This is for those of you that may have heard about the alleged SSL Vulnerability that was found in ZA by SucurityFocus (or was at least reported on thier site). This is official from ZoneLabs and not me. (hoov - the person posted this info in GRC discussions)
ZoneAlarm Pro, Security Suite and Integrity products which employ Mobile Code Protection/ID Lock features do not inspect encrypted traffic. If mobile code is downloaded via a Secure Sockets Layer (SSL) session, it will not be inspected by these products. This is by design and mandated by the SSL Protocol specification. The intended purpose of SSL is to "provide privacy
and reliability between two communicating applications ." Computer users have the expectation their SSL encrypted session will be encrypted end-to-end between the server and client application (in this case, the Web Browser).As stated in the SSL Protocol Version 3.0: For SSL to be able to provide a secure connection, both the client and server systems, keys, and applications must be secure . As such, Zone Labs products do not attempt to intercept, decrypt, proxy, or otherwise interfere with the SSL transaction. For our product -- or any other application -- to behave otherwise would violate the intent and design of the SSL specification and could potentially expose and/or risk the confidentiality of the data transmitted in the SSL transaction. A clarification of this common program
limitation will be made in the product help files and program interface. Zone Labs encourages anyone with concerns about the security of our products or services to contact us at email@example.com
He is referring to the vulnerability in Zone Alarm Pro reported few days ago - see http://reviews.cnet.com/5208-6132-0.html?forumID=32&threadID=26653&messageID=300364
Spammers use spyware to improve hit rates
Latest technique deploys malware to gather information from PCs Spammers are using spyware to launch more sophisticated and targeted attacks, according to email security specialist MessageLabs.
The company claims to have discovered the new technique from analysis of the 50 million emails it scans every day.
Paul Wood, MessageLab's chief information analyst, told vnunet.com: "We began seeing patterns in the emails that seemed specifically targeted at some individuals using familiar names or even passwords and pets' names.
"We suspected something like this might happen, but not just yet. The spammers are always shifting the battle lines and this could be a trial to see how it goes."
MessageLabs said that the perpetrators appear to be using spyware to gather information from PCs which is then used in the subject line of subsequent junk emails to try and persuade targets to open the emails.