Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue
From: "Todd Towles" <toddtowles () brookshires com>
Date: Mon, 3 Oct 2005 19:11:28 -0500

If a bulb in my car was found to cause a fire in certain models from a
certain manufacturer, I would want to know exactly which one were in
danger...not the other way around. Has ZA tested the other versions?
They know 6 isn't vulnerable but if they don't say that 3 is vulnerable
then we have to "assume" they are. That isn't any type of security
advisory IMHO. 

It just makes the company look like they care more about making you buy
the new version as opposed to protecting their customers. Just my 2
cents

-Todd

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk 
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf 
Of Paul Laudanski
Sent: Monday, October 03, 2005 6:55 PM
To: Debasis Mohanty
Cc: bugtraq () securityfocus com; 
full-disclosure () lists grok org uk; 'Zone Labs Security Team'
Subject: RE: [Full-disclosure] Different Claims by ZoneLabs 
on the "BypassingPersonalFirewall (Zone Alarm Pro) Using 
DDE-IPC" issue




On Mon, 3 Oct 2005, Debasis Mohanty wrote:

Paul Laudanski
What I'm saying is that the vendor never claimed ZAP 
versions prior 
to 5
are not vulnerable in the report.  

Funny Paul!! You are simple exaggerating upon the same 
point again and 
again in a new style each time. Well, They don't even say that ZAP 
versions prior to v5 are vulnerable in their advisory.

Glad I made you laugh.  We are at odds in this clearly.  Zone 
Labs aka Cisco imvho has issued a fair and accurate release 
indicating what is not vulnerable and thereby conversely you 
know which products are.

To that end... I move on.

Paul Laudanski, Microsoft MVP Windows-Security 
CastleCops(SM), http://castlecops.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]