|
Posted by badgolferman on May 26, 2006, 7:45 am
If you were Registered and logged in, you could reply and use other advanced thread options
http://www.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html
WASHINGTON (AP) -- Symantec Corp.'s leading antivirus software, which
protects some of the world's largest corporations and U.S. government
agencies, suffers from a flaw that lets hackers seize control of
computers to steal sensitive data, delete files or implant malicious
programs, researchers said Thursday.
Symantec said it was investigating the issue but could not immediately
corroborate the vulnerability. If confirmed, the threat to computer
users would be severe because the security software is so widely used
and because no action is required by victims using the latest versions
of Symantec Antivirus to suffer a crippling attack over the Internet.
Symantec has boasted that its antivirus products are installed on more
than 200 million computers. A spokesman, Mike Bradshaw, said the
company was examining the reported flaw but described it as "so new
that we don't have any details."
Researchers from eEye Digital Security Inc. of Aliso Viejo, California,
discovered the vulnerability and provided evidence to Symantec
engineers this week, said eEye's chief hacking officer, Marc Maiffret.
He demonstrated the attack for The Associated Press.
eEye said it appeared consumer versions of Symantec's Norton Antivirus
software -- sold at retail outlets around the country -- were not
vulnerable to the flaw, though consumers who are provided Symantec's
corporate edition antivirus software by their employers for use at home
may be affected.
Maiffret's company -- which has discovered hundreds of similar flaws in
other software products -- also produces intrusion-protection software,
called "Blink," that he said already blocks such attacks and can
operate alongside Symantec's antivirus products.
Maiffret published a note about the company's discovery on its Web site
but pledged not to reveal details publicly that would help hackers
attack Internet users until after Symantec repairs its antivirus
software. eEye said it intends to describe the problem in detail
privately for some of its largest customers.
"People shouldn't panic," Maiffret said. "There shouldn't be any
exploits until a patch is produced."
The reported flaw comes at an awkward time for Symantec. Its chief
executive, John Thompson, has campaigned in recent months to convince
consumers they should trust Symantec -- not Microsoft Corp. -- to
protect their personal information.
Maiffret said eEye's testing showed the problem affects Symantec
Antivirus Version 10, including its corporate editions. He said
Symantec's consumer antivirus product, known as Norton Antivirus 2006,
and its current security suite -- which includes both antivirus and
firewall features -- did not appear to be vulnerable.
Copyright 2006 The Associated Press. All rights reserved.
--
"I don't make jokes. I just watch the government and report the facts."
~ Will Rogers
|
|
Posted by Gabriele Neukam on May 26, 2006, 10:46 am
If you were Registered and logged in, you could reply and use other advanced thread options
On that special day, badgolferman, (REMOVETHISbadgolferman@gmail.com)
said...
> Researchers from eEye Digital Security Inc. of Aliso Viejo, California,
> discovered the vulnerability
There is is a *difference* between the *existence* of a vulnerability,
and the *making use of* said vulnerability.
Symantec products haven't been *hacked*, at least not yet, they are
only *prone* to be hacked.
Gabriele Neukam
Gabriele.Spamfighter.Neukam@t-online.de
--
Ah, Information. A property, too valuable these days, to give it away,
just so, at no cost.
|
|
Posted by David H. Lipman on May 26, 2006, 4:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| On that special day, badgolferman, (REMOVETHISbadgolferman@gmail.com)
| said...
|
>> Researchers from eEye Digital Security Inc. of Aliso Viejo, California,
>> discovered the vulnerability
|
| There is is a *difference* between the *existence* of a vulnerability,
| and the *making use of* said vulnerability.
|
| Symantec products haven't been *hacked*, at least not yet, they are
| only *prone* to be hacked.
|
| Gabriele Neukam
|
| Gabriele.Spamfighter.Neukam@t-online.de
|
I agree and was going to piost that using the word "hacked" was NOT apropos.
While eEye says this vulnerability is capable of being exploited by Internet
worms, none
have been noted and there are have been no specifics given in where the
vulnerability is in
the software.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by badgolferman on May 26, 2006, 6:29 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>
> > On that special day, badgolferman,
> > (REMOVETHISbadgolferman@gmail.com) said...
> >
> >> Researchers from eEye Digital Security Inc. of Aliso Viejo,
> California, >> discovered the vulnerability
> >
> > There is is a difference between the existence of a vulnerability,
> > and the *making use of* said vulnerability.
> >
> > Symantec products haven't been hacked, at least not yet, they are
> > only prone to be hacked.
> >
> > Gabriele Neukam
> >
> > Gabriele.Spamfighter.Neukam@t-online.de
> >
>
> I agree and was going to piost that using the word "hacked" was NOT
> apropos.
Well, you guys may be right about the word "hacked" being too strong,
but if some researcher finds a flaw and demonstrates how the antivirus
program can be compromised that seems like it has been hacked to me.
Regardless, at least the right person did it.
|
|
Posted by David H. Lipman on May 26, 2006, 6:35 pm
If you were Registered and logged in, you could reply and use other advanced thread options
|
| Well, you guys may be right about the word "hacked" being too strong,
| but if some researcher finds a flaw and demonstrates how the antivirus
| program can be compromised that seems like it has been hacked to me.
| Regardless, at least the right person did it.
Hacked means penetrated.
No reports of exploitations, penetration, have been reported.
No specifics of the vulnerabilities have been disclosed either.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
| Similar Threads | Posted | | symantec antivirus corporate client virus found | February 18, 2008, 10:35 am |
| Symantec AV Corporate takes 7 hours to back up 174000 files?? | June 22, 2006, 1:56 pm |
| Symantec Antivirus Corp. Edition 10.0 | June 8, 2006, 1:35 am |
| AVG network edition vs. Symantec Business pack | November 9, 2005, 10:43 am |
| Has my computer been hacked? | May 13, 2006, 4:51 pm |
| OT - eBay hacked again? | September 25, 2007, 9:21 pm |
| site hacked - can anyone de-code this? | May 5, 2007, 4:51 pm |
| Corporate Antivirus software | April 7, 2008, 10:55 am |
| Re: Corporate Antivirus software | April 7, 2008, 7:20 pm |
| Re: Corporate Antivirus software | April 7, 2008, 7:26 pm |
|
XML site map