lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun Feb  5 22:23:49 2006
From: ivanhec at gmail.com (Ivan .)
Subject: Re: Re: ZoneAlarm phones home

http://theinquirer.net/?article=29157

>The company says it will fix the "bug" soon. In the meantime you can
work >around it by adding:
># Block access to ZoneLabs Server
>127.0.0.1 zonelabs.com
>to your Windows host file.

On 2/4/06, Dave Korn <davek_throwaway@...mail.com> wrote:
> Ivan . wrote:
>
> >> observed 'spyware phoning home' but who are then completely unable
> >> to give any details about the contents or destination of the packets
> > read the article again Dave, you'll find that he did provide the ip
> > address of the destination servers to Zonelaram
>
>
>   There is NO ip address listed in Cringely's article whatsoever.
>
>   The URL of the article (see post at the top of this thread) is
> http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html
>
>   The single paragraph he wrote about ZA contains this text:
>
> " A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning
> home, even when told not to. Last fall, InfoWorld Senior Contributing Editor
> James Borck discovered ZA 6.0 was surreptitiously sending encrypted data
> back to four different servers, despite disabling all of the suite's
> communications options. Zone Labs denied the flaw for nearly two months,
> then eventually chalked it up to a "bug" in the software -- even though
> instructions to contact the servers were set out in the program's XML code.
> A company spokesmodel says a fix for the flaw will be coming soon and
> worried users can get around the bug by modifying their Host file settings.
> However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on
> U.S. citizens. "
>
>
>   Now, show me which bit of that is an IP address, or admit you are
> bullshitting.
>
>     cheers,
>       DaveK
> --
> Can't think of a witty .sigline today....
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ