[Full-disclosure] Different Claims by ZoneLabs on the "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue
bart.lansing at hushmail.com
Tue Oct 4 14:08:01 BST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Todd, et al,
When was the last time you saw an announcement of a vulnerability
that affected windows 3.11?
If you are 2 or 3 full revs behind the current release version of
pretty much any software, you get what you get.
On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles
<toddtowles at brookshires.com> wrote:
>If a bulb in my car was found to cause a fire in certain models
>certain manufacturer, I would want to know exactly which one were
>danger...not the other way around. Has ZA tested the other
>They know 6 isn't vulnerable but if they don't say that 3 is
>then we have to "assume" they are. That isn't any type of security
>It just makes the company look like they care more about making
>the new version as opposed to protecting their customers. Just my
>> -----Original Message-----
>> From: full-disclosure-bounces at lists.grok.org.uk
>> [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf
>> Of Paul Laudanski
>> Sent: Monday, October 03, 2005 6:55 PM
>> To: Debasis Mohanty
>> Cc: bugtraq at securityfocus.com;
>> full-disclosure at lists.grok.org.uk; 'Zone Labs Security Team'
>> Subject: RE: [Full-disclosure] Different Claims by ZoneLabs
>> on the "BypassingPersonalFirewall (Zone Alarm Pro) Using
>> DDE-IPC" issue
>> On Mon, 3 Oct 2005, Debasis Mohanty wrote:
>> > >> Paul Laudanski
>> > >> What I'm saying is that the vendor never claimed ZAP
>> versions prior
>> > >> to 5
>> > are not vulnerable in the report.
>> > Funny Paul!! You are simple exaggerating upon the same
>> point again and
>> > again in a new style each time. Well, They don't even say that
>> > versions prior to v5 are vulnerable in their advisory.
>> Glad I made you laugh. We are at odds in this clearly. Zone
>> Labs aka Cisco imvho has issued a fair and accurate release
>> indicating what is not vulnerable and thereby conversely you
>> know which products are.
>> To that end... I move on.
>> Paul Laudanski, Microsoft MVP Windows-Security
>> CastleCops(SM), http://castlecops.com
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>Full-Disclosure - We believe in it.
>Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
Promote security and make money with the Hushmail Affiliate Program:
Full-Disclosure is hosted and sponsored by Secunia.