[Full-disclosure] Re: Re: ZoneAlarm phones home
ivanhec at gmail.com
Sun Feb 5 22:23:42 GMT 2006
>The company says it will fix the "bug" soon. In the meantime you can
work >around it by adding:
># Block access to ZoneLabs Server
>to your Windows host file.
On 2/4/06, Dave Korn <davek_throwaway at hotmail.com> wrote:
> Ivan . wrote:
> >> observed 'spyware phoning home' but who are then completely unable
> >> to give any details about the contents or destination of the packets
> > read the article again Dave, you'll find that he did provide the ip
> > address of the destination servers to Zonelaram
> There is NO ip address listed in Cringely's article whatsoever.
> The URL of the article (see post at the top of this thread) is
> The single paragraph he wrote about ZA contains this text:
> " A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning
> home, even when told not to. Last fall, InfoWorld Senior Contributing Editor
> James Borck discovered ZA 6.0 was surreptitiously sending encrypted data
> back to four different servers, despite disabling all of the suite's
> communications options. Zone Labs denied the flaw for nearly two months,
> then eventually chalked it up to a "bug" in the software -- even though
> instructions to contact the servers were set out in the program's XML code.
> A company spokesmodel says a fix for the flaw will be coming soon and
> worried users can get around the bug by modifying their Host file settings.
> However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on
> U.S. citizens. "
> Now, show me which bit of that is an IP address, or admit you are
> Can't think of a witty .sigline today....
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Full-Disclosure is hosted and sponsored by Secunia.