Thursday, July 15, 2004

New Issue of Phrack Released

Issue 62 of the notorious hacker journal Phrack recently hit the streets - or, to be more precise, the Web. As is to be expected, there's lots of interesting stuff in it, including guidance on how to circumvent 3rd party buffer overflow protection on Windows, kernel-mode backdoors (i.e, rootkits) in NT-based Windows systems like Windows 2000, Windows XP and Windows Server 2003, and a tutorial on using process injection to bypass software firewalls on Windows - the sample provided works against Zone Alarm 4 (free and pro versions), Sygate Pro 5.5, BlackIce 3.6, and even Tiny Firewall 5.0 (though this last one did require a bit more effort). The lesson to take from the last of the three articles mentioned is a simple one - if security is important to you, don't expect a software firewall to do the job, or at least not one that's also running on a Windows machine.

I wonder if Microsoft's security people are Phrack users. They ought to be, and if they are I'm betting this latest article ought to keep them awake for a few nights. These Phrack guys are good at what they do.


Post a Comment

<< Home