CastleCops :: View topic - [DONE]Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

[DONE]Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

CastleCops -> Zone Alarm

Author: treat2, Location: USA

Posted: Wed May 21, 2008 11:48 am Post subject: Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Eye Opener: Zonelabs Teams up with Big Brother (Zedo.com)

Yes... just when you thought you've seen Firewall Vendors pulling all sorts of s***.... take a REAL CLOSE look AT Zonelabs, and you'll find it is THE SAME THING AS Zedo.com

Unless EVERY DNS Server on the Net is "poisoned", check this out...

do an nslookup on upd.zonelabs.com.
(ie. nslookup upd.zonelabs.com in the Command Prompt), ...

NOW, do an nslookup on www.zedo.com AND also c4.zedo.com

Notice anything?

Yep. ZONE ALARM'S DAILY UPDATE WEBSITE IS ZEDO.COM!!!

Can you believe that sh**???!!!!!!

If you are totally clueless as to WTF I'm talking about, just Google on Zedo.com, and checkout what everyone on the Net has to say about those A-Ho**!

Folks, it seems that Checkpoint (ZA's vendor) needs to be "checked out", as they're definitely knee deep in s***, and that's an understatement.

Is ZA "THE BEST" firewall EVER!" ????

Think again! ----> Big Brother's Watching!

BTW. Please spread the word. It's clear that nobody knows what really going one with "The Best Firewall EVER!"

Regards, - T2 -

Author: Cudni, Location: Et In Arcadia ego

Posted: Wed May 21, 2008 1:05 pm Post subject:

about zedo
http://ca.com/securityadvisor/pest/pest.aspx?id=453074269

Cudni

Author: treat2, Location: USA

Posted: Wed May 21, 2008 1:52 pm Post subject: Correction RE: C4. Use C5 instead!

Pardon me. (I was corrected on another Board). However, try c5.zedo.com, as shown below, nslookup reveals a matching IP address, as shown below:

nslookup upd.zonelabs.com.edgesuite.net
Name: a288.g.akamai.net
Addresses: 72.246.52.7, 72.246.52.14
Aliases: upd.zonelabs.com.edgesuite.net

nslookup c5.zedo.com.edgesuite.net
Name: a426.g.akamai.net
Addresses: 72.246.52.14, 72.246.52.8
Aliases: c5.zedo.com.edgesuite.net

Soz for any confusion regarding "c4". However, as you can see, there's still a matching address for Zedo (using the c5 "prefix").

Unless I've misunderstood something, despite a non-match for "c4.zedo.com", my initial statement, given this revision, still applies. However, by all means, please do post any correction to my post(s) which are factual, as it's not my intention to misinform anyone.

Regards, - T2 -

Author: treat2, Location: USA

Posted: Wed May 21, 2008 3:46 pm Post subject: reply to me

Yeah,

I'm having this really enlightening conversation at Wilders (soz),
seems that they figure a few million companies could share the same IP address at the exact same time, 'cause the IP "don't" mean "nuffin". Seems they figure only the fully qualified URL "counts", and anyone sending a packet using a shared IP is
(as they say) "sh** outta luck", if they do, 'cause they say "The IP is meaningless!" in a multiple web site hosting environment.

I wonder if these folks ever figured what's a poe boy gon do if the sender just used an IP, and didn't use any URL?

Guess they figure the IP don't really mean squat, so any packet just sent using one is just thrown out wit da trash!

Geez. It's amazing what ya "learn" on da Net!

Regards, - T2 -

Author: pwillener, Location: Japan

Posted: Thu May 22, 2008 8:53 am Post subject:

See also http://www.akamai.com/html/customers/customer_list.html for a few more Akamai customers...

Author: treat2, Location: USA

Posted: Fri May 23, 2008 6:02 am Post subject: My thanks to the CastleCops Site, Admin(s) and Moderator(s)!

To those folks reading this thread yet again, THERE IS NEWS:

My findings were confirmed by Wilders own Administrator, and if you visit:

http://www.wilderssecurity.com/showthread.php?s=96827e630f3d03e02740ed45bb0f9531&t=209987

you will find the Admin's post, after a rather lengthy debate which occurred over a period of the past 45 hours, and my final post which wraps up that thread.

Moreover, you will find some material I've posted there which is largely unknown to Internet users / surfers whom are under the mistaken impression that 127.0.0.1 (localhost) is an address/place that you can assign "elevated priveliges" to which approach that of a "trusted" site. (I leave it to the readers to look through the thread at Wilders and find that information I
posted, rather than reposting the same information here.)

My thanks to the CastleCops Site and Admin(s) for permitting me to post this message, as it is NOT my intention to "draw away" users of this site, as I personally, have long considered both CastleCops and Wilders to both be the two BEST security related Boards on the Net, and obviously the reason that I
posted my thread on both sites (in attempt to reach the widest and most informed audience whom are concerned with security related issues).

My thanks again to the Admin(s) at CastleCops, and for the existence of this Web Site, as it contributes greatly towards informing users, and has quite knowledgable Moderators and Admin(s) which have been of assistance to myself, as well.

BTW. You will find many posters within the thread ultimately attempting to do quite a bit of "face-saving", not to the exclusion of Wilder's Admin doing the same, rather than admit to having been mistaken, but don't let that disuade you from learning and exploring the content of the discussion and information. Ultimately, you can not only test this out for yourselves to independently confirm my findings, but YOU should rightly always be the judge of whether or not I or ANYONE is iether "crying wolf", or has some malicious motive to malign the reputation of ANY company for no good reason.

Bottom line. Always make up your own mind, AND do your own investigation, rather than think the majority is right, as it is most often not!

Best Regards, - T2 -

Author: treat2, Location: USA

Posted: Fri May 23, 2008 6:27 am Post subject:

pwillener wrote:

See also http://www.akamai.com/html/customers/customer_list.html for a few more Akamai customers...

Interestingly, it appears I've "taught my PC" not to let www.akami.com "through". (It's not all of akami though, and for good reason.)

akami, as you may know has a vast customer database, and a very large number of them are completely legitimate firms.

If you even were to undertake the rather daunting task of attempting to block out all of akami you'd find that many of your favorite and best anit-virus/anti-spyware and many other programs will not get their updates!

Moral of the story is blocking out akami is not only just about impossible, but NOT what anyone should concern themself with,
as they will be graetly dissapointed at the results of attempting to do so.

Best Regards, - T2 -

Author: treat2, Location: USA

Posted: Fri May 23, 2008 9:00 am Post subject: A Wrap-up and some entries for your host file + advice

LMAO! I've been banned from Wilders! lol

Not unexpected... I debated the Admin till s/he proved him/herself to be wrong, and couldn't admit it. (As I said in the post above, ignore the face saving stuff by the Admin there. Well, no doubt the thread's been trashed, too.)

No matter. You folks have the essence of the matter in the Thread post here, and regardless of whether or not you happen to use a "fully qualified" Web Site name, or just a simple trimmed down name, like c4.zedo.com, you'll still find that zedo.com and upd.zonelabs.com resolve to the same IP, and that the program being downloaded to your PC will be found in your reg DB via a search using the string "trial" (look for the word "screens", when you find a hit. You will get plenty of hits, but continue, and you'll find it, if you've mistakenly let Zedo do its thing on your PC.

In any case, you folks will be wanting to block Zedo, and unlike the rest of the folks on the Net that like to use 127.0.0.1 on the Hosts file (which is a bad idea, since it equates "localhost" to every other nasty site that you stick into your hosts file, and in effect, disables your intention of disabling the s*** sites, but not localhost), what I much prefer to do is to use a totally invalid IP! That IP COULD BE SOMETHING LIKE:

899.0.0.1 zedo.com #[SecuritySpace.WebBug]
899.0.0.1 ads.zedo.com #[McAfee.Cookie-Zedo]
899.0.0.1 c1.zedo.com
899.0.0.1 c2.zedo.com #[SpySweeper.Spy.Cookie]
899.0.0.1 c3.zedo.com
899.0.0.1 c4.zedo.com #[zedo.vo.llnwd.net]
899.0.0.1 c5.zedo.com
899.0.0.1 c6.zedo.com
899.0.0.1 c7.zedo.com
899.0.0.1 c8.zedo.com #[zedo.vo.llnwd.net]
899.0.0.1 g.zedo.com #[zedo.live365.com]
899.0.0.1 gw.zedo.com
899.0.0.1 l1.zedo.com
899.0.0.1 l2.zedo.com
899.0.0.1 l3.zedo.com
899.0.0.1 l4.zedo.com #[Panda.Spyware:Cookie/Zedo]
899.0.0.1 l5.zedo.com
899.0.0.1 l6.zedo.com #[Tenebril.Tracking Cookie]
899.0.0.1 l7.zedo.com
899.0.0.1 l8.zedo.com
899.0.0.1 simg.zedo.com #[zedo.vo.llnwd.net]
899.0.0.1 ss1.zedo.com
899.0.0.1 ss2.zedo.com
899.0.0.1 xads.zedo.com
899.0.0.1 www.zedo.com
899.0.0.1 www.zedo.biz

In any case, that works just fine and has the desired effect, while NOT resolving every "bad" site on the Net to "localhost",
which it appears is being done by everyone on the Net that doesn't know any better!

BTW. While your at it, change the rest of the entries ALL except localhost, which SHOULD ALWAYS BE THE 1ST ENTRY IN THE HOSTS FILE, as entries are scanned 1 by 1. Even so, I've a few thousand entries and I assure you that surfing the Net is MUCH FASTER, NOT slower!

You can pick up host file entries for s*** sites all over the Net, and I'd BET their are quite a few posts with lists of Hosts files on CastelCops Site as well.

In any case, be assured that equating www.hackersRus.com to upd.zonelabs.com OR TO www.bankofamerica.com, is NOT ONLY A BAD IDEA, and a stupid on (for that matter), but THAT is NOT the intention of the technical usage and design of having a "shared IP" to provide the ability to connect to hundreds of Web Servers. Instead, you can well image the use of such an ability for a site like Google, where they would need a few thousand google Servers!

Well, Wilders just took a few steps down in my book, or at least the idiot whom is currently serving as a Mod in the Forum I posted, or as one of its Admins that attempted to say that the IP and Web Site Name is irrelevant, and base their argument on the technical capability, and refer to me as a "blacklister" LOL!
BTW. I use ZA, that happens to be why I'm actively persuing this matter and spreading the word around the Net!

Best Regards, - T2

Author: treat2, Location: USA

Posted: Fri May 23, 2008 9:25 am Post subject:

What was that movie with Pacino dancing the Tango?

Never mind. lol

Know that went over a few heads. Besides, I knew plenty more of my own sex that "stink", but not sayin where I smell it.

Author: treat2, Location: USA

Posted: Fri May 23, 2008 10:05 am Post subject: The "key" to understanding Virtual Hosted Environm

The "key" to understanding Virtual Hosted Environments is that the Web Server MUST provide the EXACT SAME FUNCTIONALITY. Not a similar, or totally unrelated functionality, but the EXACT SAME functionality. OTHERWISE, you end up with an infrastructure that is not only flawed and subject to attack by script kiddies, BUT you end up with GARBAGE!

One can't assign the same IP to a Web Server for a Bank, and for HackerRus, lest one wants mayhem to occur. This is true REGARDLESS of whether or not the Web Servers are hosted in a
Virtual Hosted Environment or by the individual Web Sites.

In either case, the ultimate effect is no different than "DNS Poisoning", as the DNS Server would serve up the same IP for HackersRus, as well as, whatever unfortunate Bank was assigned the same IP.

This is in actuality what is going on with Zedo's Sites, and Checkpoint's Firewall Update Site. BOTH are assigned the SAME IP, and BOTH server TOTALLY DIFFERENT FUNCTIONS!

On the other hand, if akami, hosts 1000 Web Servers that ALL perform the EXACT SAME FUNCTION as the Server that is supposed to update the Zone Alarm Firewall, THEN SURE... THAT'S WHEN THEY CAN AND SHOULD ALL BE ASSIGNED THE EXACT SAME IP!

What the folks and Admin at Wilder were debating with me was their failure to understand that fact, and instead, they simply envisioned it as a technically viable and "sound" solution to simplifying the "scarce resource" of IP addresses owned by akami and that are assigned to the Servers that they host.

Needless to say.... akami's been in this business long enough to know better than to do such a moronic thing, and give that job to an Admin that is totally clueless.

Hence, the only logical conclusion is that BOTH Checkpoint (Zone Alarm's Vender) AND Zedo.com, have BOTH AGREED TO USE THE SAME IP AND TOLD AKAMI TO ASSIGN IT TO THE ZA FIREWALL PROGRAM UPDATE SITE.

Financially, it benifits both companies! Zedo pays Checkpoint for that "favor" of letting their garbage get into every ZA User's PC, and Checkpoint profits from that. At the SAME TIME, whatever SALES OR SPYWARE IS PLANTED on all ZA User's PC's benefits Zedo.Com. (If there is any question about that, simply google up Zedo.com, and you'll have an idea what they've been doing to 10's of thousands of users PCs on the Internet.)

It's a Win-Win scenario for both companies, and in time, Checkpoint, when it decides to make a program update at some future date, always can tell Akami "hey folks", we need our Update Site's Server's IP changed because it's the same as Zedo, or simply make the request, without even mentioning Zedo!

It's the Internet and Capitalism at its best!

Best Regards, - T2

Author: Hoov, Location: USA

Posted: Fri May 23, 2008 3:52 pm Post subject:

Well I guess that will teach me to have medical problems while someone else wants to play.

I am not sure why this came up, but just because two sites share the same server in no way means that the two sites are in bed with each other. If this were true, then the entire world is in bed with ZEDO. If it does that means that Akamai is on bed with ZEDO, and everyone that does Business with Akamai is in bed with ZEDO including this list, http://www.akamai.com/html/customers/customer_list.html Which means that everyone from Grisoft to Missingandexploitedkids.com is in bed together. Not to mention the US federal Government and Victoria's Secret (now that could be fun) not to mention the National Governments of several other companies from around the world.
I would be willing to bet that every time you surf the web, you get some kind of content from Akamai. Do you think that only those two things live on that server? Not by a long shot.
When a company goes to Akamai to get server space, Akamai looks at their loads across all of their servers and gives them space on whichever one is available according to their distribution plan. I really doubt that someone could say "I don't want to be on that server because company Y is also there".
You will have to show me more than both companies using the same load balancers.

One more thing, if the two companies are in bed together, then why would ZoneLabs tell you how to cut them off? http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html
And that was published in 2005, and a link to it has been on this board since Feb 7 2006.

But I will forward your opinions and concerns to those who need to know.

Author: crunchie,

Posted: Tue May 27, 2008 1:07 pm Post subject:

As you can see, treat2 was banned at the very site he links to. He is spreading this same crap wherever he can.

CastleCops -> Zone Alarm

All times are GMT

Page 1 of 1