Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)

[bipin gautam <visitbipin () yahoo com>]

> ZoneAlarm does not rely on file permissions to
protect
> any configuration files.   Configuration files are
protected 
> by our TrueVector(r) driver in the kernel. 

> then ALL YOU NEED TO DO,
> is to change the folder permissions to EVERYONE:
DENY, and NTFS will
> not EVER allow you to recover this folder. ZA will
thus never operate
> properly on this machine again.

Not really, I've discoverd a NTFS feature (BUG?).
well... If you have system/administrative privilages
in a disk.... you can read/modify a file even though
it has "EVERYONE: DENY" permission set.

All you have to do is read the file through RAW disk
access... instead of going through the standard
procedure. 

This will let you read/modify the file even-though it
has the permission "EVERYONE: DENY" For quick demo.
use any, file delete/recovery utility... to read a
file that has EVERYONE: DENY permission set.

--------------
But, this trick isn't limited to this... cauz i've
foud some intresting thing. 
--------------

EVEN THOUGH ZA has its so called; !33t feature
enabled, all a attacker has to do is, 

E:\WINDOWS\Internet Logs\> attrib/s +h +s +r +a 

{{{ and compress the folder (optional) }}}

Next time,  when ZAP or PC restarts... its so called,
TrueVector(r) driver in the kernel will fail to load
at all. (cheese!)

Now, DOES ANYONE SEES A HOLE down there.....   (O;

bipin 



                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html