Full Disclosure mailing list archives

RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue

From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 4 Oct 2005 08:44:05 -0500

I agree with you. Users should upgrade. But the security advisory put
out by ZA is stated in a way different then the security mind works. We
want to know which ones are vulnerable. Are people still using v3? I
guess, I haven't used ZA in a very long time. 

But even Microsoft tells you when NT4 and Windows 98 are open to attack.

 If Microsoft received a security issue and released a statement that
said, Windows XP isn't vulnerable...then everyone will be looking at
this different. They would be questioning...what about Windows 98? What
about Windows 2000 Gold? Etc, etc.

I am not saying that ZA is in the wrong, but they should think about
changing the way that the information is released. It makes it looks
like they don't care about their old customers...which could become
their current/future customers. Just my 2 cents and IMHO and all that
...

-----Original Message-----
From: Bart Lansing [mailto:bart.lansing () hushmail com] 
Sent: Tuesday, October 04, 2005 8:08 AM
To: zx () castlecops com; mail () hackingspirits com; Todd Towles
Cc: security () zonelabs com; full-disclosure () lists grok org uk; 
bugtraq () securityfocus com
Subject: RE: [Full-disclosure] Different Claims by ZoneLabs 
on the "BypassingPersonalFirewall (Zone Alarm Pro) Using 
DDE-IPC" issue

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd, et al,

When was the last time you saw an announcement of a 
vulnerability that affected windows 3.11?

If you are 2 or 3 full revs behind the current release 
version of pretty much any software, you get what you get.

On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles 
<toddtowles () brookshires com> wrote:

If a bulb in my car was found to cause a fire in certain

models from a

certain manufacturer, I would want to know exactly which one were in 
danger...not the other way around. Has ZA tested the other versions?
They know 6 isn't vulnerable but if they don't say that 3 is

vulnerable

then we have to "assume" they are. That isn't any type of security 
advisory IMHO.

It just makes the company look like they care more about

making you buy

the new version as opposed to protecting their customers. Just my
2
cents

-Todd

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On

Behalf Of Paul

Laudanski
Sent: Monday, October 03, 2005 6:55 PM
To: Debasis Mohanty
Cc: bugtraq () securityfocus com;
full-disclosure () lists grok org uk; 'Zone Labs Security Team'
Subject: RE: [Full-disclosure] Different Claims by ZoneLabs on the 
"BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue




On Mon, 3 Oct 2005, Debasis Mohanty wrote:

Paul Laudanski
What I'm saying is that the vendor never claimed ZAP

versions prior

to 5

are not vulnerable in the report.

Funny Paul!! You are simple exaggerating upon the same

point again and

again in a new style each time. Well, They don't even say that

ZAP

versions prior to v5 are vulnerable in their advisory.


Glad I made you laugh.  We are at odds in this clearly.  Zone Labs 
aka Cisco imvho has issued a fair and accurate release indicating 
what is not vulnerable and thereby conversely you know

which products

are.

To that end... I move on.

Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM), 
http://castlecops.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at 
https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A
oL7qIA7uvUvtRzEyWZ/DTR73//B+
=lX9R
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get secure 
FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Todd Towles (Oct 03)
- <Possible follow-ups>
- RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Bart Lansing (Oct 04)
- RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Todd Towles (Oct 04)