank you for you interest in this report. Please click on the link below to download the copy of the report.