[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040822190906.77160.qmail@web20223.mail.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
>ZoneAlarm does not rely on file permissions to
protect
>any configuration files. Configuration files are
protected
>by our TrueVector(r) driver in the kernel.
>then ALL YOU NEED TO DO,
>is to change the folder permissions to EVERYONE:
DENY, and NTFS will
>not EVER allow you to recover this folder. ZA will
thus never operate
>properly on this machine again.
Not really, I've discoverd a NTFS feature (BUG?).
well... If you have system/administrative privilages
in a disk.... you can read/modify a file even though
it has "EVERYONE: DENY" permission set.
All you have to do is read the file through RAW disk
access... instead of going through the standard
procedure.
This will let you read/modify the file even-though it
has the permission "EVERYONE: DENY" For quick demo.
use any, file delete/recovery utility... to read a
file that has EVERYONE: DENY permission set.
--------------
But, this trick isn't limited to this... i've foud
some intresting thing.
--------------
EVEN THOUGH ZA has its 'SECURITY' feature enabled, all
a attacker has to do is,
E:\WINDOWS\Internet Logs\> attrib/s +h +s +r +a
{{{ and compress the folder (optional) }}}
Next time, when ZAP or PC restarts... its so called,
TrueVector(r) driver in the kernel will fail to load
at all. (cheese!)
Now, DOES ANYONE SEES A HOLE..... (O;
bipin
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail
Powered by blists - more mailing lists