dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
41
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

BlitzenZeus to Traduk

Premium Member

to Traduk

Re: Kerio potential vulnerability ... app masquerade

Its so easy to un-attribute files its amazing so just making it read-only is pointless....

I can write a simple batch file to remove the attributes right now, and it won't even take me a minute. The script could also rename, and run the program of my choice too!
Traduk
join:2000-10-25
England

Traduk

Member

BlitzenZeus,

It was just a thought. Obviously far too simplistic on my part. It would be just one more, possibly unexpected hoop for a potentially malicious hacker to have to jump through.

It looks as though Stanislav will have to nail this particular problem down once and for all, as spoofing and getting through firewalls from the inside /out appears to have grabbed more attention than the original functional requirement of keeping the bad guys out.

I have seen the scripts you possibly mean which have been attribute changes for backing up registry files and they are simple Dos strings?.

Traduk
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13

BlitzenZeus

Premium Member

My point is, simple things like marking files read-only will not stop someone from doing actions like this unless your using NTFS with strict permissions on a restricted account.

One point needs to be made though.... Most people have found that Tiny/Kerio will not run correctly unless the account has admin access to your system. That would allow any program running full access to your system anyway.

The thing is I can write these script, and don't have to find them on the web. Most of my scripts are dos based, but i'm not limited to using dos batch files either....