Security hole in Net Nanny (bypasses everything)

You should email the person and say whether the suggestion is considered before you wipe it off your discussion forum. I posted a security hole in your software that other users should be aware of and you delete it and all references to it.

Please address the issue or I can make a website that exposes this problem and makes it VERY public. At least here it is contained to your current user base.

If this gets deleted without notification/justification, expect a public website calling out the security flaws (especially this one).

The security problem is that Application Exceptions just work by name. So if any program is put into Application Exceptions, all you have to do is:

- Copy and paste a browser program (like firefox.exe or chrome.exe).

- Rename the program as the name of the application in Application Exceptions.

- Run the newly named file, which gives full unfiltered access to the internet.

Your software should handle file signatures and not just allow exceptions by name.

I'm glad this wasn't deleted. Hopefully it will be fixed or hidden from the users as an option.

"The application exceptions list, which is never displayed to anyone except the Net Nanny administrator, is more of a temporary fix for compatibility issues. As compatibility issues are reported we recommend adding them to the exceptions list and begin working with our development team to resolve the underlying issues. Then, once the root cause is fixed, you should be able to remove the “.exe” from the list.

We’ve always worked closely with our customers to resolve issues and enhance Net Nanny and I definitely appreciate you contributing to the forum and bringing your concerns to us. For things that may contribute to circumventing Net Nanny it would probably be best to contact me directly. You can do so anytime by email or call during our office hours."