lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ds7l61$88b$1@sea.gmane.org>
Date: Mon Feb  6 14:09:52 2006
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: According to Ivan,
	the secret ZA phone-home server is located at
	127.0.0.1 [was Re: Re: Re: ZoneAlarm phones home]

Ivan . wrote:
-[ top posting reformatted. ]-
> On 2/4/06, Dave Korn <davek_throwaway@...mail.com> wrote:
>> Ivan . wrote:
>>
>>>> observed 'spyware phoning home' but who are then completely unable
>>>> to give any details about the contents or destination of the
>>>> packets
>>> read the article again Dave, you'll find that he did provide the ip
>>> address of the destination servers to Zonelaram
>>
>>
>>   There is NO ip address listed in Cringely's article whatsoever.
>>
>>   The URL of the article (see post at the top of this thread) is
>> http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html
>>
>>   The single paragraph he wrote about ZA contains this text:
>>
>> " A Perfect Spy? It seems that ZoneAlarm Security Suite has been
>> phoning home, even when told not to. Last fall, InfoWorld Senior
>> Contributing Editor James Borck discovered ZA 6.0 was
>> surreptitiously sending encrypted data back to four different
>> servers, despite disabling all of the suite's communications
>> options. Zone Labs denied the flaw for nearly two months, then
>> eventually chalked it up to a "bug" in the software -- even though
>> instructions to contact the servers were set out in the program's
>> XML code. A company spokesmodel says a fix for the flaw will be
>> coming soon and worried users can get around the bug by modifying
>> their Host file settings. However, there's no truth to the rumor
>> that the NSA used ZoneAlarm to spy on U.S. citizens. "
>>
>>
>>   Now, show me which bit of that is an IP address, or admit you are
>> bullshitting.

> http://theinquirer.net/?article=29157
>
>> The company says it will fix the "bug" soon. In the meantime you can
> work >around it by adding:
>> # Block access to ZoneLabs Server
>> 127.0.0.1 zonelabs.com
>> to your Windows host file.

  Well, just two points to make in response:

  1)  That inquirer article isn't Cringely's article, so your claim that "he 
did provide the ip address of the destination servers to Zonelaram" is 
garbage.

  2)  You aren't the first person in the world to mistake the loopback 
interface for a routable address, but you do look just as dumb as everyone 
else who's ever done it down the annals of history.

  Next time, try knowing what you're talking about before you open your 
mouth; I assure you, it works much better.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ