lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1059498138.10463.217.camel@skilletinfopleasecom.nh.pearsoned.com>
From: kdebisschop at alert.infoplease.com (Karl DeBisschop)
Subject: How to easily bypass a firewall...

On Tue, 2003-07-29 at 12:35, Kain wrote:
> On Tue, Jul 29, 2003 at 12:01:42PM -0400, compguruman@...l.comcast.net wrote:
> > At 03:49 PM 7/28/2003 -0500, you wrote:
> > >5. Firewall dialog box uses random numbers / letters represented by graphics
> > >that the user has to enter in a password field if the password is not
> > >correct sound alarm, halt system.
> > 
> > know of anything that does this?
> Well, the signup procedures for some services, such as Yahoo, Paypal etc do
> this, but they have the advantage that your application trying to spoof the
> response cannot access the memory space of the running program.

Of course this does not work if you are blind using voice reader (or
braille reader) to access the website. Same would apply to a firewall.

I think that sort of design may preclude the product from US government
purchases, but that's just a guess on my part.

-- 
Karl DeBisschop <kdebisschop@...rt.infoplease.com>
Pearson Education/Information Please


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ