| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Oct 4 14:08:26 2005 From: bart.lansing at hushmail.com (Bart Lansing) Subject: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Todd, et al, When was the last time you saw an announcement of a vulnerability that affected windows 3.11? If you are 2 or 3 full revs behind the current release version of pretty much any software, you get what you get. On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles <toddtowles@...okshires.com> wrote: >If a bulb in my car was found to cause a fire in certain models >from a >certain manufacturer, I would want to know exactly which one were >in >danger...not the other way around. Has ZA tested the other >versions? >They know 6 isn't vulnerable but if they don't say that 3 is >vulnerable >then we have to "assume" they are. That isn't any type of security >advisory IMHO. > >It just makes the company look like they care more about making >you buy >the new version as opposed to protecting their customers. Just my >2 >cents > >-Todd > >> -----Original Message----- >> From: full-disclosure-bounces@...ts.grok.org.uk >> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf >> Of Paul Laudanski >> Sent: Monday, October 03, 2005 6:55 PM >> To: Debasis Mohanty >> Cc: bugtraq@...urityfocus.com; >> full-disclosure@...ts.grok.org.uk; 'Zone Labs Security Team' >> Subject: RE: [Full-disclosure] Different Claims by ZoneLabs >> on the "BypassingPersonalFirewall (Zone Alarm Pro) Using >> DDE-IPC" issue >> >> >> >> >> On Mon, 3 Oct 2005, Debasis Mohanty wrote: >> >> > >> Paul Laudanski >> > >> What I'm saying is that the vendor never claimed ZAP >> versions prior >> > >> to 5 >> > are not vulnerable in the report. >> > >> > Funny Paul!! You are simple exaggerating upon the same >> point again and >> > again in a new style each time. Well, They don't even say that >ZAP >> > versions prior to v5 are vulnerable in their advisory. >> >> Glad I made you laugh. We are at odds in this clearly. Zone >> Labs aka Cisco imvho has issued a fair and accurate release >> indicating what is not vulnerable and thereby conversely you >> know which products are. >> >> To that end... I move on. >> >> Paul Laudanski, Microsoft MVP Windows-Security >> CastleCops(SM), http://castlecops.com >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A oL7qIA7uvUvtRzEyWZ/DTR73//B+ =lX9R -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists