| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: how not to build a firewall |
From: "Rich"
This is a multi-part message in MIME format.
------=_NextPart_000_00E6_01C5B963.47802B10
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Just to make this clear. You are not changing your complicated =
scenario from one where adobe pdf javascript can run an arbitrary EXE to =
one where it can run only tftp plus whatever exe you use tftp to =
download. Wow. Can you make this even more silly and still keep a =
straight face?
Rich
"Geo" wrote in message
news:4328dbce$1{at}w3.nls.net...
tftp.exe is not arbitrary, it's a known executable in a known =
location. If
Windows installed in a arbitrary directory (ie if it picked a random =
string
for the directory name during install) this would not be the case and =
so it
would make hacking via this technique a whole lot tougher. Encrypting =
the
registry entry data for the firewall, even if it's only complicated
obfuscation can make it a whole lot tougher as well.
Windows doesn't need to be hackproof, it just needs to be a nightmare =
to
hack, once it's not any fun to hack the hackers will move to something =
else.
But if you make it easy, well then the path of least resistance..
Geo.
"Rich" wrote in message news:4328c2cf{at}w3.nls.net...
If you have code running that can run an arbitrary EXE like tftp =
than you
already own the machine. You are trying to contrive something =
complicated
only to try and show that your complicated scenario is a sham.
Rich
------=_NextPart_000_00E6_01C5B963.47802B10
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Just to make this =
clear. You are=20
not changing your complicated scenario from one where adobe pdf = javascript can=20
run an arbitrary EXE to one where it can run only tftp plus whatever exe = you use=20
tftp to download. Wow. Can you make this even more
silly and = still=20
keep a straight face?
Rich
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 270 5030/786 @PATH: 379/45 1 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.