The software vulnerability exploited by last week's Witty worm is only the latest in a growing list of flaws being discovered in the very products users invest in to safeguard their systems. "This is a new realm of risk that users must confront: the security of security products," said Andrew Plato, president of Anitian Enterprise Security, a systems integration and consulting firm in the US. . . .
The software vulnerability exploited by last week's Witty worm is only the latest in a growing list of flaws being discovered in the very products users invest in to safeguard their systems."This is a new realm of risk that users must confront: the security of security products," said Andrew Plato, president of Anitian Enterprise Security, a systems integration and consulting firm in the US. The Witty worm, which was reported to have damaged 15,000 to 20,000 computers worldwide, took advantage of a flaw involving the BlackIce and RealSecure intrusion-prevention products from Internet Security Systems. The worm wrote random data onto the hard discs of vulnerable systems, causing the drives to fail and making it impossible for users to start up the systems. The flaw was the result of a buffer-overflow condition in a function used to detect peer-to-peer traffic, said Chris Rouland, director of the X-Force security team at ISS. The company worked "very quickly" to reduce the risk after being informed of the problem by eEye Digital Security, Rouland added. But Witty was released "almost immediately" after the fix became available and before many users had time to respond. Rouland noted that the number of major flaws that have been discovered in ISS products over the past five years has been limited to two - well below the industry average, he stressed, because ISS follows strong quality and code-audit processes.
Read this full article at ComputerWeekly.com
Only registered users can write comments.
Please login or register. Powered by AkoComment! |
