Full Disclosure mailing list archives

RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue

From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 3 Oct 2005 19:11:28 -0500

If a bulb in my car was found to cause a fire in certain models from a
certain manufacturer, I would want to know exactly which one were in
danger...not the other way around. Has ZA tested the other versions?
They know 6 isn't vulnerable but if they don't say that 3 is vulnerable
then we have to "assume" they are. That isn't any type of security
advisory IMHO. 

It just makes the company look like they care more about making you buy
the new version as opposed to protecting their customers. Just my 2
cents

-Todd

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
Of Paul Laudanski
Sent: Monday, October 03, 2005 6:55 PM
To: Debasis Mohanty
Cc: bugtraq () securityfocus com; 
full-disclosure () lists grok org uk; 'Zone Labs Security Team'
Subject: RE: [Full-disclosure] Different Claims by ZoneLabs 
on the "BypassingPersonalFirewall (Zone Alarm Pro) Using 
DDE-IPC" issue




On Mon, 3 Oct 2005, Debasis Mohanty wrote:

Paul Laudanski
What I'm saying is that the vendor never claimed ZAP

versions prior

to 5

are not vulnerable in the report.  

Funny Paul!! You are simple exaggerating upon the same

point again and

again in a new style each time. Well, They don't even say that ZAP 
versions prior to v5 are vulnerable in their advisory.


Glad I made you laugh.  We are at odds in this clearly.  Zone 
Labs aka Cisco imvho has issued a fair and accurate release 
indicating what is not vulnerable and thereby conversely you 
know which products are.

To that end... I move on.

Paul Laudanski, Microsoft MVP Windows-Security 
CastleCops(SM), http://castlecops.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Todd Towles (Oct 03)
- <Possible follow-ups>
- RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Bart Lansing (Oct 04)
- RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Todd Towles (Oct 04)