Re: EEYE: RealSecure/BlackICE Server Problems/Witty

From: Travis Dennis (tdennis_at_CATALYSTTECH.COM)
Date: 03/30/04

  • Next message: Marcio Vieira: "Re: EEYE: RealSecure/BlackICE Server Problems/Witty" 
    Date:         Mon, 29 Mar 2004 21:26:33 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Actually ISS has offered to unlock my out of service BlackICE products
    and allow the expired installs to update to the latest version which of
    course, takes care of the vulnerability. All I had to do was ask.
    Please see the e-mail response form BlackICE support. I deleted the
    support techs name but nothing else

    Thanks,

    Travis Dennis
    Catalyst Technologies

    Hi Travis,
     
    Thank you for buying ISS BlackICE PC Protection.
     
    If you provide us with the expired license keys, we will refresh them to
    allow the upgrade to be applied.
     
    Best,

    ****** ***** (name withheld by me)
    Client Services Manager
    ISS BlackICE
    www.blackice.iss.net
    650.316.4254

    Sign up to receive ISS X-Force alerts and advisories at
    http://xforce.iss.net/xforce/maillists/.
      

    -----Original Message-----
    From: Marcio Vieira [mailto:vieira@CSTL.SEMO.EDU]
    Sent: Monday, March 22, 2004 9:59 AM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Re: EEYE: RealSecure/BlackICE Server Problems/Witty

    > On Sunday, February 29, 2004 4:25 PM Brad Webb said:
    >
    > Ok, perhaps I'm blind and am missing what's right in front of
    > my face, but there seems to be no patches available from ISS,
    > only "upgrades".
    >
    > As at 9:14AM AESDT, the only options available from the URL
    > given (at least for BlackICE PC Protection and BlackICE
    > Server Protection products) are "upgrades" to latest version.
    > Of course if your version of BICE is "out of maintenance"
    > then you seem to have but three options:
    >
    > 1) Purchase the upgrade (paying for fixes...)
    > 2) Switch to a different vendor
    > 3) Continue to use a vulnerable version of BICE until such
    > time as an exploit is posted to bugtraq. Use your imagination
    > for the next bit.
    >
    > Hopefully I'm just blind and the necessary patches are
    > available, or will be soon.

    Well, I think I'm blind too. Or maybe ISS is. I was denied a patch to
    fix
    the recent bugs in BlackICE because I haven't purchased their service
    plan
    this year. Actually, they don't even have "patches"--only full product
    upgrades, like Brad mentioned above. If a customer doesn't want the
    extra
    bells and whistles (and extra bugs) that come with the new version, then
    the
    only solution is to find another product (which I hope most ISS
    customers
    eventually will).

    The old car-with-brake-problems analogy fits nicely here: suddenly
    someone
    finds out that the car you bought a year ago has a defective brake
    that's
    been proven fatal, but the car manufacturer tells you that you cannot
    get it
    fixed for free because you didn't purchase the extended warranty.
    (??????)

    I wonder if the domain name boycottiss.org is already taken... ;-)

    Marcio Vieira
    Southeast Missouri State University

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is
    configured such that just hitting reply is going to result in the
    message coming to the list, not to the individual who sent the message.
    This was done to help reduce the number of Out of Office messages
    posters received. So if you want to send a reply just to the poster,
    you''ll have to copy their email address out of the message and place it
    in your TO: field.
    -----

    -----
    NTBugtraq Editor's Note:

    Want to reply to the person who sent this message? This list is configured such that just hitting reply is going to result in the message coming to the list, not to the individual who sent the message. This was done to help reduce the number of Out of Office messages posters received. So if you want to send a reply just to the poster, you''ll have to copy their email address out of the message and place it in your TO: field.
    -----

  • Next message: Marcio Vieira: "Re: EEYE: RealSecure/BlackICE Server Problems/Witty"

    Relevant Pages