lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 20 Apr 2005 18:02:12 +0100
From: "Boyce, Nick" <nick.boyce@....com>
To: bugtraq@...urityfocus.com, vulnwatch@...nwatch.org,
	full-disclosure@...ts.grok.org.uk
Subject: RE: iDEFENSE Security Advisory 04.18.05: McAfee Internet Security
	 Suite 2005 Insecure File Permission Vulnerability


Hmmm ...

[Section VI. Vendor Response]

    "This issue affects an extremely small subset of the McAfee 
    Internet Security Suite 2005 user base as the vast majority 
    of home users do not use non-Administrator Windows accounts"

    "McAfee's key priority is the security of our customers."

If McAfee believes the correct functioning of its product depends on the
first statement being true, then the second statement doesn't seem to quite
fit.

Nick Boyce
EDS, Bristol, UK


Powered by blists - more mailing lists