lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: cmacfarlane at (Cassidy Macfarlane)
Subject: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)-WASTE OF TIME


Open a cmd, type 'format c: /y'

Omg, phone billy g, it's a massive DoS/vuln.

Get a grip bipin.  If a malicious user has command line access to your
system, 'zonealarm' is the last thing you should be worrying about.

-----Original Message-----
From: bipin gautam [] 
Sent: 23 August 2004 15:34
Subject: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm
pro. (ZA will fail to load)

--- Barrie Dempster <> wrote:

> In reply to my own previous email, I assumed ZA
> would fail, as others
> have on this list, with an EVERYONE:DENY security
> policy, however this
> isn't the case.
> ZA 5.1 PRO Trial version will change this to
> duration of the program after which it will then
> change these settings
> back to the original EVERYONE:DENY. This throws out
> the DoS theory, but
> the permissions are still extremely permissive, if
> the "truevector
> driver" was to have issues with it's integrity
> checks then the files in
> this folder would be easily compromised.

not really, just simply, go to  internet log directory
and , do

..\..\Internet Logs\>attrib/s +h +s +r +a *.*

next time Zap'S "truevector driver" will fail to load.
when the pc reboots or zap restarts...


ps: thanks for the 'Rant's-&-Raves' regarding NTFS (O; 

Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish. 

Full-Disclosure - We believe in it.

Powered by blists - more mailing lists