lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue,  4 Oct 2005 06:08:01 -0700
From: "Bart Lansing" <bart.lansing@...hmail.com>
To: <zx@...tlecops.com>, <mail@...kingspirits.com>,
	<toddtowles@...okshires.com>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	security@...elabs.com
Subject: RE: Different Claims by ZoneLabs on the
	"BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd, et al,

When was the last time you saw an announcement of a vulnerability
that affected windows 3.11?

If you are 2 or 3 full revs behind the current release version of
pretty much any software, you get what you get.

On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles
<toddtowles@...okshires.com> wrote:
>If a bulb in my car was found to cause a fire in certain models
>from a
>certain manufacturer, I would want to know exactly which one were
>in
>danger...not the other way around. Has ZA tested the other
>versions?
>They know 6 isn't vulnerable but if they don't say that 3 is
>vulnerable
>then we have to "assume" they are. That isn't any type of security
>advisory IMHO.
>
>It just makes the company look like they care more about making
>you buy
>the new version as opposed to protecting their customers. Just my
>2
>cents
>
>-Todd
>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk
>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
>> Of Paul Laudanski
>> Sent: Monday, October 03, 2005 6:55 PM
>> To: Debasis Mohanty
>> Cc: bugtraq@...urityfocus.com;
>> full-disclosure@...ts.grok.org.uk; 'Zone Labs Security Team'
>> Subject: RE: [Full-disclosure] Different Claims by ZoneLabs
>> on the "BypassingPersonalFirewall (Zone Alarm Pro) Using
>> DDE-IPC" issue
>>
>>
>>
>>
>> On Mon, 3 Oct 2005, Debasis Mohanty wrote:
>>
>> > >> Paul Laudanski
>> > >> What I'm saying is that the vendor never claimed ZAP
>> versions prior
>> > >> to 5
>> > are not vulnerable in the report.
>> >
>> > Funny Paul!! You are simple exaggerating upon the same
>> point again and
>> > again in a new style each time. Well, They don't even say that

>ZAP
>> > versions prior to v5 are vulnerable in their advisory.
>>
>> Glad I made you laugh.  We are at odds in this clearly.  Zone
>> Labs aka Cisco imvho has issued a fair and accurate release
>> indicating what is not vulnerable and thereby conversely you
>> know which products are.
>>
>> To that end... I move on.
>>
>> Paul Laudanski, Microsoft MVP Windows-Security
>> CastleCops(SM), http://castlecops.com
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A
oL7qIA7uvUvtRzEyWZ/DTR73//B+
=lX9R
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists