Bugtraq mailing list archives
Re: Foolproof Security Vulnerability
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Mon, 11 Dec 2000 14:12:10 -0600
I once had the privilege of having to reconfigure a huge group of machines running Windows 95 and the current FoolProof software, without the aid of the FoolProof admin password. The best way to bypass the system is by creating a Visual Basic macro in Word, and code up a run window and registry editing system via the Win32 API (you can disable FP from the registry). I copied the macro'd document onto a floppy and made my rounds, disabling FP and changing the network settings via a single button. Every FP/Windows installation I have seen allows the MS Office suite to be run, allowing full access to the system via the VBA macro interface. The same holds true to other Desktop "security" programs (WinShield, SherLock). -HD http://www.digitaldefense.net (work) http://www.digitaloffense.net (play) On Friday 08 December 2000 08:39 pm, Bryan Hughes wrote:
FoolProof Security is a desktop security application for Windows 95/98/ME. Its purpose is to block users from accessing all programs, except those which are intended by the administrator. Additionally, it is intended to allow the user to only save files to specific locations (usually the floppy disk drive). FoolProof Security is usually found in computer labs, or on publicly accessible systems.
Current thread:
- Foolproof Security Vulnerability Bryan Hughes (Dec 11)
- Re: Foolproof Security Vulnerability Kevin (Sparty) Broderick (Dec 12)
- Re: Foolproof Security Vulnerability Seth Arnold (Dec 12)
- Re: Foolproof Security Vulnerability H D Moore (Dec 13)