Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Is your firewall spying on you?

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Is your firewall spying on you?
Date: Mon, 23 Jan 2006 01:20:18 -0600 (CST) 
http://www.theinquirer.net/?article=29157

By Paul Hales,
in Jerusalem
22 January 2006

IT'S OBVIOUS, REALLY, that the best way of penetrating users' PCs to 
see what they get up to online would be to become a Firewall maker. 
Like, when I wanted a Firewall and was too tight to pay for one, I 
turned to Checkpoint's little freebie Zone Alarm. It sits there 
between you and the Internet and lets you know when someone's trying 
to sneak in through your backdoor or when a program you're running 
tries to connect to the Web for no apparent reason. When you're as 
techie as me - not very - you just have to trust it. 

Of course, Checkpoint's an Israeli company and as a foreign journalist 
working in Israel you know the hyperactive security services here 
would like to keep tabs on you. And you know that they do. It has been 
confirmed to me by a security sources here that mobile phone 
conversations I have had have been listened to - and in circumstances 
which I won't reveal, the contents of a call I have been involved in 
have actually been relayed back to me. 

It's part of the game - like the airport interrogation, or the 
surreptitious copying of your notepad while you're off having a body 
search. You know what goes on but you have a job to do and just get on 
with it - hoping that what you get up to in the legitimate pursuit of 
your business won't upset anyone to the extent that they'll come break 
your door down and cart you off somewhere. 

Now, the handsomely-named Mr Cringely has revealed [1] that a
colleague of his at Infoworld noticed that Zone Alarm 6.0 was sneakily
sending off data to four different servers. Cringely says that Zone
Labs (acquired by Checkpoint in March of 2004) at first denied the
activity for a couple of months before deciding the software had a
"bug" even though, as he points out, "the instructions to contact the
servers were set out in the program's XML code."

The company says it will fix the "bug" soon. In the meantime you can 
work around it by adding: 
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com 
to your Windows host file. 

The "bug" seems to be present in the retail version of Zone Alarm, so 
there's no telling what the freebie gets up to. We called Checkpoint 
here in Israel to find out, but were referred to a US spokeszoner. 
Trouble is they'll all be in bed there on this sunny Sunday morning. µ 

[1] http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Is your firewall spying on you?, InfoSec News <=
Previous by Date:  [ISN] Windows back door rumor is bunk, InfoSec News
Next by Date:  [ISN] Teenage hacker facing court case for data theft, InfoSec News
Previous by Thread:  [ISN] Windows back door rumor is bunk, InfoSec News
Next by Thread:  [ISN] Teenage hacker facing court case for data theft, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]