RE: how to break a personal firewall

["James Grant" <jgrant () zonelabs com>]

> While it's true that the speech was held a year ago your 
> assumption that
> it wouldn't apply to current personal firewalls is wrong.

Not so. Look, you contradict yourself later on.
 
> In general we were exploiting a design flaw in Windows, not a bug or
> flaw in any specific personal firewall. Since the messaging system
> Windows uses for IPC between windows has not yet been re-designed, the
> things said back then still apply.

No. You were exploiting a limitation to the personal firewalls of the
time. The capabilities have been expanded. The exploit has been
prevented.
 
> As for Zone Alarm in particular: the free version is still susceptible
> to our attack. The pro version does intercept it, but since I 

Here you admit I am right.
The rest is a commentary on usability, a pretty poor defense to
your grand claim.

> doubt that
> they have patched the Windows messaging system my guess (from a quick
> glance, maybe I'll take a closer look after the holidays) is that they
> hook into the message queues to intercept such attacks. That 
> attempt is
> futile, though, since I simply need to place my hook before any other
> hook to circumvent it. Besides, the additional PopUps make the program
> completely unusable for normal users, because they won't 
> understand the
> question (what do users know about "windows messages"?). Even 
> more since
> the PopUps won't give the full path of the executable but just the
> filename.

This is not a forum for usability so I won't argue with you about it.
Your over-reaching claim has been addressed.

James Grant

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------