Silicon Investor (SI) -- The First Internet Community

STOCKTALK

We've detected that you're using an ad content blocking browser plug-in or feature. Ads provide a critical source of revenue to the continued operation of Silicon Investor. We ask that you disable ad blocking while on Silicon Investor in the best interests of our community. If you are not using an ad blocker but are still receiving this message, make sure your browser's tracking protection is set to the 'standard' level.

Pastimes : Computer Learning -- Ignore unavailable to you. Want to Upgrade?

To: thecow who wrote (23695)	12/8/2001 6:57:17 AM
From: thecow	Read Replies (2) \| Respond to of 110655

Here's some sites that are worth a look-see concerning security Security tests Message 14659124 Security tips antivirus.com wilders.org speedguide.net

To: thecow who wrote (23695)	12/8/2001 10:20:21 AM
From: Rick Faurot	Read Replies (1) \| Respond to of 110655

I expect I'll install this D-Link router at some point. It was recommended to me by a tech expert I hired to help me sort out connection problems I was having with DSL. I researched it and then found it was on sale at Fry's and I got it for $55 with a rebate. I am holding off doing it because after months of struggle I now have a reliable and fast DSL connection that I can leave on all the time and forget about. My provider does use dynamic connection, so that is some help. With websites out there teaching hackers how to do hacking, it is pretty clear that pc security is going to be evolving constantly. I've been lucky so far, but I'm not relying on luck.

To: thecow who wrote (23695)	12/8/2001 9:05:42 PM
From: Rick Faurot	Read Replies (1) \| Respond to of 110655

Think your firewall is safe? Why your firewall sucks :-) November 5, 2001: Steve Gibson has written to me to applaud the creation and cleverness of "TooLeaky". He says he's delighted that I did it and that "the end result will be safer and more secure personal firewalls, which is good for everyone." I have been following the ongoing discussions at GRC about LeakTest and firewalls for some time. I finally got fed up with the whole thing. In my estimation the position held by the majority (and, yes, advocated by Steve Gibson) basically comes down to this: "Firewalls" such as Zone Alarm that provide outbound filtering are somehow better than firewalls such as Black Ice Defender that don't. Admittedly, that seems to be a good argument. In fact, I used to believe it. When Zone Alarm first came out, I even recommended it to friends and colleagues. But I quickly realized the truth: The added protection provided by outbound filtering is entirely illusory. Such filtering is in fact no better than the insanely stupid kludge that Network Ice put into Black Ice Defender to block Steve's LeakTest. It does the same thing: it gives you a false, undeserved sense of security! If a firewall is going to allow some program to transmit and receive data over the Internet, and that program allows other programs to control its actions, then there's no point in blocking anything at all. To demonstrate how outbound filtering is a joke, I am providing here a small executable file (3KB), along with its C++ source code. In this example, if Internet Explorer is a "trusted" application by your firewall, you'll find that this drills right through. In essence, by giving "trust" to Internet Explorer, you are implicitly trusting every other software application on your PC. Now, a brief warning: Who should download this software? Quite likely not you. This software is targeted for security professionals. Unless you have a thorough understanding of software firewalls, outbound filtering methods, and the details of this exploit, there is no need to download this program. It's not going to do anything other than frustrate you. However, that said, it can be lots of fun to demonstrate to your friends how you can get right through their firewall if it trusts Internet Explorer. tooleaky.exe - Trivial Firewall Leak Checker (3KB) tooleaky.zip - Trivial Firewall Leak Checker Source Code (C++) This program very clearly penetrates every firewall on the market, including Zone Alarm. It sends data out to a server (in this case, grc.com, just like Steve Gibson's LeakTest), and then retrieves data in response--completely bypassing your firewall. So, one must ask: Why have so many people said that firewalls with outbound filtering are more secure than those without it? The best solution I can come up with is that they simply didn't consider (or know how) to bypass them. For full details of how and why these firewalls are so easily penetrated, see the liberal comments in this program's source code. (Incidentally, for those who believe it was reckless to release this software, I agree wholeheartedly with Steve Gibson's explanation of why software like this should be released. Please see his explanation of why publishing such information is a good thing. And as far as why I released the source code, anyone with half a brain, the TooLeaky executable, and a copy of IDA Pro would have been able to figure out what was going on within five minutes anyway.) Bob Sundling November 5, 2001 Copyright © 2001 Bob Sundling. All Rights Reserved. tooleaky.zensoft.com