Vulnerability Development mailing list archives
Re: Bug in Norton FireWall 2003
From: xenophi1e <oliver.lavery () sympatico ca>
Date: 12 Aug 2003 17:44:02 -0000
In-Reply-To: <75C025AE395F374B81F6416B1D4BDEFB0146BF63 () mtv-corpmail microfocus com>
Is there a reliable mechanism in Windows for distinguishing between real
and
spoofed events? I've never looked into the subject, as I avoid GUI-mode programming like the plague (which is an apt description, in my book). Of course, the popup window shouldn't be owned by a process running with elevated privileges anyway.
No, their isn't even an unreliable way. I've talked to lots of people about this particular firewall hole that keeps getting rediscovered. For my money the best bet is to display the UI as a bitmap image which is difficult to decipher computationally. The 'Allow' portion of the bitmap changes position, and a click anywhere outside of this portion is treated as 'Reject'. Provided the bitmap is easy for a human to decipher, yet difficult for a machine to decipher, I think you would have a pretty good 'jury-rigged' solution. Cheers, ~x
Current thread:
- Bug in Norton FireWall 2003 Boy Bear (Aug 11)
- <Possible follow-ups>
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- Re: Bug in Norton FireWall 2003 pr00f (Aug 12)
- RE: Bug in Norton FireWall 2003 nowak . a (Aug 11)
- RE: Bug in Norton FireWall 2003 Michael Wojcik (Aug 11)
- RE: Bug in Norton FireWall 2003 Kayne Ian (Softlab) (Aug 12)
- Re: Bug in Norton FireWall 2003 xenophi1e (Aug 12)
- Re: Bug in Norton FireWall 2003 Boy Bear (Aug 19)