Re: Bug in Norton FireWall 2003

From: xenophi1e (oliver.laveryat_private)
Date: Tue Aug 12 2003 - 10:44:02 PDT

Next message: Omicron@portcullis-security.com: "Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalatio n Vulnerabilities"

Previous message: Michal Zalewski: "Re: Overflowing an interactive app"
Maybe in reply to: Boy Bear: "Bug in Norton FireWall 2003"
Next in thread: Boy Bear: "Re: Bug in Norton FireWall 2003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <75C025AE395F374B81F6416B1D4BDEFB0146BF63@mtv-corpmail.microfocus.com> >Is there a reliable mechanism in Windows for distinguishing between real and >spoofed events? I've never looked into the subject, as I avoid GUI-mode >programming like the plague (which is an apt description, in my book). > >Of course, the popup window shouldn't be owned by a process running with >elevated privileges anyway. > No, their isn't even an unreliable way. I've talked to lots of people about this particular firewall hole that keeps getting rediscovered. For my money the best bet is to display the UI as a bitmap image which is difficult to decipher computationally. The 'Allow' portion of the bitmap changes position, and a click anywhere outside of this portion is treated as 'Reject'. Provided the bitmap is easy for a human to decipher, yet difficult for a machine to decipher, I think you would have a pretty good 'jury-rigged' solution. Cheers, ~x

Next message: Omicron@portcullis-security.com: "Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalatio n Vulnerabilities"
Previous message: Michal Zalewski: "Re: Overflowing an interactive app"
Maybe in reply to: Boy Bear: "Bug in Norton FireWall 2003"
Next in thread: Boy Bear: "Re: Bug in Norton FireWall 2003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 12 2003 - 11:21:17 PDT