lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040331063451.47100.qmail@web15409.mail.cnb.yahoo.com>
Date: Tue, 30 Mar 2004 22:34:51 -0800 (PST)
From: Liu Die Yu <liudieyuinchina@...oo.com.cn>
To: Amir Mohammadkhani-Aminabadi <amir.mohammadkhani@...surance.de>
Cc: bugtraq@...urityfocus.com
Subject: Re: security enforcement - new monitor for winnt


i've downloaded iecontroller and checked the app.

no, they do not do the same thing:
iecontroller can monitor ie's network activities(the "Internet" tab), but winblox can't.
iecontroller can monitor ie's activex(the "ActiveX" tab), but winblox cannot. 
iecontroller is designed for protecting ie(*ie*controller), but winblox is not.
(winblox can monitor all applications which load USER32.DLL)
iecontroller cannot monitor commandline, but winblox can.

of course, i don't expect a single monitor to monitor all things :-P

most importantly, i believe a monitor must have:
console-mode config tool,
text config file,
and log file,
just like all linux daemons(for flexiblity), but iecontroller does not have such features yet.

btw, source code will be published soon.

best wishes,

--- Amir Mohammadkhani-Aminabadi <amir.mohammadkhani@...surance.de> wrote:
> Please take a look at:
> http://www.heise.de/ct/ftp/projekte/iecontroller/
> 
> Its open source and seems to do the same thing.
> 
> ----- Original Message ----- 
> From: "Liu Die Yu" <liudieyuinchina@...oo.com.cn>
> To: <bugtraq@...urityfocus.com>
> Sent: Tuesday, March 30, 2004 6:34 AM
> Subject: security enforcement - new monitor for winnt
> 
> 
> >
> >
> > i want to stop ie:
> > writing EXE/CAB/LNK ... files,
> > calling MSHTA.EXE to parse remote web pages,
> > accessing files outside "favorites" and cache("content.ie5").
> >
> > i want to stop WSCRIPT.EXE from parsing files inside TEMP and cache.
> >
> > i want to stop the system running executable files located in TEMP and
> cache.
> >
> > afaik, i can stop ie 0day exploits by doing these things.
> >
> > so, i made this:
> > http://umbrella.name/winblox/
> > of course, free. and you can define your own rules easily(assuming you
> guys know a bit about regular expression).
> >
> > it's totally a new idea(afaik). so, not for operational uses.
> >
> 
> 
> 


__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ