Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

According to Ivan, the secret ZA phone-home server is located at 127.0.0.1 [was Re: Re: Re: ZoneAlarm phones home]
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Mon, 6 Feb 2006 14:06:55 -0000

Ivan . wrote:
-[ top posting reformatted. ]-
On 2/4/06, Dave Korn <davek_throwaway () hotmail com> wrote:
Ivan . wrote:

observed 'spyware phoning home' but who are then completely unable
to give any details about the contents or destination of the
packets
read the article again Dave, you'll find that he did provide the ip
address of the destination servers to Zonelaram


  There is NO ip address listed in Cringely's article whatsoever.

  The URL of the article (see post at the top of this thread) is
http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html

  The single paragraph he wrote about ZA contains this text:

" A Perfect Spy? It seems that ZoneAlarm Security Suite has been
phoning home, even when told not to. Last fall, InfoWorld Senior
Contributing Editor James Borck discovered ZA 6.0 was
surreptitiously sending encrypted data back to four different
servers, despite disabling all of the suite's communications
options. Zone Labs denied the flaw for nearly two months, then
eventually chalked it up to a "bug" in the software -- even though
instructions to contact the servers were set out in the program's
XML code. A company spokesmodel says a fix for the flaw will be
coming soon and worried users can get around the bug by modifying
their Host file settings. However, there's no truth to the rumor
that the NSA used ZoneAlarm to spy on U.S. citizens. "


  Now, show me which bit of that is an IP address, or admit you are
bullshitting.

http://theinquirer.net/?article=29157

The company says it will fix the "bug" soon. In the meantime you can
work >around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.

  Well, just two points to make in response:

  1)  That inquirer article isn't Cringely's article, so your claim that "he 
did provide the ip address of the destination servers to Zonelaram" is 
garbage.

  2)  You aren't the first person in the world to mistake the loopback 
interface for a routable address, but you do look just as dumb as everyone 
else who's ever done it down the annals of history.

  Next time, try knowing what you're talking about before you open your 
mouth; I assure you, it works much better.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today.... 



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault