RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.

["Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>]

No one was ever do that? That is up there on the possible scale with a
encrypted zip file that is mailed to a user and asked them to input the
word, open the zip and run the file. That would never happen....wait..
=) 

-----Original Message-----
From: full-disclosure-admin@xxxxxxxxxxxxxxxx
[mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Ron
DuFresne
Sent: Friday, August 20, 2004 3:10 PM
To: Matthew Farrenkopf
Cc: Todd Towles; full-disclosure@xxxxxxxxxxxxxxxx; jlacour@xxxxxxxxxxxx;
security@xxxxxxxxxxxx
Subject: RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm
pro.


yet, if I read this properly it wasnpt simply and open e-mail attachment
issue was it, it was open attachment then make suggested changes to the
system issue wasn't it?  If I understood the problem, then it really
requres more then a simple luser, it requires the most stupid of lusers
for it to take.  and in that case, we're perhaps better off with them
DOS'ed? <smile>

thanks,

Ron DuFresne

>
> However, this would still make it prime for a DoS attack by the next 
> strain of e-mail virus.  And most users who are not knowledgeable 
> (those who would be opening the attachment in the first place) would 
> probably not understand why they, now, cannot connect to the Internet.
>
> Matt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html