Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Check Point - Zone Labs Division - Response to "Weak Default Permissions

from [Zone Labs Product Security] Network Security [Permanent Link]
Subject: Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability"
Date: Wed, 25 Aug 2004 13:02:01 -0700 

Check Point - Zone Labs Division:
Response to "Weak Default Permissions Vulnerability"

Summary

Zone Labs ZoneAlarm family of products and Check Point 
Integrity endpoint security client software use the 
folder "%WINDOWS%\Internet Logs" to store a copy of 
logging information and the locally stored security 
policy.  Zone Labs security clients do NOT rely upon 
NTFS file ownership and permissions to protect logging 
and policy files stored in this folder.  Key files 
are protected by the security client itself.  Logging 
and policy information cannot be altered as the result 
of weak file ownership or permissions.  


Details

Zone Labs security clients write logging information 
to an unprotected file named ZAlog*.txt as a convenient 
way for the local user to observe recent events.   
However, all logged events are also stored in another 
file that is protected.

ZoneAlarm product family users may review the contents 
of the protected log file with the client user interface. 

Integrity server collects security client logs from the 
protected log files at regular intervals.  Administrators 
may review the logged information via the Integrity 
Administration console.  

Zone Labs, a Check Point Company, regards the security 
of our products and services very seriously and responds 
to all reports of security matters as soon as possible.  
To contact the Zone Labs product security team, please 
contact security@zonelabs.com.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability", Zone Labs Product Security <=
Previous by Date:  Re: NETGEAR DG834G SPECIAL FEATURES, Rodrigo Barbosa
Next by Date:  Re: 0day critical vulnerability/exploit targets Winamp users in the wild, K-OTiK Security
Previous by Thread:  Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Jérôme
Next by Thread:  Re: 0day critical vulnerability/exploit targets Winamp users in the wild, K-OTiK Security
Indexes:  [Date] [Thread] [Top] [All Lists]