lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri Jan 20 06:16:26 2006
From: hummer at domeranger.com (hummer@...eranger.com)
Subject: Re: Re: PC Firewall Choices

I have been following this discussion waiting for someone to mention another 
"feature" of Zone Alarm:
Posted January 13, 3:00 a.m. PST Pacific Time,
ROBERT X. CRINGELY                             http://www.infoworld.com/

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning
home, even when told not to. Last fall, InfoWorld Senior Contributing
Editor James Borck discovered ZA 6.0 was surreptitiously sending
encrypted data back to four different servers, despite disabling all of
the suite's communications options. Zone Labs denied the flaw for nearly
two months, then eventually chalked it up to a "bug" in the software --
even though instructions to contact the servers were set out in the
program's XML code. A company spokesmodel says a fix for the flaw will
be coming soon and worried users can get around the bug by modifying
their Host file settings. However, there's no truth to the rumor that
the NSA used ZoneAlarm to spy on U.S. citizens.


:)

Hummer
----- Original Message ----- 
From: "Nancy Kramer" <nekramer@...dtheater.net>
To: "Greg" <full-disclosure2@...andyman.com.au>; 
<full-disclosure@...ts.grok.org.uk>
Sent: Thursday, January 19, 2006 11:27 PM
Subject: RE: [Full-disclosure] Re: Re: PC Firewall Choices


>I have the paid ZA but I heard the free one was better.  Have no idea about 
>that but would never buy the paid version again.  At least now I know what 
>was happening.  Will try to look for that feature and set it to the maximum 
>minutes.  I only have it on my laptop which only goes on the internet 
>sporadically but generally goes on the internet on public wireless networks 
>which I think may not be all that secure.  Lots of times I am meeting with 
>someone there and we talk and then lookup something on the internet.  I 
>could see how time could pass quickly and I might not touch the computer 
>for awhile.  Thanks for the explanation.
>
> Regards,
>
> Nancy Kramer
>
>
>   At 10:10 PM 1/19/2006, Greg wrote:
>
>
>
>> > -----Original Message-----
>> > From: full-disclosure-bounces@...ts.grok.org.uk
>> > [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
>> > Of Nancy Kramer
>> > Sent: Friday, 20 January 2006 2:30 PM
>> > To: Stan Bubrouski; full-disclosure@...ts.grok.org.uk
>> > Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices
>> >
>> >
>> > I admit I know nothing about firewalls but with ZA I have had
>> > to shut it
>> > down sometimes to go onto the internet.  I have no idea why.
>> > I just can't
>> > get on and when I shut it down I can.
>> >
>>
>>That'd be a well known and never fixed bug I reported to Zonelabs some 
>>years
>>back now. It has a feature to automatically lock internet connection after
>>so many minutes of inactivity. The length of time can be changed by the
>>user. What it REALLY did was cut off access to internet and any LAN you 
>>were
>>on, isolating you entirely and never actually let go of it when the user 
>>was
>>back at the keyboard. Exiting ZA let that go and internet and lan were
>>restored. You have the option to turn that feature OFF but even that 
>>didn't
>>stop the whole thing happening. So, about the only thing you could do was 
>>to
>>set the auto lock as high as it could go and turn the feature off. It 
>>would
>>still go off after that many minutes had passed (which I believe is 999 in
>>the PRO version and 99 in the free version) and lock you out again but it
>>was delayed by that much, at least.
>>
>>You CAN set certain programs to pass by its' lock, however. So, if you 
>>have
>>some computers almost always chattering away on a distributed project but
>>otherwise not touched, you could allow those programs to pass on even
>>though, should you attempt to get out with a simple web browser (where it
>>wasn't allowed to pass the lock), you cant. Saves some stuffing about on
>>such machines and let's face it - the more "free" some company execs see,
>>the more likely they are to use it. Surprising how many Windows based
>>companies use free ZA.
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>>
>>
>>
>>--
>>No virus found in this incoming message.
>>Checked by AVG Anti-Virus.
>>Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006
>
>
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ