[ISN] Re: Personal Firewalls Spring Security Leaks - Update

From: InfoSec News (isnat_private)
Date: Sun Dec 02 2001 - 23:56:54 PST

  • Next message: InfoSec News: "Re: [ISN] Cyber terrorism is 'fantasy'"

    Forwarded from: Felix von Leitner <leitnerat_private>
    
    Thus spake InfoSec News (isnat_private):
    
    > http://www.newsbytes.com/news/01/171949.html
    
    > By Brian McWilliams, Newsbytes
    > ALISO VIEJO, CALIFORNIA, U.S.A.,
    > 07 Nov 2001, 12:08 PM CST
    >  
    > Software firewalls deployed by millions of PC users offer only
    > "illusory" protection against Trojan horses and other malicious
    > programs, security experts warned today.
    
    This is actually correct.
    
    A packet filters is only useful if one can be sure that what little
    protection it offers can't be circumvented.  That means that it can
    not share the same machine with other applications that use untrusted
    data. This is so basic, it's embarassing that it needs to be mention
    at all :(
    
    Personal Firewalls aren't.
    
    > Techniques for defeating the outbound data filters in popular personal
    > firewalls such as Zone Alarm and Norton Personal Firewall have been
    > independently posted on the Web by several researchers.
    
    This, however, is complete and utter bullshit.
    
    You can _never_ restrict outgoing traffic in a meaningful way, i.e.
    you can never lock a box down in a way so that an evil attacker could
    not leak supposedly secret information out, except if you don't allow
    any data to flow out at all.
    
    Instead of explaining to the illiterate users of this snake oil
    software the risks they are exposing themselves to, this article dumbs
    them down even more.  It is very sad that this drivel is published at
    all, and then forwarded to a respected mailing list as this, but it is
    even sadder that apparently noone except me considers this
    nauseatingly stupid, bordering on criminal.
    
    Felix
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Dec 03 2001 - 04:54:49 PST