proxies, FTP, and security risks ("analogx proxy", specifically....)

Hi Folks,

thanks to all of you for posting interesting and useful information.  been a
'lurker' for a while and have learned lots of cool and useful facts from the
wisdom you all share!

i recently downloaded a "proxy" app from the www.analogx.com website
(they've got lots of very wonderful, very FREE, and very useful tools there,
do check it out if you're interested.  Nice site design as well.)

My reason for using a proxy is to let my winNT machine (lan'd to my XP/adsl
machine) see the internet, or share my ADSL as well.  For http, it seems to
work fine.

FTP is a drag however, I can't seem to enter the settings to make
dreamweaver or cuteftp do their thing.  That's a side-issue.

Security is what I'm concerned about.  The comp.windows.networking.misc NG
told me that AnalogX's proxy has an insecure "socks" component, which could
potentially allow hackers to set up mail servers on your machine.

anyway, I'm very concerned about using this device until I can be sure that
it is not opening security holes in my system.

Can anyone make any suggestions, or advise alternative methods?

Thanks for any feedback...

Rusty
0
Rusty
8/2/2002 10:02:00 PM
grc.security 16608 articles. 3 followers. Follow

1 Replies
710 Views

Similar Articles

[PageSpeed] 53

In article <aievgc$2djq$1@news.grc.com>, fireman@cloud9.com says...
> i recently downloaded a "proxy" app from the www.analogx.com website
> (they've got lots of very wonderful, very FREE, and very useful tools there,
> do check it out if you're interested.  Nice site design as well.)
> 
> My reason for using a proxy is to let my winNT machine (lan'd to my XP/adsl
> machine) see the internet, or share my ADSL as well.  For http, it seems to
> work fine.
> 
> FTP is a drag however, I can't seem to enter the settings to make
> dreamweaver or cuteftp do their thing.  That's a side-issue.
> 


> Security is what I'm concerned about.  The comp.windows.networking.misc NG
> told me that AnalogX's proxy has an insecure "socks" component, which could
> potentially allow hackers to set up mail servers on your machine.
> 

It looks like they've fixed a couple of those problems recently.

http://www.analogx.com/contents/download/network/proxy.htm

Bob Vanderveen
0
Anonymous
8/3/2002 10:10:00 AM
Reply:

Similar Artilces:

Does AnalogX Proxy leave "holes" in port security?
I used AWPTA to get a quick reading on what was opening my FTP, SMTP and POP3 ports...and it was a BIG surprise. It was my proxy! I use the AnalogX Proxy on my desktop computer to connect my wife's machine to the Internet through mine. Turns out the my proxy is also exposing the above ports on my machine to the Internet! Not sure what to make of this. Any ideas? If I disable FTP, POP3 and SMTP in AnalogX Proxy, my wife cannot send or receive e-mail or browse the web from her machine...NOT a viable option. What do you think...am I at risk of attack or not? When I disable FTP, POP...

Turning on "Secure Mail" on BMO for "Security-Sensitive Core Group"
Hello, The Mozilla Security Team is planning on turning on Secure Mail for "Security-Sensitive Core Bug" group bugs in the near term on bugzilla.mozilla.org. This has been previously turned on and tested for web and infrastructure security bugs during the past six months. I've put together a short guidance page for this at https://wiki.mozilla.org/Security/Security_Bugs/EncryptedBugmail. We wanted to inform people of the current plan to avoid surprises. For most people, the effects of this will be minimal. If you're CC'd on a core security bug and have not ...

superreview denied: [Bug 44980] Proxy: ignore "*" characters in "no proxy for" : [Attachment 11158] Patch for this bug
Darin Fisher (IBM) <darin@meer.net> has denied timeless@myrealbox.com (working) <timeless@bemail.org>'s request for superreview: Bug 44980: Proxy: ignore "*" characters in "no proxy for" http://bugzilla.mozilla.org/show_bug.cgi?id=44980 Attachment 11158: Patch for this bug http://bugzilla.mozilla.org/attachment.cgi?id=11158&action=edit ------- Additional Comments from Darin Fisher (IBM) <darin@meer.net> sr- we must not block the UI thread waiting for slow DNS servers to respond. we currently do so for PAC, and that is unfortunate. ...

superreview requested: [Bug 44980] Proxy: ignore "*" characters in "no proxy for" : [Attachment 11158] Patch for this bug
timeless@myrealbox.com (working) <timeless@bemail.org> has asked Darin Fisher (IBM) <darin@meer.net> for superreview: Bug 44980: Proxy: ignore "*" characters in "no proxy for" http://bugzilla.mozilla.org/show_bug.cgi?id=44980 Attachment 11158: Patch for this bug http://bugzilla.mozilla.org/attachment.cgi?id=11158&action=edit ...

PivX Security Update, "file protocol proxy" trojan exploit assessment
On September 11, Liu Die Yu disclosed the details of a vulnerability in IE that allowed code injection in arbitrary window objects. The following day, jelmer coupled this with a vulnerability that allows ressource files from the media bar to be displayed. The net result was a proof-of-concept exploit that was extremely simple to use, a malicious person just had to change the URL to which EXE should be executed. Since then, many variations of this POC has been circulating the wires and several trojans are now actively being spread across IRC networks such as QuakeNet, affecting tens o...

XP "Security" ( "If you are not paranoid yet...")
"...XP will disable features of your computer. If you are not paranoid about this yet, you should read all the details (X84)." http://aaxnet.com/editor/edit029.html#gather A lot of information is sent from your XP computer to Microsoft. For instance, if you watch that DVD of Debbie Does Dalas using Microsoft Media Player, that information is sent to Microsoft, as is various information about user skills and computer usage. All this can be turned off by rather tedious processes, but as soon as you install a security patch or other update from Microsoft, it'll...

security message("page contains secure and non secure items") coming on https: site
Hi we have developed a site and url of that site begins with https . Now everwhever page loads it gives a security message that " page contains secure and non secure items'. We donot want this message to come on our site. I read a few articles saying that my image should come from relative path or I should use css classes for images or there should not be any http url in my page. I have implemented these solutions also but still my page is giving this security message.   If any body could tell me how to avoid this message.   A lot of thanks in advance..  ...

superreview granted: [Bug 102269] Cookie Manager: "Server Secure" should be "Secure Server" : [Attachment 143120] patch v2 including dialog update
Alec Flett <alecf@flett.org> has granted Mike Connor <mconnor@myrealbox.com>'s request for superreview: Bug 102269: Cookie Manager: "Server Secure" should be "Secure Server" http://bugzilla.mozilla.org/show_bug.cgi?id=102269 Attachment 143120: patch v2 including dialog update http://bugzilla.mozilla.org/attachment.cgi?id=143120&action=edit ------- Additional Comments from Alec Flett <alecf@flett.org> sr=alecf ...

superreview requested: [Bug 102269] Cookie Manager: "Server Secure" should be "Secure Server" : [Attachment 143120] patch v2 including dialog update
Mike Connor <mconnor@myrealbox.com> has asked Alec Flett <alecf@flett.org> for superreview: Bug 102269: Cookie Manager: "Server Secure" should be "Secure Server" http://bugzilla.mozilla.org/show_bug.cgi?id=102269 Attachment 143120: patch v2 including dialog update http://bugzilla.mozilla.org/attachment.cgi?id=143120&action=edit ------- Additional Comments from Mike Connor <mconnor@myrealbox.com> alec, this one is pretty trivial if you have time before freeze... ...

Secure mail and "shared" Secure mail
i know the prerequisites for establishing Secure mail between users having both ends aquite a cert and using this during correspondance. What id like are guidelines to the smoothest way to get personal eDir certs available for every GW user ? And considering a more general solution to incomming mail: if I want a mailto: link on the company webpage allowing anyone to send us a Secure mail how is that done using GW 8 and the novell CA ? Any smooth how-to's outthere - or are we talking 3'rd party for anything acceptable for daily use by unsophisticated users ? -- bkel...

WSE-Security using "PasswordProvider" and "SendHashed"
Hi, Im playing around with WSE-Security (1.0) where Im sending login-information using an "UserNameToken". I want to use it with the option "SendHashed" to keep the password secure. In the service Ive added a "PasswordProvider"-class that should return the password of the passed username so that "WSE" can validate it (I suppose that the WSE-mechanism is just re-hashing the value). The thing is that Im storing all my users passwords HASHED in the database (to keep them secure if someone gets their eyes on the db). This means that I CANT get...

Use "proxy server" and "Fastpath" option
Shaun, another point that isn't clear for me in the admin guide.. We have one PUS in our HQ which is doing subscription updates and which serves to schedule deployments and every other administrative task. In every location where we have bigger offices and user counts we have set up a "cache server" (patchlink distribution point). At the moment we set our main PUS as PUS settting for the agent and we use the "use proxy" option to set the "local" cache server. I think the fastpath server option is new...as we have many mobility users..wou...

I am trying to run a login sample, so in "Web Site Administration Tool" i clicked "Use the security Setup Wizard to configure security step by step." and got this famous error: An error was encountere
After this i have the lengthy description of the rror The following message may help in diagnosing the problem: Specified argument was out of the range of valid values. Parameter name: site at System.Web.Configuration.WebConfigurationHost.InitForConfiguration(String& locationSubPath, String& configPath, String& locationConfigPath, IInternalConfigRoot configRoot, Object[] hostInitConfigurationParams) at System.Configuration.Configuration..ctor(String locationSubPath, Type typeConfigHost, Object[] hostInitConfigurationParams) at System.Configuration.Internal.InternalConfigConfigur...

"Show Passwords" security risk
Name: Steven Email: steven987_at_comcast.net Product: Firefox 2 Beta 2 Summary: "Show Passwords" security risk Comments: In all versions of Firefox including Firefox 2 Beta 2, the Tools > Options > Security (Tools > Options > Privacy in Firefox 1.5), has a button where you can "Show Passwords". If you don't set a Master Password, which most people don't because it's the default and requires you to enter it each time you use Firefox, then someone could simply walk up to your PC and view ALL of your stored passwords on web sites. This is...

Web resources about - proxies, FTP, and security risks ("analogx proxy", specifically....) - grc.security

Resources last updated: 12/31/2015 7:35:41 PM