| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20100219085042.GA24493@mail.planetcobalt.net> Date: Fri, 19 Feb 2010 09:50:42 +0100 From: Ansgar Wiechers <bugtraq@...netcobalt.net> To: bugtraq@...urityfocus.com Subject: Re: Circumventing Critical Security in Windows XP On 2010-02-17 barkley@....net wrote: > I've detailed below just how easy (too easy) it is to circumvent the > security of the following critical security services. Thus can't now > become can! > > It goes without saying that malware on entering a system by whichever > means, and on detecting critical security services, can now even more > easily (automated/scripted) disarm critical security services, just by > modifying unprotected registry entries, for whatever malevolent > purposes. > > I've created registry entries (I can send these to you should you be > interested) to demonstrate just how easy it is to circumvent the > security of these critical security services, which unfortunately is > all too easily a very effective way of immobilising critical security > functions i.e. firewall, antivirus etc. This in my opinion is > certainly not a vulnerability nor a flaw so to speak, but rather a > functional design oversight? Unless you give details on what you actually did, any discussion is rather futile. I do have a feeling, though, that the modifications you made require administrator privileges. In which case there isn't any kind of vulnerability or security flaw. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Powered by blists - more mailing lists