Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhost

from [robsekeris] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
Date: 17 Apr 2006 09:38:51 -0000 
After reading your scary message, went to verify your points and confirmed all. 
Whilst, as I've been running a real software firewall (Sunbelt Kerio Personal 
Firewall is for free) on top of a router firewall, I've been able to block or 
force a request as I see fit for each of these sites. On WMP, untick the 
Automatic Coded update function for starters, but indeed its highly irritating 
that you have no control over auto update yes/no. As to the MS firewall, that's 
a joke. It only does partial incoming traffic control and NONE on outgoing!!!!! 
If you like blocking specific IP's or ranges use for instance Peerguardian 2. I 
find it stops truly anything you don't want to not to come thru.

The bypassing of the HOSTS file is something i thinks would fall under required 
disclosure....changing functionality of an intergral part to network control. 
Think this build in trickery will have interest of the EU commission too!
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Shbablek Mail Vulnerablitiy - Cross-Site Scripting, n0m3rcy
Next by Date:  Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, john
Previous by Thread:  Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, Thor (Hammer of God)
Next by Thread:  Re: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup, john
Indexes:  [Date] [Thread] [Top] [All Lists]