lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <9E97F0997FB84D42B221B9FB203EFA2701868026@dc1ms2.msad.brookshires.net>
Date: Mon, 3 Oct 2005 19:11:28 -0500
From: "Todd Towles" <toddtowles@...okshires.com>
To: "Paul Laudanski" <zx@...tlecops.com>,
	"Debasis Mohanty" <mail@...kingspirits.com>
Cc: Zone Labs Security Team <security@...elabs.com>,
	full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: RE: Different Claims by ZoneLabs on the
	"BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue


If a bulb in my car was found to cause a fire in certain models from a
certain manufacturer, I would want to know exactly which one were in
danger...not the other way around. Has ZA tested the other versions?
They know 6 isn't vulnerable but if they don't say that 3 is vulnerable
then we have to "assume" they are. That isn't any type of security
advisory IMHO. 

It just makes the company look like they care more about making you buy
the new version as opposed to protecting their customers. Just my 2
cents

-Todd

> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk 
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf 
> Of Paul Laudanski
> Sent: Monday, October 03, 2005 6:55 PM
> To: Debasis Mohanty
> Cc: bugtraq@...urityfocus.com; 
> full-disclosure@...ts.grok.org.uk; 'Zone Labs Security Team'
> Subject: RE: [Full-disclosure] Different Claims by ZoneLabs 
> on the "BypassingPersonalFirewall (Zone Alarm Pro) Using 
> DDE-IPC" issue
> 
> 
> 
> 
> On Mon, 3 Oct 2005, Debasis Mohanty wrote:
> 
> > >> Paul Laudanski
> > >> What I'm saying is that the vendor never claimed ZAP 
> versions prior 
> > >> to 5
> > are not vulnerable in the report.  
> > 
> > Funny Paul!! You are simple exaggerating upon the same 
> point again and 
> > again in a new style each time. Well, They don't even say that ZAP 
> > versions prior to v5 are vulnerable in their advisory.
> 
> Glad I made you laugh.  We are at odds in this clearly.  Zone 
> Labs aka Cisco imvho has issued a fair and accurate release 
> indicating what is not vulnerable and thereby conversely you 
> know which products are.
> 
> To that end... I move on.
> 
> Paul Laudanski, Microsoft MVP Windows-Security 
> CastleCops(SM), http://castlecops.com
> 
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ