lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: cmacfarlane at Drummond-Miller.co.uk (Cassidy Macfarlane)
Subject: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)-WASTE OF TIME

ffs

Open a cmd, type 'format c: /y'

Omg, phone billy g, it's a massive DoS/vuln.

Get a grip bipin.  If a malicious user has command line access to your
system, 'zonealarm' is the last thing you should be worrying about.


-----Original Message-----
From: bipin gautam [mailto:visitbipin@...oo.com] 
Sent: 23 August 2004 15:34
To: barrie@...oot-robot.net
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm
pro. (ZA will fail to load)



--- Barrie Dempster <barrie@...oot-robot.net> wrote:

> In reply to my own previous email, I assumed ZA
> would fail, as others
> have on this list, with an EVERYONE:DENY security
> policy, however this
> isn't the case.
> ZA 5.1 PRO Trial version will change this to
> EVERYONE:FULL for the
> duration of the program after which it will then
> change these settings
> back to the original EVERYONE:DENY. This throws out
> the DoS theory, but
> the permissions are still extremely permissive, if
> the "truevector
> driver" was to have issues with it's integrity
> checks then the files in
> this folder would be easily compromised.


not really, just simply, go to  internet log directory
and , do

..\..\Internet Logs\>attrib/s +h +s +r +a *.*

next time Zap'S "truevector driver" will fail to load.
when the pc reboots or zap restarts...

bipin

ps: thanks for the 'Rant's-&-Raves' regarding NTFS (O; 


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ