Full Disclosure mailing list archives
RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue
From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 4 Oct 2005 08:44:05 -0500
I agree with you. Users should upgrade. But the security advisory put out by ZA is stated in a way different then the security mind works. We want to know which ones are vulnerable. Are people still using v3? I guess, I haven't used ZA in a very long time. But even Microsoft tells you when NT4 and Windows 98 are open to attack. If Microsoft received a security issue and released a statement that said, Windows XP isn't vulnerable...then everyone will be looking at this different. They would be questioning...what about Windows 98? What about Windows 2000 Gold? Etc, etc. I am not saying that ZA is in the wrong, but they should think about changing the way that the information is released. It makes it looks like they don't care about their old customers...which could become their current/future customers. Just my 2 cents and IMHO and all that ...
-----Original Message----- From: Bart Lansing [mailto:bart.lansing () hushmail com] Sent: Tuesday, October 04, 2005 8:08 AM To: zx () castlecops com; mail () hackingspirits com; Todd Towles Cc: security () zonelabs com; full-disclosure () lists grok org uk; bugtraq () securityfocus com Subject: RE: [Full-disclosure] Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Todd, et al, When was the last time you saw an announcement of a vulnerability that affected windows 3.11? If you are 2 or 3 full revs behind the current release version of pretty much any software, you get what you get. On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles <toddtowles () brookshires com> wrote:If a bulb in my car was found to cause a fire in certainmodels from acertain manufacturer, I would want to know exactly which one were in danger...not the other way around. Has ZA tested the other versions? They know 6 isn't vulnerable but if they don't say that 3 isvulnerablethen we have to "assume" they are. That isn't any type of security advisory IMHO. It just makes the company look like they care more aboutmaking you buythe new version as opposed to protecting their customers. Just my 2 cents -Todd-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] OnBehalf Of PaulLaudanski Sent: Monday, October 03, 2005 6:55 PM To: Debasis Mohanty Cc: bugtraq () securityfocus com; full-disclosure () lists grok org uk; 'Zone Labs Security Team' Subject: RE: [Full-disclosure] Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue On Mon, 3 Oct 2005, Debasis Mohanty wrote:Paul Laudanski What I'm saying is that the vendor never claimed ZAPversions priorto 5are not vulnerable in the report. Funny Paul!! You are simple exaggerating upon the samepoint again andagain in a new style each time. Well, They don't even say thatZAPversions prior to v5 are vulnerable in their advisory.Glad I made you laugh. We are at odds in this clearly. Zone Labs aka Cisco imvho has issued a fair and accurate release indicating what is not vulnerable and thereby conversely you knowwhich productsare. To that end... I move on. Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM), http://castlecops.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A oL7qIA7uvUvtRzEyWZ/DTR73//B+ =lX9R -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Todd Towles (Oct 03)
- <Possible follow-ups>
- RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Bart Lansing (Oct 04)
- RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue Todd Towles (Oct 04)