Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue
From: "Bart Lansing" <bart.lansing () hushmail com>
Date: Tue, 4 Oct 2005 06:08:01 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd, et al,

When was the last time you saw an announcement of a vulnerability
that affected windows 3.11?

If you are 2 or 3 full revs behind the current release version of
pretty much any software, you get what you get.

On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles
<toddtowles () brookshires com> wrote:
If a bulb in my car was found to cause a fire in certain models
from a
certain manufacturer, I would want to know exactly which one were
in
danger...not the other way around. Has ZA tested the other
versions?
They know 6 isn't vulnerable but if they don't say that 3 is
vulnerable
then we have to "assume" they are. That isn't any type of security
advisory IMHO.

It just makes the company look like they care more about making
you buy
the new version as opposed to protecting their customers. Just my
2
cents

-Todd

-----Original Message-----
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf
Of Paul Laudanski
Sent: Monday, October 03, 2005 6:55 PM
To: Debasis Mohanty
Cc: bugtraq () securityfocus com;
full-disclosure () lists grok org uk; 'Zone Labs Security Team'
Subject: RE: [Full-disclosure] Different Claims by ZoneLabs
on the "BypassingPersonalFirewall (Zone Alarm Pro) Using
DDE-IPC" issue




On Mon, 3 Oct 2005, Debasis Mohanty wrote:

Paul Laudanski
What I'm saying is that the vendor never claimed ZAP
versions prior
to 5
are not vulnerable in the report.

Funny Paul!! You are simple exaggerating upon the same
point again and
again in a new style each time. Well, They don't even say that

ZAP
versions prior to v5 are vulnerable in their advisory.

Glad I made you laugh.  We are at odds in this clearly.  Zone
Labs aka Cisco imvho has issued a fair and accurate release
indicating what is not vulnerable and thereby conversely you
know which products are.

To that end... I move on.

Paul Laudanski, Microsoft MVP Windows-Security
CastleCops(SM), http://castlecops.com


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A
oL7qIA7uvUvtRzEyWZ/DTR73//B+
=lX9R
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]