Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: ZoneAlarm shutdown problem update, MS Black Tuesday SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ZoneAlarm shutdown problem update, MS Black Tuesday

ZoneAlarm Update




An update report from a Diary contributor says: "The affected version of ZoneAlarm was 5.5.094.000. The newer fixed version of ZoneAlarm is 5.5.094.000 (hey it looks the same!) Why they couldn't just use that fourth numbering component and change .000 to .001 is a mystery. If you download the file, right-click on it and look at the properties, the broken version of ZoneAlarm Pro will be file version '5.5.94.0' and has the description 'ZoneAlarm Pro-1025-English'. The newer version will have a description of 'ZoneAlaram Pro-1043-English'. For the freeware ZoneAlarm, the newest update available to download has a description of 'ZoneAlarm-1013-English'. I don't know what the description value was for the affected version."
Thanks for the contribution!


Earlier Diary Entries

ZoneAlarm Problems

ZoneAlarm ( A Check Point Company) users were lighting up ZoneLABS user forums yesterday with reports of the firewall shutting down. ZoneLABS issued an advisory .


"Vulnerable" MS OS and application list



See "Microsoft June Advance Notification Unspecified Security Vulnerabilities"

http://www.securityfocus.com/bid/13923/info
The MSSRC Blog says MS will release "7 bulletins affecting Windows. The maximum severity rating for these security updates is Critical and some will require a restart.

1 bulletin affecting Windows and Microsoft Services for UNIX. The, maximum severity rating for this is Moderate and may require a restart.

1 bulletin affecting Microsoft Exchange. The maximum severity rating for this security update is Important and it will not require a restart.

1 bulletin affecting Microsoft Internet Security and Acceleration (ISA) Server and Small Business Server. The maximum severity rating for these security updates is Moderate and may require a restart."

And Juha-Matti adds another pointer to what's coming with a pointer to:
CAN-2005-1907 (under review)
"The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic."
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1907
Thanks Juha-Matti!


The Co$t of Security



Over at TheRegister, in the article "Symantec ask court to rule Hotbar.com as adware", it says "In other spyware-related news, Dell said that better customer awareness and sales of security software subscriptions had halved the number of support calls it was receiving about spyware-related problems over the last year."

http://www.theregister.com/2005/06/09/symantec_hotbar_lawsuit/

Cisco - Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access


Cisco has released a Cisco Security Notice in response to an advisory released by FishNet Security on June 8, 2005 entitled "Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN Access"

http://www.uniras.gov.uk/niscc/docs/br-20050609-00475.html?lang=en

I will be teaching next: Malware Reverse-Engineering Challenge - SANS San Antonio 2020

Jim

412 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!