Baynes, Faith wrote on 04/16/08 08:59:
One of my more adventurous, but thankfully well behaved, students told
me about it some time ago.... He also scripted a workaround to the mac
agent because the previous iteration of that was so crummy. It is
definitely KNOWN in the more geeky student community that dirty access
agent exists...
Due to a fundamental design flaw of CCA, it is not possible to prevent such
bypass:
http://www.securityfocus.com/bid/19726/info
http://www.securityfocus.com/bid/19726/discuss
Even a Nessus scan won't help if the person puts a cheap Linux-based router in
front of the Windows box.
Disclosure: I am co-author of the security advisory.
-Joe
