Baynes, Faith wrote on 04/16/08 08:59:
> One of my more adventurous, but thankfully well behaved, students told
> me about it some time ago.... He also scripted a workaround to the mac
> agent because the previous iteration of that was so crummy. It is
> definitely KNOWN in the more geeky student community that dirty access
> agent exists...
Due to a fundamental design flaw of CCA, it is not possible to prevent such bypass:
http://www.securityfocus.com/bid/19726/infohttp://www.securityfocus.com/bid/19726/discuss
Even a Nessus scan won't help if the person puts a cheap Linux-based router in
front of the Windows box.
Disclosure: I am co-author of the security advisory.
-Joe