We have created a new leak test called CPIL3 which uses a new techhnique to bypass personal firewalls. In our tests all firewalls have failed against this new test. We are going to release another BETA strenghtened against this threat. Before making the test public, we need to make sure our users are safe. So currently, fellow members of Comodo forum, i.e. members having the rank “Comodo’s Hero” can access it.
If you would like to test CPIL3, please send a PM to me with your email address so that we can send the test.
I get a popup with the exe and dll in it. It mentions that explorer.exe is using a global hook. Of course I deny the request.
From the output of CPIL3 itself it says that the injection was successful. This is prior to opening up my browser, or trying to, in my case. Is an injection of this sort something that an AV program or malware program should detect and thus not even allow the injection to take place? Or are injections a normal and common sort of thing?
Can you please try with CPF 2.2 stable version. It must pass independent of the bug it has. BETA versions has this vulnerability. If stable version passes in your tests, then our users will be safe and we can publish the leak test.
Stable version with dafault settings → 100% success with all 3 browsers ( 5 tests for each browser)
Beta version with “C.M.” on → 100% success with all 3 browsers ( 5 tests for each browser)
Release it. The Dragon protects us ;D
(B) (S) (R)
ps. With the beta with “C.M.” on, at reboot it failed to load-read the “Application Monitor from registry”. It was “error 6” or 16 (I don’t remember :-\ ). It happened twice.
Egemen do you know if it can be fixed. I have not found any tweaks at the java panel that fixes it. Is it possible to block such data of the browser header with CPF or with the router?
I agree with streetwolf, knowing your internal IP addy will not help anybody trying to gain access to your system. AFAIK they can’t reference it in the way owner can anyway. After all, there are probably hundreds of thousands, if not millions, of systems with the very same internal IP address.
Default Browser : AMBrowser (IE wrapper - like Maxthon)
CPF Version : 2.3.1.20
Component Monitor : ON
Result : Firewall dialogue popped up allowing me to block it, but if I delayed in responding an IE window opened to the Comodo site saying the firewall had failed. It displayed the test I entered in the CPIL3 window, minus the first character. This “minus the first character” trait is repeatable.
If the above settings were used withComponent Monitor set to “Learning”, it failed without a dialogue.
Those sites harvest data from browser headers. There are many headers that a browser can send while you browse the internet. HOST, REFERER, etc. Those header can be used to learn about your browsing habits like “How you are referred to a site” etc. So it is about privacy. No direct security risk or breach.