lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 21 Feb 2005 11:22:42 -0800
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "Jay Calvert" <jcalvert@...aneronetworks.com>,
	<bugtraq@...urityfocus.com>
Subject: Re: Windows Firewall Has A Backdoor


You say (or the article does) that "If you are currently using Window's own 
firewall to protect you, either ensure that there are no unknown exceptions 
or find a better firewall."

Finding a better firewall does absolutely nothing when, as the article 
states, "As long as the person currently logged into the computer has 
Administrative privileges, an application can easily add an entry into the 
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/ 
key that will allow any application full rights to and from the computer 
without the user's interaction or knowledge."

I've said it a million times-- any text following the words "as long as 
you're an admin" might as well be "blah, blah, blah."

Don't run as admin.  Oh, I know, here come the "some applications require 
admin" responses, but the reality is that most applications can be made to 
work perfectly well under a normal user account with the right permission 
configurations.  Those that can't can easily use "RunAs."

Yes, some users have never heard of "RunAs."  Why?  Because articles like 
this end with "find a better firewall" when they should end with something 
that helps educate the reader that running as Admin is dangerous, and that 
other methods exist to easily obviate exceptions.

I have over 130 users at my company that run all manner of software, and not 
one of them has administrative permissions.  Not one.  And they don't even 
know it.

That's the skinny on that.
t





----- Original Message ----- 
From: "Jay Calvert" <jcalvert@...aneronetworks.com>
To: <bugtraq@...urityfocus.com>
Sent: Saturday, February 19, 2005 12:52 PM
Subject: Windows Firewall Has A Backdoor


>
>
> By adding a new key to the registry in 
> HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List 
> you can circumvent the whole purpose of the firewall with out the users 
> interaction or knowledge.  Spyware / Adware manufacturer's are already do 
> this.
>
> More information and a little rant at:
> http://habaneronetworks.com/viewArticle.php?ID=144
>
>
> --
> Jay Calvert
> HabaneroNetworks.com
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ