| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030729163527.GB32430@noir.is.pn>
From: kain at kain.org (Kain)
Subject: How to easily bypass a firewall...
On Tue, Jul 29, 2003 at 12:01:42PM -0400, compguruman@...l.comcast.net wrote:
> At 03:49 PM 7/28/2003 -0500, you wrote:
> >5. Firewall dialog box uses random numbers / letters represented by graphics
> >that the user has to enter in a password field if the password is not
> >correct sound alarm, halt system.
>
> know of anything that does this?
Well, the signup procedures for some services, such as Yahoo, Paypal etc do
this, but they have the advantage that your application trying to spoof the
response cannot access the memory space of the running program. In Windows,
unless you have a carefully locked down system, it is too easy for J. Random
Application to take control of the entire system, to the point where you can
scan and alter the data structures of arbitrary processes. In fact, many
applications people use almost insist on this being the case.
--
Bryon Roche
Professional {Developer,Linux/MS Consulting,Software Architect}
<kain@...n.org>
PGP Key Fingerprint: FE0D EC23 6464 726A CD54 48D3 04AD 86FE 6878 ABD5
Fortuna est caeca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030729/aa008c55/attachment.bin
Powered by blists - more mailing lists