http://www.extremetech.com/article2/0,3973,1179181,00.asp By Mark Hachman July 3, 2003 A spokeswoman for firewall manufacturer Zone Labs said the company has reconsidered a previous decision and will upgrade its free ZoneAlarm firewall software to address a vulnerability found this week. A patch to the free version of ZoneAlarm will be issued within two weeks, the company said. Earlier this week, company executives characterized the difficulty of exploiting the hole as "the equivalent of hacker brain surgery" and said the cost to upgrade a free product would be prohibitive. "Between the time we spoke with you and last night we found a way to block this in ZoneAlarm," a Zone Labs representative said in an email to ExtremeTech. "We can do this without creating greater complexity for our users or our support staff." Originally, Zone Labs said Tuesday that it would decline to fix the vulnerability reported to the BugTraq mailing list, as the company claimed the hole was a flaw in Windows, and not in its own software. On Thursday, Zone Labs changed its stance, claiming that any exploit that took advantage of the hole was still "theoretical", and that that to its knowledge no hacker had used the vulnerability to compromise a user's system. "Zone Labs will make a fix for its free ZoneAlarm product available in the next two weeks," the company said, in a statement that was also published to the BugTraq list late Wednesday night. "In the meantime, users of ZoneAlarm should keep in mind the following facts", Zone Labs added. "This vulnerability has not been exploited to our knowledge. This vulnerability requires that a malicious application is running on the affected PC. For this to occur, an attacker would have to break through the other protection layers of ZoneAlarm (firewall, stealth mode etc.) as a first step." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 02:35:28 PDT