i'd call it a vulnerability in the "Personal Firewall" because once its disabled the ability to inject all sorts of nasty trojans and what not might suddenly become available to the attacker. I'm sure many people are running apps and services that are less than secure and counting on their firewall to keep the beasts at bay. I'd love to see this java script because I might be running this "personal firewall" at home myself and i'd like to lock my doors if i can. On Tue, 16 Jul 2002 TLR@portcullis-security.com wrote: > I think I know the answer to this but I just wanted to get a straw Poll type > opinion from you guys. > > Recently, whilst performing a Penetration Test I developed a Java script > which, with the use of some tools, disables a well known personal firewall. > This personal firewall was designed as is used so that the company can > centrally control what Hosts and Networks a user can access via the use of > profiles. Can you see what it is yet? Anyway, would you guys consider the > ability to disable the firewall remotely a vulnerability or does it fall > simply in the arena of technique in the use of already existing tools and > vulnerabilities? > > Cheers,Liam. > -- ================== rogueat_private {\o0| ==================
This archive was generated by hypermail 2b30 : Tue Jul 16 2002 - 11:59:11 PDT