ZoneAlarm by zonelabs.com can export possibly sensitive data if the "More Info" button is clicked from an alert. ZoneAlarm is a personal dynamic firewall for Windows 9x/NT. When a rule is triggered (typically an inbound connection to an unregistered or alarmed service) an alert box appears with a brief description of the event and a button labelled "More Info". When this is clicked a URL is passed to the user's Web browser sending information to Zone Labs' server for more detailed explanation. Currently (version 2.0.26) the information passed includes: Source Address and Port Destination Address and Port Operating system version Firewall version Whether the connection was blocked The lock status of the firewall All this information is sent in clear as an HTTP GET request (port 80). It could possibly be seen on the Internet in transit or in proxy logs, and may include information about machines on an internal network inside a corporate firewall. The request itself could be blocked by ZoneAlarm, but it is likely that the setting for the Web browser would allow it to access the external network (Internet). It is fairly simple to edit the .EXE file to disable this feature, or to redirect it to a local server. (IMO the benefits from using the product outweigh the risks of this data leak....) Andrew Daviel Vancouver Webpages etc.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:37:21 PDT