[15919] in bugtraq
More bad censorware
daemon@ATHENA.MIT.EDU (John Pettitt)
Sat Jul 22 20:19:46 2000
Mime-Version: 1.0
Content-Type: text/plain
Message-Id: <4.3.2.7.2.20000721222424.00b5b330@gatekeeper.cloudview.com>
Date: Fri, 21 Jul 2000 22:26:40 -0700
Reply-To: John Pettitt <jpp@CLOUDVIEW.COM>
From: John Pettitt <jpp@CLOUDVIEW.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Given the recent article on slashdot about COPA and BAIR
I thought I'd do a quick review of this software from a security
perspective. I expected that I would take a couple of hours and break the
password system or some similar weakness.
In fact I managed to disable it entirely in less than 60 seconds!
The BAIR program runs at system startup and prevents access to the IE
Internet options menu and also prevents regedit from being run. However it
does not lock down the registry - so a simple program (I used Reg Run II)
can remove the registry key that starts BAIR (it's
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BAIR
Secure" for those who care).
Remove the key, reboot, reset the proxy setting and presto full access.
Sigh.
John Pettitt <jpp@cloudview.com> AOL-IM: CanisRosa
SigInt bait ;-)
A big hello to the folks at Fort Meade, Menwith Hill and Pine Gap.
Keywords: NSA, Echelon, GCHQ, F83, Magnum, Mentor, P415, STEEPLEBUSH
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
Comment: Get my keys from the pgp.com LDAP server
iQA/AwUBOXkwkKdEVMR4hjZYEQIFaACgjl6shlmX+i7njygDvGxVQyyh1ycAoMfk
OXq77kib+hrkCMRebY0QEjMB
=FHBz
-----END PGP SIGNATURE-----
