lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001101c3df03$5019f440$6500a8c0@p41700>
From: chows at ozemail.com.au (Gregh)
Subject: Nortons Liveupdate - problem?

Where else would Nortons be looking BUT their servers for updates? Sigh....


----- Original Message -----
From: "Joshua Levitsky" <jlevitsk@...hie.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Tuesday, January 20, 2004 8:15 AM
Subject: Re: [Full-Disclosure] Nortons Liveupdate - problem?


> And of course if you run Corporate Edition against an internal LiveUpdate
> server then none of the below applies. Most likely doesn't apply even if
you
> use Symantec's servers. The scheduler is different in the CE version from
> the retail version.
>
> --
> Joshua Levitsky, MCSE, CISSP
> System Engineer
> Time Inc. Information Technology
> [5957 F27C 9C71 E9A7 274A 0447 C9B9 75A4 9B41 D4D1]
>
>
> ----- Original Message -----
> From: "Gregh" <chows@...mail.com.au>
> To: "Disclosure Full" <full-disclosure@...ts.netsys.com>
> Sent: Monday, January 19, 2004 3:33 PM
> Subject: [Full-Disclosure] Nortons Liveupdate - problem?
>
>
> >A lot of your customers may have your Nortons AV prog (I don't mean other
> > Nortons products, just the anti virus scanner though this may apply to
> > their
> > other products, too) set to auto update when on Internet without
> > interrupting the user which IS a good idea normally. However, a few
weeks
> > ago due to a stupid error on the part of a company Nortons uses, your AV
> > prog couldn't find their update site for the day. It didn't last long
and
> > should have ended there.
> >
> > Unfortunately, I have become aware, while fixing problems for people who
> > use
> > Nortons, that their Nortons (2000, 2002 and 2004 versions) hadn't
updated
> > for the last two weeks. So, I manually MADE it update and it did so just
> > fine. This isn't normal. Nortons usually auto updates fine and on each
> > machine where I have noted this (5 so far, all Nortons, all the same
drop
> > off time), they have been without updates since that date and thus open
to
> > newer stuff. Bagle should start hitting hard today and if what I fear is
> > correct, none of your Nortons users will be protected UNLESS you get
them
> > to
> > open their Nortons and run your LiveUpdate manually. 5 out of 5 machines
> > all
> > stopped updating at the same period seems strange to me. There were 2 in
> > one
> > user group, 2 in another company and one friend who I do work for on his
> > personal machine. These were 3 different sites in other words.
> >
> > So, do yourselves a favour. I may be wrong but if I am not wrong, your
> > users
> > are not protected. They MAY be protected automatically after manually
> > updating but I am not even 100% sure of that right now. Run Liveupdate
> > manually NOW and be sure!
> >
> > Greg.
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ