Menu
NullMind's Lair
  • Home
  • Statue Collection
  • Jacket Collection
  • Contact
  • Archives
  • About
NullMind's Lair

HackerGardian .. ouch

Posted on March 17, 2006 by NullMind

One of our new products being developed at Comodo is called “HackerGuardian”

This is a vulnerability scanner based on the Nessus Engine, the product is still in late beta status, but already somebody found a way to use it in malicious ways 🙂

Technorati Tags: Comodo, HackerGuardian, Hacker



The original document is here .. it was found and reported by thedumbterminal.co.uk

Hacker Guardian arbitrary host scanning – Overview

Comodo Hacker Guardian provides internet security scanning with a front page that quotes:

“It provides for daily audits to run on one IP address and an unspoofable TrustLogo you can place on your web site indicating you are safe from hackers.”

They offer a free scan so visitors can test their own server. The FAQ states:

“HackerGuardian Free Scan – available to website owners, network operators and home users free of charge. Registering for the service enables users to run a HackerGuardian vulnerability audit on a single IP to identify potential security threats. The Free service is limited to 3 scans per license on a single IP and is non user customizable.”

Unfortunately you can scan any host you choose and register for more than 3 scans, see below for details.

Hacker Guardian arbitrary host scanning – Timeline

Date found 06/03/2006
Date reported to vendor 16/03/2006
Date reported to public
Date fixed
Credit MacGyveR

Hacker Guardian arbitrary host scanning – Screenshots

The screen below shows that you can signup for more than 3 free scans:

 Vulns Hackerguardian Numfreescans

This is the screen you see when you start scanning, your own IP address is in a “read only” text box:

 Vulns Hackerguardian Startscanning

Using Firefox’s Web Developer extension, you can change the IP address in the text box to anything you want:

 Vulns Hackerguardian Startscanningalter

Ouch :p

The problem is obvious, on free scans the code needs to make sure the IP you are scanning is the same that just got reported to you as beeign your own.

Related

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Carlos Rego – OnApp CVO & Co-Founder

Recent Comments

  • Bob petrusha on Plymouth Prowler
  • Voyager on Tallship Chronicles – Finally !!!
  • Tonny on Wolverine Weapon-X
  • NullMind on Coming Soon – Bullbars
  • Sid James on Coming Soon – Bullbars

Null's Flickr Photos

Відпочинковий комплекс ШепільськаSete CidadesIslamic MuseumBoat in DohaVM-E with 50mm/0.95Double Rainbow
More Photos

Categories

  • Books / Movies (8)
  • Camping (1)
  • Cars (14)
  • Check Ins (69)
  • Computers / Internet (146)
  • Cooking Recipes (2)
  • Family (53)
  • Featured (4)
  • Flights (176)
  • General (107)
  • Models & Statues (42)
  • Photography (276)
  • RC (66)
  • Short Rants (14)
  • Stuff (6)
  • Toonz (24)
  • Trips / Places (36)
  • Uncategorized (233)
  • Vape (3)
  • Voicemails (1)
  • Watches (6)
  • Work (48)

Tag Cloug

1/4 scale 8IGHT-T 8T Azores BSL canon50mmf095 Car Check Ins Copenhagen CPH england Flickr IFTTT Instagram LCY LGW LHR LIS Lisbon london Lviv LWO Marvel PDL Plymouth Prowler Ponta Delgada (Azores) Prowler RC RC NUT sonya7r Statues STN Tattoo Trip Tripit UK2 unitedkingdom VIE Vienna VPS VPS.NET Warsaw WAW Work ¼ Scale

Next Azores Trip

Quick TripFebruary 29, 2020
Going Home to Visit
©2023 NullMind's Lair | Powered by WordPress & Superb Themes