RE: Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue

["Bart Lansing" <bart.lansing () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd, et al,

When was the last time you saw an announcement of a vulnerability
that affected windows 3.11?

If you are 2 or 3 full revs behind the current release version of
pretty much any software, you get what you get.

On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles
<toddtowles () brookshires com> wrote:
> If a bulb in my car was found to cause a fire in certain models
> from a
> certain manufacturer, I would want to know exactly which one were
> in
> danger...not the other way around. Has ZA tested the other
> versions?
> They know 6 isn't vulnerable but if they don't say that 3 is
> vulnerable
> then we have to "assume" they are. That isn't any type of security
> advisory IMHO.
>
> It just makes the company look like they care more about making
> you buy
> the new version as opposed to protecting their customers. Just my
> 2
> cents
>
> -Todd
>
> > -----Original Message-----
> > From: full-disclosure-bounces () lists grok org uk
> > [mailto:full-disclosure-bounces () lists grok org uk] On Behalf
> > Of Paul Laudanski
> > Sent: Monday, October 03, 2005 6:55 PM
> > To: Debasis Mohanty
> > Cc: bugtraq () securityfocus com;
> > full-disclosure () lists grok org uk; 'Zone Labs Security Team'
> > Subject: RE: [Full-disclosure] Different Claims by ZoneLabs
> > on the "BypassingPersonalFirewall (Zone Alarm Pro) Using
> > DDE-IPC" issue
> >
> >
> >
> >
> > On Mon, 3 Oct 2005, Debasis Mohanty wrote:
> >
> > > > > Paul Laudanski
> > > > > What I'm saying is that the vendor never claimed ZAP
> > versions prior
> > > > > to 5
> > > are not vulnerable in the report.
> > >
> > > Funny Paul!! You are simple exaggerating upon the same
> > point again and
> > > again in a new style each time. Well, They don't even say that

> ZAP
> > > versions prior to v5 are vulnerable in their advisory.
> >
> > Glad I made you laugh.  We are at odds in this clearly.  Zone
> > Labs aka Cisco imvho has issued a fair and accurate release
> > indicating what is not vulnerable and thereby conversely you
> > know which products are.
> >
> > To that end... I move on.
> >
> > Paul Laudanski, Microsoft MVP Windows-Security
> > CastleCops(SM), http://castlecops.com
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A
oL7qIA7uvUvtRzEyWZ/DTR73//B+
=lX9R
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/