From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_00A8_01C5B953.6CEB20E0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   If you have code running that can run an arbitrary EXE like tftp than =
you already own the machine.  You are trying to contrive something =
complicated only to try and show that your complicated scenario is a =
sham.

Rich

  "Geo."  wrote in message =
news:432857bf$1{at}w3.nls.net...
  You are missing the point, step one is to get your evil.exe code onto =
my
  machine and run it.

  I don't have to have code executing on your machine to change your =
firewall.
  A simple javascript included in a pdf file and emailed to you or =
posted to a
  newsgroup should be enough to disable your firewall fire up tftp and
  download your evil.exe code and run it. (I don't really know if I can =
do all
  that in javascript but I'm just trying to describe a technique that's =
been
  used by countless hackers)

  Your firewall is useless against an attack where the firewall needs to =
be
  diabled before the evil.exe can be downloaded and run.

  Something as simple as encrypting the registry key data would prevent =
this
  or at least make it infinitely more difficult.

  Security is not an absolute, it's a shade of grey and the idea is to =
have
  your grey more white than black.. this sillyness definitely moves you
  towards black.

  Geo.

  "Paul Ranson"  wrote in message =
news:43281226{at}w3.nls.net...
  > I think you're living in a dream world. I own your machine. I can =
turn
  your
  > firewall off or reconfigure it, just like you can. I can disable a =
warning
  > message because I own your machine. I can do anything because I own =
your
  > machine. This is just another example of a wannabe trolling a =
mailing
  list.
  >
  > More to the point anything bad I want to do with your machine and =
the
  > network I can do with ports you already have open, so why do I care =
about
  > the firewall and making myself obvious by generating traffic on =
unusual
  > ports?
  >
  > Paul


------=_NextPart_000_00A8_01C5B953.6CEB20E0
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   If you
have code running =
that can run=20
an arbitrary EXE like tftp than you already own the machine.  You = are=20
trying to contrive something complicated only to try and show that your=20
complicated scenario is a sham.
 
Rich
 

  "Geo." <fake{at}barkdom.com>=20">mailto:fake{at}barkdom.com">fake{at}barkdom.com>=20
  wrote in message news:432857bf$1{at}w3.nls.net...You=20
  are missing the point, step one is to get your evil.exe code onto=20
  mymachine and run it.I don't have to have
code executing =
on your=20
  machine to change your firewall.A simple javascript included in a =
pdf file=20
  and emailed to you or posted to anewsgroup should be enough to =
disable=20
  your firewall fire up tftp anddownload your evil.exe code and run =
it. (I=20
  don't really know if I can do allthat in javascript but I'm just =
trying to=20
  describe a technique that's beenused by countless =
hackers)Your=20
  firewall is useless against an attack where the firewall needs to=20
  bediabled before the evil.exe can be downloaded and =
run.Something=20
  as simple as encrypting the registry key data would prevent thisor =
at=20
  least make it infinitely more difficult.Security is not an =
absolute,=20
  it's a shade of grey and the idea is to haveyour grey more white =
than=20
  black.. this sillyness definitely moves youtowards=20
  black.Geo."Paul Ranson"
<paul{at}barkto.com>">mailto:paul{at}barkto.com">paul{at}barkto.com>
wrote in =
message news:43281226{at}w3.nls.net...>=
 I=20
  think you're living in a dream world. I own your machine. I can=20
  turnyour> firewall off or reconfigure it, just
like you =
can. I can=20
  disable a warning> message because I own your machine. I can do =

  anything because I own your> machine. This is just another =
example of a=20
  wannabe trolling a
mailinglist.>> More to the
point =
anything=20
  bad I want to do with your machine and the> network I can do =
with ports=20
  you already have open, so why do I care about> the firewall and =
making=20
  myself obvious by generating traffic on unusual> =
ports?>>=20
  Paul

------=_NextPart_000_00A8_01C5B953.6CEB20E0--

--- BBBS/NT v4.01 Flag-5