Re: Bug in Norton FireWall 2003

Even a "hard-to-guess window title" wouldn't be enough. There are API functions to grab window information from any window currently under the mouse pointer. Throw such a query into a timer, and hover the mouse over the window you want to get the title of. Bingo.

• pr00f

Michael Wojcik <Michael.Wojcik@microfocus.com> wrote

Ah, machine translation.

A cursory glance through the VB source [see original message] suggests that
the proposed exploit is to have a trojan recognize the firewall pop-up asking if the trojan should be permitted network access, and spoofing the
user input to grant it. Simple enough.

There appears to be a bug in the included source:

> Private Sub wHideShow(HideShow As Boolean)

Presumably one of "SW_SHOW" should be "SW_HIDE". Since wHideShow is never
used by the program, and "HideShow" is not exactly a meaningful parameter
name, it's hard to guess which. Then again, since wHideShow is never used,
it doesn't really matter.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I suppose a simple defense for "personal firewall" vendors against this sort
of thing would be to use hard-to-guess window titles for their popups...

-- 
Michael Wojcik
Principal Software Systems Developer, Micro Focus


-- 
If one cannot enjoy reading a book over and over again, there is no use
in reading it at all.
                -- Oscar Wilde