RE: DHL connect software

["J.M. Seitz" <lists () bughunter ca>]

Well are you looking to test the security of the product, or do you want to
know what privileges it runs at? If you want to test it to determine if it
has a vulnerability do the following:

1) setup a malicious HTTP or FTP server (fuzzer).
2) poison your HOSTS file with the ip address of your malicious server so
update.dhl.com now points to it.
3) continually force the software to look for updates, etc. and see if it
blows up :)

Let us know how it goes! 

JS

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Murda Mcloud
Sent: Monday, March 26, 2007 7:43 PM
To: security-basics () securityfocus com
Subject: DHL connect software


Hi all,
Has anyone had to install this software for their mailroom department? DHL
Connect-it allows staff to do their consignments up etc before sending the
packages through DHL.

I have found out that it uses 443 and 80 for the connection to DHL and for
updates it requires 20/21 (all outbound).

It also seems to require admin privs on the local box-and needs shared
drives if others on the LAN are to print reports from the dbase that gets
created on the workstation.

I am going to run filemon/regmon to see what kind of things it does in terms
of files and keys. Does anyone else have suggestions for what other info to
gather to test its 'secureness'?

There doesn't to seem to be too much by way of documentation.