lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
From: toddtowles at brookshires.com (Todd Towles)
Subject: Unsecure file permission of ZoneAlarm pro.

No one was ever do that? That is up there on the possible scale with a
encrypted zip file that is mailed to a user and asked them to input the
word, open the zip and run the file. That would never happen....wait..
=) 

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ron
DuFresne
Sent: Friday, August 20, 2004 3:10 PM
To: Matthew Farrenkopf
Cc: Todd Towles; full-disclosure@...ts.netsys.com; jlacour@...elabs.com;
security@...elabs.com
Subject: RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm
pro.


yet, if I read this properly it wasnpt simply and open e-mail attachment
issue was it, it was open attachment then make suggested changes to the
system issue wasn't it?  If I understood the problem, then it really
requres more then a simple luser, it requires the most stupid of lusers
for it to take.  and in that case, we're perhaps better off with them
DOS'ed? <smile>

thanks,

Ron DuFresne

>
> However, this would still make it prime for a DoS attack by the next 
> strain of e-mail virus.  And most users who are not knowledgeable 
> (those who would be opening the attachment in the first place) would 
> probably not understand why they, now, cannot connect to the Internet.
>
> Matt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists