[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200510041308.j94D87bo074429@mailserver3.hushmail.com>
Date: Tue Oct 4 14:08:26 2005
From: bart.lansing at hushmail.com (Bart Lansing)
Subject: Different Claims by ZoneLabs on the
"BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Todd, et al,
When was the last time you saw an announcement of a vulnerability
that affected windows 3.11?
If you are 2 or 3 full revs behind the current release version of
pretty much any software, you get what you get.
On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles
<toddtowles@...okshires.com> wrote:
>If a bulb in my car was found to cause a fire in certain models
>from a
>certain manufacturer, I would want to know exactly which one were
>in
>danger...not the other way around. Has ZA tested the other
>versions?
>They know 6 isn't vulnerable but if they don't say that 3 is
>vulnerable
>then we have to "assume" they are. That isn't any type of security
>advisory IMHO.
>
>It just makes the company look like they care more about making
>you buy
>the new version as opposed to protecting their customers. Just my
>2
>cents
>
>-Todd
>
>> -----Original Message-----
>> From: full-disclosure-bounces@...ts.grok.org.uk
>> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
>> Of Paul Laudanski
>> Sent: Monday, October 03, 2005 6:55 PM
>> To: Debasis Mohanty
>> Cc: bugtraq@...urityfocus.com;
>> full-disclosure@...ts.grok.org.uk; 'Zone Labs Security Team'
>> Subject: RE: [Full-disclosure] Different Claims by ZoneLabs
>> on the "BypassingPersonalFirewall (Zone Alarm Pro) Using
>> DDE-IPC" issue
>>
>>
>>
>>
>> On Mon, 3 Oct 2005, Debasis Mohanty wrote:
>>
>> > >> Paul Laudanski
>> > >> What I'm saying is that the vendor never claimed ZAP
>> versions prior
>> > >> to 5
>> > are not vulnerable in the report.
>> >
>> > Funny Paul!! You are simple exaggerating upon the same
>> point again and
>> > again in a new style each time. Well, They don't even say that
>ZAP
>> > versions prior to v5 are vulnerable in their advisory.
>>
>> Glad I made you laugh. We are at odds in this clearly. Zone
>> Labs aka Cisco imvho has issued a fair and accurate release
>> indicating what is not vulnerable and thereby conversely you
>> know which products are.
>>
>> To that end... I move on.
>>
>> Paul Laudanski, Microsoft MVP Windows-Security
>> CastleCops(SM), http://castlecops.com
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A
oL7qIA7uvUvtRzEyWZ/DTR73//B+
=lX9R
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists