Do you think some firewalls can be made absolete? Read on:
Mr. Hacker/Skript Kid EXtreme had a revolutionary "What-If"
idea smack them up at his local crack house one evening:
"Man, I got a truly evil idea everyone! What if I wrote some code,
that would not only shut down some systems, but make me a world famous
hacker!" (No, I'm not talking about me here you trolls)
"What if I were to code a program that would infiltrate EVERY port,
ALL 65535 of them, and compress the living poop out of it, make it
propagate through scripting, JAVA, ActiveX, and such, and deliver
a sting to the world that they never have known before!"
This is a very scary idea that brainstormed me one day. Just imagine,
some moron bent on bringing the security world to it's knees, in one
swift move like the above "what-if" scene. They would make this so
called "doomsday" code to intercept "ALL" ports, not just one, two
or even three or four ports. ALL OF THEM. Most firewalls only block
"KNOWN" bad ports or the ones you program into them in the event
you find new "nasty ports in the wild" that have been confirmed
through other concerned parties.
Remember what most firewalls do, they BLOCK PORTS from communicating
to the in/outside world using various rule sets to look for specific
ports in which they watch for specific "PORT ACCESS", inbound and
outbound activity. When the rule set intercepts this communication, it
merely shuts that port down, and blocks said communication from
happening. At least most do. In a dumb way. Most just block those
ports all together....period.
So, if EVERY PORT is hit, what do you think will happen? They could
even go so far as to "mimic" the very .exe, .icd and such programs to
permit itself TOTAL ACCESS to the same process to which you created the
rule set for. In other words, Hijack the good, let me by program, so I
can use that port rule set, in order to work through the firewall and
do my dirty work. Remember, a firewall is not an Anti-virus program
folks.
Ok, so you say that you set your firewall up to let you permit the
communication on a one to one basis, manually. So what! If this bugger
is real smart, they can even mimic the very firewall you are using via
it's associated programs, in order to work. Make this even easier if
they know the exploits of your Operating System, or, the firewall
itself.
Ok, say this person is not that smart, but targets just OS exploits
and the the firewall exploits, or the VERY COMMON firewalls that
people use today. What about the common shareware programs that most
use today like the very friendly FTP helper programs, message programs,
Multiplayer Games, and even the compression programs that we all
enjoy! Hmmmmmmm......
They can deliver this "doomsday" code via eMail, Trojan, shareware,
or even WAREZ programs to get it out in the wild. Virus programs also
come to mind, and I think you get the idea now.
Even in it's simplest form of hitting all the ports, if you block
these ports, guess what COULD happen? LOCK-DOWN, or even worse yet,
opening ports behind your back, in the disguise that they are
stealthed or closed. REMEMBER, most firewalls are not really that
smart. They only know what you tell it to do, or go by their
default rules built into the firewall itself folks. And sometimes
these very default rule sets are letting in things you have no
idea about behind your back!
Scary? Absolutly. I suspect that one day we will see Anti-Virus
programs and Firewalls "meld" together and work together, in one
program to help combat certain "what-ifs" in our society. That way,
they can use both methods to help stop these threats with intelligent
"processes" that use biological artificial intelligence in order to
make decisions based on it's own programmed experiences, and even new
threats in which it can make it's own decisions. Ok, hold back on the
biological stuff for now. <g>
(Please hold back on the Terminator Movie stuff too!)
What my point is, is that some smart jerk wad can do this. It is
only a matter of time here folks. Firewalls are dumb on/off switches,
and what we need is some very crafty intelligent programming put into
Firewalls now. Tomorrow is too late for the public, and "TrueVector"
programming is "NOT" your answer here folks. Don't be "taken in"
by certain products that advertise that they are doing you a favor,
when in fact, all they do is "do themselves a favor at your expence".
Being paranoid in the security world is a good thing, not a bad thing
folks. Questioning motives is a good thing also. Ask those questions,
get up and shout for your own sake and your neighbors also! If you
don't, maybe, just maybe, no one else will, and nothing will be done
about it! Now you know why I question Zone Labs, ZoneAlarm firewall
with this so called "TrueVector Technology". There are way to many
people praising this program, but only a handful of people asking
serious questions about it.
Now, back to the rant: Do you see what I see, or are you blind?
Are you that cozy inside with your firewall? Do you "REALLY" feel
safe beyond all extremes? How dumb do you think your Firewall
truly is? How smart do you think it is? How smart do you think that
"nasty" person really is?
How smart are you???
Since most Firewalls are stupid, and they have no real-world
AI or mimic it for that matter, you should be paranoid. You should
also question the companies who make these products. Are they
"TRULY" there to help you, or, line their greedy wallets/purses
in order to thrive in an abundant market which "beckons" their
business concerning todays Internet threats?
Now, they want to invade your home with "InternetAware Appliances"!
Gee, wouldn't it be nice for a Hacker/Skript Kiddie to invade your
Microwave, and when you input data to it, the sucker blows up in your
face with a simple "tweak" of the voltages. Do you think this could
ever happen? maybe, maybe not.
How about this: Infiltrate "Software Based [Flashed Appliances] that
run entirely on the built in code to program "every instance" of "every
component down to the resistor and capacitor" in order for said
appliance to work. In other words, you program the entire appliance
to work via software which works down to the voltages of the appliance
itself. Software "Radios" are used this way folks.
I truly hope, and pray, that the United States of America takes
into consideration, that the Public needs the government to step
in, and stop the insanity.....now, not tomorrow, for tomorrow is
too late.
Peace......
Internet Security 101 - ".....be afraid, be very afraid"
--
- Internet Security 101
Sent via Deja.com http://www.deja.com/
Before you buy.
> Do you think some firewalls can be made absolete? Read on:
Do you think crackpots can make sense?
> Mr. Hacker/Skript Kid EXtreme had a revolutionary "What-If"
> idea smack them up at his local crack house one evening:
When's the last time you've been to a crack house? If it was on your most
recent visit to pick up your supply, did you see any PCs in the house? If
so, were they using a dialup or broadband access such as a DSL circuit or
cable modem? Perhaps you should survey the crackhouses in your
neighborhood so we can get some kind of idea what people in the ghetto are
using to access the Net. While you're taking the survey, be sure to ask
how many "hackers" and "script kiddies" are in residence at each crack
house.
> (No, I'm not talking about me here you trolls)
Hey Grampa, what's a Usenet troll?
> "What if I were to code a program that would infiltrate EVERY port,
> ALL 65535 of them, and compress the living poop out of it, make it
> propagate through scripting, JAVA, ActiveX, and such, and deliver
> a sting to the world that they never have known before!"
What if we ordered a pizza to be delivered to every address on your block,
each from a different pizza restaurant in your 'hood? We could compress
the crust with bzip or rar before delivery. Then when you realize that
pizza sauce does not deliver too well over IP you'll be forced to realize
that that "wacky Internet thing" isn't all it's cracked up to be.
> This is a very scary idea that brainstormed me one day. Just imagine,
> some moron bent on bringing the security world to it's knees, in one
> swift move like the above "what-if" scene. They would make this so
> called "doomsday" code to intercept "ALL" ports, not just one, two
> or even three or four ports. ALL OF THEM.
Golly, Beav, do you think Wally's really gonna be the next Robert Tappan
Morris or Kevin Mitnick?
> Most firewalls only block "KNOWN" bad ports or the ones you program into
> them in the event you find new "nasty ports in the wild" that have been
> confirmed through other concerned parties.
I once sent my son out to hunt wild UDP and TCP ports. He never returned.
> Remember what most firewalls do, they BLOCK PORTS from communicating
> to the in/outside world using various rule sets to look for specific
> ports in which they watch for specific "PORT ACCESS", inbound and
> outbound activity. When the rule set intercepts this communication, it
> merely shuts that port down, and blocks said communication from
> happening. At least most do. In a dumb way. Most just block those
> ports all together....period.
Too bad they don't block all my-deja.com postings to Usenet. But then the
world would be a much less fun place, wouldn't it?
> So, if EVERY PORT is hit, what do you think will happen? They could
> even go so far as to "mimic" the very .exe, .icd and such programs to
> permit itself TOTAL ACCESS to the same process to which you created the
> rule set for.
I didn't realize we all ran windoze behind our firewalls.
> Remember, a firewall is not an Anti-virus program folks.
But it is a tool of Satan!
> Ok, so you say that you set your firewall up to let you permit the
> communication on a one to one basis, manually. So what! If this bugger
> is real smart, they can even mimic the very firewall you are using via
> it's associated programs, in order to work. Make this even easier if
> they know the exploits of your Operating System, or, the firewall
> itself.
You'd better check those pods in the field.
> Ok, say this person is not that smart, but targets just OS exploits
> and the the firewall exploits, or the VERY COMMON firewalls that
> people use today. What about the common shareware programs that most
> use today like the very friendly FTP helper programs, message programs,
> Multiplayer Games, and even the compression programs that we all
> enjoy! Hmmmmmmm......
Don't forget our web browsers! The Internet would cease to exist with out
HTTP!
> They can deliver this "doomsday" code via eMail, Trojan, shareware,
> or even WAREZ programs to get it out in the wild. Virus programs also
> come to mind, and I think you get the idea now.
We'd better call ol' Grizzly Adams to corral them wild warez for us afore
them durn computer viruses start kickin out two headed calves from the
PeeCee!
> And sometimes these very default rule sets are letting in things you have
> no idea about behind your back!
Don't you fergit it, paw! Them negroes are probably plottin' to kill us
white folks any day now.
> Scary? Absolutly. I suspect that one day we will see Anti-Virus
> programs and Firewalls "meld" together and work together, in one
> program to help combat certain "what-ifs" in our society.
Try new, versatile Shimmer. It's a magnificent floor wax AND a dessert
topping!
Maybe some glorious day Dr. Scholl will create the ultimate foot odor
eater SLASH toothpaste SLASH deodorant SLASH shampoo SLASH jock itch
spray. We can give it out to those pesky homeless people that keep asking
us for spare handguns.
> That way, they can use both methods to help stop these threats with
> intelligent "processes" that use biological artificial intelligence in
> order to make decisions based on it's own programmed experiences, and
> even new threats in which it can make it's own decisions. Ok, hold back
> on the biological stuff for now.
No, please tell us more. Does this somehow involve the ghost of L. Ron
Hubbard, Max Headroom, and Nabisco? Let me take a stab at this one:
The Scientologists have enslaved the Keebler elves in a dungeon somewhere
on their luxury cruise ship. They've forced the elves to hack an A.I.
together that kicks out random phrases about "Thetans," "e-meters,"
"copyright lawsuit" and other spew du jour. When the A.I. finally beats
Deep Blue in a chess match, the Scientologists will cruft together an
elaborate firewall product out of it and give it to the I.R.S. in exchange
for tax exempt status.
> What my point is, is that some smart jerk wad can do this. It is
> only a matter of time here folks.
He can't outsmart those Keelber elves, man. They're some crafty lil
bastards. Remind me some time to tell you the story about how the 3l33t
k33bl3R kR3w once hacked their way into a cafeteria cash register at the
NSA. Oh, the humanity!
> Firewalls are dumb on/off switches, and what we need is some very crafty
> intelligent programming put into Firewalls now. Tomorrow is too late for
> the public, and "TrueVector" programming is "NOT" your answer here
> folks. Don't be "taken in" by certain products that advertise that they
> are doing you a favor, when in fact, all they do is "do themselves a
> favor at your expence".
Don't forget that registering your firewall products automatically enters
you in the FBI's Get Busted Quick Sweepstakes. I don't think Ed McMahon
delivers those checks anymore since the bad PR he got for the last sweep.
> Being paranoid in the security world is a good thing, not a bad thing
> folks.
I see a perfect opportunity for a quote from the jargon file:
FUD /fuhd/ n. Defined by Gene Amdahl after he left IBM to found his own
company: "FUD is the fear, uncertainty, and doubt that IBM sales people
instill in the minds of potential customers who might be considering
[Amdahl] products." The idea, of course, was to persuade them to go with
safe IBM gear rather than with competitors' equipment. This implicit
coercion was traditionally accomplished by promising that Good Things
would happen to people who stuck with IBM, but Dark Shadows loomed over
the future of competitors' equipment or software. See IBM. After 1990 the
term FUD was associated increasingly frequently with Microsoft, and has
become generalized to refer to any kind of disinformation used as a
competitive weapon.
> Questioning motives is a good thing also. Ask those questions,
> get up and shout for your own sake and your neighbors also! If you
> don't, maybe, just maybe, no one else will, and nothing will be done
> about it!
If you don't kick those damn Girl Scouts off your front step, nobody will!
> Now you know why I question Zone Labs, ZoneAlarm firewall with this so
> called "TrueVector Technology". There are way to many people praising
> this program, but only a handful of people asking serious questions
> about it.
Can I get that on a 5.25" floppy disk?
> Now, back to the rant: Do you see what I see, or are you blind?
> Are you that cozy inside with your firewall? Do you "REALLY" feel
> safe beyond all extremes? How dumb do you think your Firewall
> truly is? How smart do you think it is? How smart do you think that
> "nasty" person really is?
Perhaps when you're taking your crackhouse survey you could collect ACT,
SAT, ASVAB and IQ score from each crack smokin script kiddy you poll.
> How smart are you???
This many.
> Since most Firewalls are stupid, and they have no real-world AI or
> mimic it for that matter, you should be paranoid.
We'd better get William Gibson hired as a technical advisor for the
Keebler elves -- considering how tech savvy Mr. Gibson is, it's sure to be
a winning match. I can't wait to jack into a construct and be surrounded
by Cheez Whiz!
> You should also question the companies who make these products. Are they
> "TRULY" there to help you, or, line their greedy wallets/purses in order
> to thrive in an abundant market which "beckons" their business
> concerning todays Internet threats?
It's amazing how few people have heard of this simple idea called "open
source." I'll bet if Ted Kaczynski were out of jail today he'd start a
fully buzzword compliant open sourced home explosives project. Yet raving
lunatics who post to security newsgroups have never heard of that that lil
penguin guy -- what's his name, Chux? He's the mascot for that Kleenux
operating system that's pasted together out of used tissue paper sent in
by crack smokin script kiddies from all over the world.
> Now, they want to invade your home with "InternetAware Appliances"!
Dammit, Maggie, you unplugged the ethernet cable from the toilet again!
How else am I going to check on my stock portfolio when I'm pinching a
loaf?
> Gee, wouldn't it be nice for a Hacker/Skript Kiddie to invade your
> Microwave, and when you input data to it, the sucker blows up in your
> face with a simple "tweak" of the voltages. Do you think this could
> ever happen? maybe, maybe not.
Ooh, ooh! Maybe we can start fingering our toasters to see when our Pop
Tarts will be done. Wait, isn't that a Nabisco product, too? I smell a
conspiracy...
> How about this: Infiltrate "Software Based [Flashed Appliances] that
> run entirely on the built in code to program "every instance" of "every
> component down to the resistor and capacitor" in order for said
> appliance to work. In other words, you program the entire appliance
> to work via software which works down to the voltages of the appliance
> itself. Software "Radios" are used this way folks.
That reminds me of the Flush Master 3000. Apparently you can recompile the
kernel to flush IP packets that originate from my-deja.com.
> I truly hope, and pray, that the United States of America takes
> into consideration, that the Public needs the government to step
> in, and stop the insanity.....now, not tomorrow, for tomorrow is
> too late.
Yeah, we'll send in the Bureau of Alcohol, Tobacco and Firewalls to crack
down on those bastards!
> Internet Security 101 - ".....be afraid, be very afraid"
Don't worry. We are.
-Gary
> What if we ordered a pizza to be delivered to every address on your block,
> each from a different pizza restaurant in your 'hood? We could compress
> the crust with bzip or rar before delivery. Then when you realize that
> pizza sauce does not deliver too well over IP you'll be forced to realize
> that that "wacky Internet thing" isn't all it's cracked up to be.
>
It's funny you should mention that pizza thing cuz I just added a rule
to my stupid firewall that drops pizza packets that don't originate from
my internal network. I was working on a TCP wrapper for the pizza but
it would squish out the little breather holes in the side of my
computer. Those midgets in there gotta breath. (and they are very
afraid too)
--
.plan Teach the pig to sing
> I was working on a TCP wrapper for the pizza but it would squish out the
> little breather holes in the side of my computer. Those midgets in there
> gotta breath. (and they are very afraid too)
That's why you use ferrets. They're relatively cheaper.
///
[snip]
Thanks Gary - I haven't laughed so much for ages.
Regards,
Derek Sorensen
--
Curiosity *may* have killed Schrodinger's cat.
Mine uses ants. I bought it mail order from some geezer called
Ridcully.
<a bunch of paranoid bs that i care not to burden the fine readers with
reposting>
Hey internetsecurity, where exactly is your cult, you aren't planning
any mass suicides anytime soon are you? I'm thinking of joining
*cough*raiding*cough* it. CHEERS :)
;)
In article <393c427f...@news.cis.dfn.de>,
l3m...@btinternet.com (Lemming) wrote:
> On Mon, 05 Jun 2000 08:24:55 GMT, Gary <ga...@efn.org.spamsux> wrote:
>
> [snip]
>
> Thanks Gary - I haven't laughed so much for ages.
>
> Regards,
>
> Derek Sorensen
> --
> Curiosity *may* have killed Schrodinger's cat.
>
--
;)
In article <8hjq7q$lj9$1...@nnrp1.deja.com>,
the_de...@my-deja.com wrote:
> In article <8hfh86$e5u$1...@nnrp1.deja.com>,
> InternetSecurity101 <internet...@my-deja.com> wrote:
>
> <a bunch of paranoid bs that i care not to burden the fine readers
with
> reposting>
>
> Hey internetsecurity, where exactly is your cult, you aren't planning
> any mass suicides anytime soon are you? I'm thinking of joining
> *cough*raiding*cough* it. CHEERS :)
>