"ZoneAlarm flaw" advisory sets off blame game

ZDNet describes a new security vulnerability affecting ZoneAlarm. Originally reported by Debasis Mohanty, the flaw allows an attacker to trick an application-based firewall, such as ZoneAlarm, into trusting a malicious application that masquerades as legitimate traffic.....That's what Mohanty claims. But is there really a hole in ZoneAlarm?

Many security researchers have disagreed with Mohanty. One research team claims they tried to reproduce the flaw and it didn't work. They also point out that Mohanty tested his flaw using ZoneAlarm version 3 instead of the more recent version 6.- WatchGuard Wire: RSS Feed | WatchGuard Technologies, Inc.

Linked by shanmuga Thursday, 6th October 2005 1:58AM