Bugtraq: Re: ... Tiny Personal Firewall ...

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: ... Tiny Personal Firewall ...

From: Scott Nursten <scottn () s2s ltd uk>
Date: Fri, 01 Mar 2002 16:55:40 +0000

Not being au fiat with Windows programming etc., I was wondering if this was
standard practice? Surely if the workstation is locked it's supposed to stop
all I/O? 

Isn't this also an OS related bug? No flames please, it's just a question.
:) 

Regards,

Scott 
-- 

On 28/2/02 2:53 pm, "Andrew Barkley" <andrew.barkley () usa net> wrote:

Hi ...


Scanning hosts running the Tiny Personal Firewall (2.0.15a) on W2K
workstations that have been locked (ctl + alt + del)

The popup alert/dialogue jumps to the foreground, thus open to accept
permit/deny input from the local console, even when the workstations are
locked (ctl + alt + del).  Thus an untrusted individual whom has local access
to individuals workstations can scan a workstation/network, wait for the popup
alert dialogue and enter "permit" on unattended (locked workstations) without
the owners permission/knowledge, No need to first unlock (ctl + alt + del)
...


CHEERS ...

By Date By Thread

Current thread:

... Tiny Personal Firewall ... Andrew Barkley (Feb 28)
- Re: ... Tiny Personal Firewall ... Maher Odeh (Mar 01)
- Re: ... Tiny Personal Firewall ... Scott Nursten (Mar 05)
  - Re: ... Tiny Personal Firewall ... Dave Ahmad (Mar 04)
    - Re: ... Tiny Personal Firewall ... Tom Geldner (Mar 05)
    - Re: Tiny Personal Firewall elfs (Mar 05)
    - Re: ... Tiny Personal Firewall ... J.Brown (Ender/Amigo) (Mar 06)