RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.

No one was ever do that? That is up there on the possible scale with a
encrypted zip file that is mailed to a user and asked them to input the
word, open the zip and run the file. That would never happen....wait..
=)

-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Ron
DuFresne
Sent: Friday, August 20, 2004 3:10 PM
To: Matthew Farrenkopf
Cc: Todd Towles; full-disclosure@lists.netsys.com; jlacour@zonelabs.com;
security@zonelabs.com
Subject: RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm
pro.

yet, if I read this properly it wasnpt simply and open e-mail attachment
issue was it, it was open attachment then make suggested changes to the
system issue wasn't it? If I understood the problem, then it really
requres more then a simple luser, it requires the most stupid of lusers
for it to take. and in that case, we're perhaps better off with them
DOS'ed? <smile>

thanks,

Ron DuFresne

>
> However, this would still make it prime for a DoS attack by the next
> strain of e-mail virus. And most users who are not knowledgeable
> (those who would be opening the attachment in the first place) would
> probably not understand why they, now, cannot connect to the Internet.
>
> Matt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D. Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Mon Aug 23 11:35:53 2004