Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: SP2 vulnerability ?

  1. #11
    Sure, blame both the software and the vendor when people never place file/sys auditng and policies over their systems... blame everything except users when folks accept downloads from random people and do everything with full admin privileges. How is the ability to disable things in relation to AV or firewall software new, inginuitive, or original at all? It's been done before... mention an M$ product, and all of a sudden people actually care now?
    the only thing i hate about this, is that microsoft SAYS it is safe, and that so much other events in the past have proven that windows isn't that safe...

    but suppose i would write a script disabling the default firewall, and disable the notification of it, i know exactly what to do, since it is the same in every windows XP sp 2 system (no need to find out what firewall is running). and then use the bug that is found recently which allows me to access the netbios shares through the firewall, and put that script in startup. then next time the system boots up (2 times to be exact). the firewall is gone, and the user never noticed it. Complete system is open to attack!

    that's what i hate about microsoft, the false feeling of safety they give you...
    because most users don't participate in a security forum and don't even know what an IP adress is, and that is exactly the kind of people that are vulnerable to this flaw.

  2. #12
    They give off a false sense of security therefore, you and millions of other people complain about M$ and the OS even though you run XP along with alot of the products? Gee uhhh, yeah, whatever...

    It sounds like a bad joke at first but how many mindless Fother Muckers does it take to click update when MS goes as far as flashing things on screen and haveing to remind people how stupid and ignorant they are, how many of them does it take to screw in a light-bulb, or better yet... wipe your ass. Clearly it takes alot of Fother Muckers out there to accomplish even the most minor things.

  3. #13
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    The security centre is suposed to monitor the state of AV Firewall apps, Afaik, at least with Norton it asks you wether to allow the security centre to monitor. This must mean that the security centre access the app involved in some way at least. Norton doesn't recomend you allow this.

    If you assume that Norton is vulnerable and the security centre is also vulnerable by allowing the security centre to monitor norton, you have just doubled your exposure.

    Just some abstract thoughts.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  4. #14
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    Originally posted here by Negative
    SDK > The question was how is being able to turn off the Security Center's warnings a vulnerability?
    Your registry key doesn't do anything on my machine, btw... is this to turn off the internal firewall?
    If I change the EnableFirewall Key to 0, it's turn the firewall off (By looking at Security Center and Firewall Icon from Control Panel). Putting back the value 1 turn the firewall on again!

    XP Firewall can be configured by Active Directory (I had to be for IT Administrator) so it had to be registry base!
    -Simon \"SDK\"

  5. #15
    Originally posted here by SDK
    If I change the EnableFirewall Key to 0, it's turn the firewall off (By looking at Security Center and Firewall Icon from Control Panel). Putting back the value 1 turn the firewall on again!

    XP Firewall can be configured by Active Directory (I had to be for IT Administrator) so it had to be registry base!
    negative PM'd me about this, and i gave him all i knew, he is going to try it out, but like i said to him too, i'm not sure if it is clever to post all the info here, since it may be read by people wanting to take advantage of it in the wrong way...
    i told him i'd let him decide, so thats what i will do, but if my info is correct, it would be pretty easy to abuse this knowledge

  6. #16
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    This information I gave here can be get from Regmon utilities from SysInternal in 2 mins. If you know how to read ADM file, it’s written in there also for XP Pro.

    If I could find this information, a black hat can find this information in 2 mins also! I prefer to share the full disclosure that to hide the information for myself.

    So be warn Antionline User, Windows XP SP2 Firewall can be disabled by a simple REG file!!
    -Simon \"SDK\"

  7. #17
    If I could find this information, a black hat can find this information in 2 mins also! I prefer to share the full disclosure that to hide the information for myself.
    i'm not talking about black hats, i'm talking about skiddies...
    of course with a little research anyone can find it, but why help a skiddie by giving him al info in one place, perhaps even include the script so he can start of right away...

    i suggest (if negative agrees), to post this in the addicts forum, so at least not everyone can find that info

  8. #18
    AO French Antique News Whore
    Join Date
    Aug 2001
    Posts
    2,126
    A script kiddie won't program a malware that is able to deactivate the XP Firewall. If he do, he's a true hacker
    -Simon \"SDK\"

  9. #19
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    All of that stuff doesn't work on my box (XP Pro SP2)... SDK's registry key doesn't seem to do anything...

    Feel free to post it wherever you want

  10. #20
    well, thats strange, why wouldn't it work? i now have to find it out for myself ;-)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •