Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Researchers: Antivirus Software Has Flaw

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Researchers: Antivirus Software Has Flaw
Date: Fri, 26 May 2006 04:04:38 -0500 (CDT) 
http://www.washingtonpost.com/wp-dyn/content/article/2006/05/25/AR2006052501081.html

By TED BRIDIS
The Associated Press
May 25, 2006

WASHINGTON -- Symantec Corp.'s leading antivirus software, which
protects some of the world's largest corporations and U.S. government
agencies, suffers from a flaw that lets hackers seize control of
computers to steal sensitive data, delete files or implant malicious
programs, researchers said Thursday.

Symantec said it was investigating the issue but could not immediately
corroborate the vulnerability. If confirmed, the threat to computer
users would be severe because the security software is so widely used,
and because no action is required by victims using the latest versions
of Norton Antivirus to suffer a crippling attack over the Internet.

Symantec has boasted its antivirus products are installed on more than
200 million computers. A spokesman, Mike Bradshaw, said the company
was examining the reported flaw but described it as "so new that we
don't have any details."

Researchers from eEye Digital Security Inc. of Aliso Viejo, Calif.,
discovered the vulnerability and provided evidence to Symantec
engineers this week, said eEye's chief hacking officer, Marc Maiffret.  
He demonstrated the attack for The Associated Press.

Maiffret's company _ which has discovered hundreds of similar flaws in
other software products _ also produces intrusion-protection software,
called "Blink," that he said already blocks such attacks and can
operate alongside Symantec's antivirus products.

Maiffret published a note about the company's discovery on its Web
site but pledged not to reveal details publicly that would help
hackers attack Internet users until after Symantec repairs its
antivirus software. eEye said it intends to describe the problem in
detail privately for some of its largest customers.

"People shouldn't panic," Maiffret said. "There shouldn't be any
exploits until a patch is produced."

The reported flaw comes at an awkward time for Symantec. Its chief
executive, John Thompson, has campaigned in recent months to convince
consumers they should trust Symantec _ not Microsoft Corp. _ to
protect their personal information.

Maiffret said eEye's testing showed the problem affects Norton
Antivirus Version 10, including its corporate editions. He said
Symantec's current security suite - which includes both antivirus and
firewall features - did not appear to be vulnerable.

-=-

On the Net:

Symantec: http://www.symantec.com
eEye Digital Security: http://www.eeye.com
U.S. Computer Emergency Readiness Team: http://www.us-cert.gov



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Researchers: Antivirus Software Has Flaw, InfoSec News <=
Previous by Date:  [ISN] Secunia Weekly Summary - Issue: 2006-21, InfoSec News
Next by Date:  [ISN] Red Cross warns blood donors of possible ID thefts in Midwest, InfoSec News
Previous by Thread:  [ISN] Secunia Weekly Summary - Issue: 2006-21, InfoSec News
Next by Thread:  [ISN] Red Cross warns blood donors of possible ID thefts in Midwest, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]