cacti
+ Reply to Thread
Results 1 to 13 of 13

Thread: So you feel secure behind your firewall?

  1. #1
    Join Date
    May 2001
    Posts
    218

    So you feel secure behind your firewall?

    **/07/0*
    Personal Firewalls Spring Security Leaks
    By Brian McWilliams, Newsbytes
    ALISO VIEJO, CALIFORNIA, U.S.A.,
    07 Nov 200*, **:27 AM CST

    Software firewalls deployed by millions of PC users offer only "illusory" protection against Trojan horses and other malicious programs, security experts warned today.

    Techniques for defeating the outbound data filters in popular personal firewalls such as Zone Alarm and Norton Personal Firewall have been independently posted on the Web by several researchers. Using the methods described, a rogue program could upload private user data without being detected by the firewall, the experts claim.

    To evade a firewall's guards against unauthorized data leaks, the new techniques include commandeering a legitimate program such as Microsoft's Internet Explorer and forcing it to send out data on behalf of the attacker.

    "If a firewall is going to allow some program to transmit and receive data over the Internet, and that program allows other programs to control its actions, then there's no point in blocking anything at all," wrote Bob Sundling in text accompanying the source code of TooLeaky, a firewall test program he developed to demonstrate the problems.

    FireHole, a similar testing tool, also has been made available on the Web by its author, Robin Keir, lead network security programmer with Foundstone, a computer security consulting firm. Both TooLeaky and FireHole sneak past personal firewalls and upload harmless test data to an external site.

    Keir told Newsbytes that other techniques are likely to be discovered for defeating outbound filtering, and that the development s***ests that blocking leaks is "a race the firewall makers will never win." Nonetheless, Keir said he still believes personal firewalls are valuable for their ability to block incoming attacks.

    A third firewall test utility, YALTA, creates a virtual device driver that sends data to any Internet address without being detected by firewalls, according to a description of the program, which stands for Yet Another Leak Test Application.

    The new firewall testing utilities represent a second generation of such programs, building upon a tool developed by Gibson Research Corp. After GRC president Steve Gibson released LeakTest a year ago to highlight what he called "internal extrusion" flaws in personal firewalls, many vendors made changes to improve the outbound filtering techniques used in their firewall products.

    Product manager Tom Powledge told Newsbytes that Symantec was studying the new firewall bypass techniques and would likely revise Norton Personal Firewall to defend against them. But Powledge noted that computer users require anti-virus software and safe computing practices to prevent rogue programs from establishing a beachhead.

    "Once a hacker has code running on your computer, they have a tremendous amount of power. We've always said that effective Internet security is a combination of tactics," said Powledge.

    The firewall leak discoveries come the same week as an independent testing agency announced the results of its first certification tests of personal firewalls. ICSA Labs said three products passed its battery of tests, which included "restriction of outgoing network communication."

    All three of the ICSA certified products, Zone Alarm, Norton Personal Firewall, and Tiny Software's Tiny Personal Firewall, can be defeated by the new outbound attacks in some circumstances, according to the authors of TooLeaky and FireHole. An ICSA representative said the firm was still testing the new tools and had no immediate comment.

    More information on FireHole is at [url]http://keir.net/firehole.html[/url] .

    The TooLeaky home page is at [url]http://tooleaky.zensoft.com[/url] .

    YALTA is available at [url]http://www.soft4ever.com/security_test/En/index.htm[/url] .

    Gibson's LeakTest site is at [url]http://grc.com/su-leaktest.htm[/url] .

    ICSA's Personal Firewall certification page is at [url]http://www.icsalabs.com/html/communities/pcfirewalls/cert_prods.shtml[/url] .
    Blacksheep

  2. #2
    Join Date
    Jun 2001
    Posts
    398

    TEMPEST

    HI,

    ANOther threat even behind firewalls is t.e.m.p.e.s.t.
    i dont remember what it stands for and i lost a lot of info on my hdd to another virus

    tempest equipments enable evesdroppers to pick radio signals emitted from ur monitor usually upto * km using sophisticated electronic equipment.
    they get to see what u type on the screen a mile away.
    they can also pick audio signals as well eg:a voice chat session.
    so where does ur firewall come in between all this?it sadly doesnt.
    maybe u should make thick concrete walls to prevent the signals out of ur house or use some kind of jammer.
    they might be watching uthe threat is real.
    There is a little more on tempest on 2600.faq
    and as usuak u may google on tempest.


    i can no longer post frm my college which is behind a proxy after the all nettools page was changed a while ago.
    the thread nevr gets submitted.

    and for tunneling to a shell account i just have a little information.
    i suppose i get what u mean now.let me c what i can make of it.

  3. #3
    Join Date
    May 2001
    Posts
    218

    TEMPEST

    Hello DATA,

    Hope we don't lose your posts to Allnettools discussion forum. You might try TriangleBoy from your school proxy.

    TEMPEST = "Telecommunications Electronics Material Protected from Emanating Spurious Transmissions. Today, in military circles, the term has been officially supplanted by Emsec (for Emissions Security); however, the term Tempest is still widely used in the civilian arena."

    See: [url]http://whatis.techtarget.com/wsearchResults/*,2*02*4,sid*,00.html?query=tempest[/url]

    I've wondered if TEMPEST will work on a low voltage LCD display.

    P.S. More on TEMPEST: [url]http://www.google.com/search?q=cacheHJNNSWagOg:searchsecurity.techtarget.com/sDefinition/0,,sid*4_gci52258*,00.html+Tempest-shielding&hl=en[/url]

    TIP: If you need to view a dead link sometimes you can find page on Google's cache.
    Last edited by Blacksheep; 11-09-2001 at 11:05 AM.
    Blacksheep

  4. #4
    Join Date
    May 2001
    Posts
    218

    bad TEMPEST link

    Hmm... Somehow I lost post edit feature. OK, I'll fix bad link here:

    [url]http://www.google.com/search?q=cache:pHJNNSWagOg:searchsecurity.techtarget.com/sDefinition/0,,sid*4_gci52258*,00.html+Tempest-shielding&hl=en[/url]
    Blacksheep

  5. #5
    Join Date
    Nov 2001
    Posts
    68
    Ok, so does that mean then that we're cooked? Even with the latest ZA and Tiny?
    Openly covert.

  6. #6
    Join Date
    May 2001
    Posts
    218

    firewall exploits

    Nulland Void: "Ok, so does that mean then that we're cooked? Even with the latest ZA and Tiny?"

    My interpretation is we're cooked only if malicious code gets in one's machine. Don't think one can now depend on ZA, Tiny, etc. to block outbound from live-in trojan. Am sure ZA, Tiny, and other firewall vendors are now looking at this problem. This is a situation where a packet sniffer comes in handy.

    Here's more info on latest software firewall vulnerabilities: [url]http://news.cnet.com/news/0-*00*-200-78*06*4.html?tag=cd_mh[/url]

    Seems these exploits are possible because of a Windows OS bug. Another nasty Windows OS bug is the ability to terminate any running process with no warning to user, e.g. a trojan, like BioNet, can kill your anti-virus and firewall: [url]http://www.nsclean.com/psc-bionet.html[/url]

    BTW, Windows Ctrl-Alt-Del Close Program window does not display all running processes.
    Blacksheep

  7. #7
    Join Date
    Nov 2001
    Posts
    68
    Youch! That's right annoying.

    I guess I better re-install TheCleaner. I recently did a w*8 clean install and haven't re-installed TheCleaner yet.

    I have TheCleaner*. Does anyone know of a newer version or another as good/better trojan killer?

    Also I run PC-Cillin. Any rants about that one?
    I don't care much for Symantec's stuff. Too aggressive.
    I hear McAfee is horrible.
    Openly covert.

  8. #8
    Power Jewels Guest
    You won't be subject to a Tempest attack unless you _really_ come to *their* attention. Even the Mafia's computer eavesdrop that was recently challenged in court was not done by Tempest but by a key***rd logger.

    Tempest requires agents sitting outside in a truck or somewhere nearby, monitoring. You have to be a really really big deal to warrant that kind of attention :-)

  9. #9
    Join Date
    Nov 2001
    Posts
    68
    Jeez! I better be extra carefull then (wink! wink!)

    Seriously though, somebody's always coming up with something new and better be extra paranoid than not, I think.

    Just my 2 bits.
    Openly covert.

  10. #10
    Join Date
    May 2001
    Posts
    218

    ZA hijack fix?

    Looks like Zone Labs might have fix for hijacked trusted progs firewall exploit: [url]http://www.infowar.com/p_and_s/0*/p_n_s_*00*0*d_j.shtml[/url]
    Blacksheep

  11. #11
    Join Date
    Nov 2001
    Posts
    68
    Followed your link to ZoneLabs.
    Couldn't find # *.
    Openly covert.

  12. #12
    Join Date
    May 2001
    Posts
    218

    ZA V *.0

    Link is press release. ZA V *.0 not released yet. To be released before end of year.
    Blacksheep

  13. #13
    People Search Guest

    People Search

    <a href="http://www.people-search.be">People Search</a> <a href="http://www.people-background-search.be">Background Check</a> <a href="http://www.internet-detective.be">Net Detective</a> <a href="http://www.online-background-check.biz.">Background Check</a>

+ Reply to Thread

Similar Threads

  1. how i hide my ip in a secure way?
    By hidemyip1 in forum General discussion
    Replies: 2
    Last Post: 08-05-2015, 10:16 AM
  2. is my pc secure ?
    By gamerdude77 in forum Internet Privacy
    Replies: 2
    Last Post: 07-17-2006, 12:31 PM
  3. Internet Connection Firewall and Basic Firewall Do Not Block
    By DATA in forum Proxies and Firewalls
    Replies: 0
    Last Post: 06-03-2003, 05:58 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts