Hosting Provided By

RE: Bug in Norton FireWall 2003

From: Michael Wojcik <Michael.Wojcik(at)microfocus.com>
Date: Mon Aug 11 2003 - 15:24:28 EDT

> From: Boy Bear [mailto:eyal067@walla.co.il]
> Sent: Saturday, August 09, 2003 4:12 AM
>
>
> The Bug factor so lamb Firewall "ignored" from Trojan.

Ah, machine translation.

A cursory glance through the VB source [see original message] suggests that the proposed exploit is to have a trojan recognize the firewall pop-up asking if the trojan should be permitted network access, and spoofing the user input to grant it. Simple enough.

There appears to be a bug in the included source:

> Private Sub wHideShow(HideShow As Boolean)

Presumably one of "SW_SHOW" should be "SW_HIDE". Since wHideShow is never used by the program, and "HideShow" is not exactly a meaningful parameter name, it's hard to guess which. Then again, since wHideShow is never used, it doesn't really matter.

I suppose a simple defense for "personal firewall" vendors against this sort of thing would be to use hard-to-guess window titles for their popups...

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus

Received on Mon Aug 11 16:51:04 2003

This message: [ Message body ]
Next message: nowak.a(at)pg.com: "RE: Bug in Norton FireWall 2003"
In reply to Boy Bear: "Bug in Norton FireWall 2003"
Next in thread: pr00f: "Re: Bug in Norton FireWall 2003"
Reply: pr00f: "Re: Bug in Norton FireWall 2003"
Reply: nowak.a(at)pg.com: "RE: Bug in Norton FireWall 2003"
Reply: Michael Wojcik: "RE: Bug in Norton FireWall 2003"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT

Do you need help?