Home page logo

basics logo Security Basics mailing list archives

RE: how to break a personal firewall
From: "James Grant" <jgrant () zonelabs com>
Date: Tue, 3 Jan 2006 10:16:33 -0800

While it's true that the speech was held a year ago your 
assumption that
it wouldn't apply to current personal firewalls is wrong.

Not so. Look, you contradict yourself later on.
In general we were exploiting a design flaw in Windows, not a bug or
flaw in any specific personal firewall. Since the messaging system
Windows uses for IPC between windows has not yet been re-designed, the
things said back then still apply.

No. You were exploiting a limitation to the personal firewalls of the
time. The capabilities have been expanded. The exploit has been
As for Zone Alarm in particular: the free version is still susceptible
to our attack. The pro version does intercept it, but since I 

Here you admit I am right.
The rest is a commentary on usability, a pretty poor defense to
your grand claim.

doubt that
they have patched the Windows messaging system my guess (from a quick
glance, maybe I'll take a closer look after the holidays) is that they
hook into the message queues to intercept such attacks. That 
attempt is
futile, though, since I simply need to place my hook before any other
hook to circumvent it. Besides, the additional PopUps make the program
completely unusable for normal users, because they won't 
understand the
question (what do users know about "windows messages"?). Even 
more since
the PopUps won't give the full path of the executable but just the

This is not a forum for usability so I won't argue with you about it.
Your over-reaching claim has been addressed.

James Grant

The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.


  By Date           By Thread  

Current thread:
  • RE: how to break a personal firewall James Grant (Jan 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]