+- CDIH (https://www.cdih.net/cdih)
+-- Forum: Techie Geek Forums (https://www.cdih.net/cdih/forumdisplay.php?fid=5)
+--- Forum: Über Geek Zone (https://www.cdih.net/cdih/forumdisplay.php?fid=13)
+--- Thread: Black ice vunerable to hack - Another example of painful irony. (/showthread.php?tid=395)
- Keyser Soze - 02-11-2002
Yes, that little firewall program some of you run to protect your computer may have the exact opposite effect...
Quote:Hole Found in Net Security Program
Fri Feb 8, 6:45 PM ET
By D. IAN HOPPER, AP Technology Writer
WASHINGTON - A programming mistake in a popular consumer Internet protection program can give hackers control over a user's computer, the publisher disclosed Friday.
All current versions of BlackICE Defender and BlackICE Agent, both made by Atlanta-based Internet Security Systems, running on Microsoft Windows 2000 (news - web sites) and Windows XP (news - web sites) are vulnerable to the attack.
The company released an update Friday evening that plugs the hole. It can be downloaded through the ISS Web site, or through the program itself.
Researchers at eEye Digital Security in Aliso Viejo, Calif., found the problem while probing a related hole in the product discovered earlier this week that lets hackers shut down the target computer. The patch fixes both problems.
BlackICE is designed to protect home computers — particularly ones with high-speed connections — from hacker attacks. Market researcher IDC recently named Internet Security Systems as the worldwide leader in intrusion detection products.
The problem, known as a "buffer overflow," is deep within BlackICE, said eEye's "Chief Hacking Officer," Marc Maiffret.
"It's basically the worst you can get," Maiffret said. "It lets you bypass any sort of protection that might be there."
Without the update program, the hole would let hackers remotely control the victim's computer, steal or modify files, or spy on their Internet habits.
Maiffret said his company suspects that the business edition of the product, known as RealSecure, also may be vulnerable, though that program hasn't been fully tested.
Internet Security Systems is a member of the recently announced National Cyber Security Alliance, made up of top technology companies and government security agencies.
In December, the same eEye team discovered a similar problem in Microsoft's Windows XP operating system that would give hackers the same freedom over a person's computer. Microsoft scrambled to create and deploy an update for the system.
- Hummercash - 02-11-2002
a little late... i think i remember reading about that 2-3 weeks ago. ???
- FollowThisLogic - 02-11-2002
GRC.com has reported for some time that BlackICE doesn't do shit.
In their DoS attack report here, he tried using BlackICE to see if it would stop the same type of DoS attack that bombed his own site, and it did nothing. And this was AFTER he had no confidence in BlackICE from other tests. (The page is really long - the BlackICE part is at the bottom, but the whole thing is a really good read.)
- AdolescentMasturbator - 02-11-2002
And this is why we all need hardware routers lol.
- Keyser Soze - 02-11-2002
Do ANY software firewalls work? How good is Zone Alarm?
- AdolescentMasturbator - 02-11-2002
It's decent but it's nowhere near as good as a hardware firewall.
- Galt - 02-11-2002
Where is Ryan Phillipe when you need him!