Penetration Testing mailing list archives
Re: [PEN-TEST] Dead Thread
From: Etaoin Shrdlu <shrdlu () deaddrop org>
Date: Tue, 31 Oct 2000 15:53:41 -0800
Jim Howard wrote:
Al, I agree it has not, however, can we re-direct it instead of killing it? Products such as webex are just starting to come into their own, in the public light, and they pose some interesting questions for security people. They employ a tunnel through your firewall via http, and allow such things as remote desktop control. While "handy", the penetration possibilities are huge.
May I please concur? I am finding a discussion of the first product that uses tunneling to be quite interesting. I have collections of various tunnels (including http), and expect that products like this will be a significant problem to manage. I feel that they are indeed something that we should be examining, albeit the security or lack of it on their site seems less important than whether or not the product it self can be compromised.
Wonder if people could stick to the Penetration side of this product and what it means to have tunneling products be in the limelite (was only a matter of time)
The implications of this are trememdous. An internal compromise may depend on tunneling to take software out unobtrusively. How can one tell the difference between an application like this that is meant to tunnel, and the disgruntled employee that is not?
Thanks for your consideration,
Ditto. .shrdlu -- Life at university, with its intellectual and inconclusive discussions at a postgraduate level is on the whole a bad training for the real world. Only men of very strong character surmount this handicap. (Paul Chambers)
Current thread:
- [PEN-TEST] Dead Thread Alfred Huger (Nov 01)
- Re: [PEN-TEST] Dead Thread H D Moore (Nov 02)
- <Possible follow-ups>
- Re: [PEN-TEST] Dead Thread Jim Howard (Nov 01)
- Re: [PEN-TEST] Dead Thread Etaoin Shrdlu (Nov 01)
- [PEN-TEST] Dead Thread Alfred Huger (Nov 09)