By Susan B. Shor TechNewsWorld Part of the ECT News Network
07/01/05 10:31 AM PT
"It is extremely difficult for enterprises to keep ahead of a vulnerability like this, particularly when the timeframe to deploy the patch is so small as it was with this vulnerability," Ed Moyle, president, SecurityCurve, told TechNewsWorld.
The National Cyber Alert System warned yesterday of active exploits of a security flaw in Veritas Backup Exec Software. The system is part of the U.S. Homeland Security's Computer Emergency Readiness Team (U.S.-CERT). The alert said a buffer overflow could allow hackers to take over a computer and remotely execute malicious code.
"The vulnerability discovered in the Veritas remote agent is a significant one, as it allows an attacker to remotely execute code on a target machine running the backup agent," Ed Moyle, president, SecurityCurve, told TechNewsWorld. "One mitigating factor is that Veritas is enterprise software and most corporate firewalls block port 10000 (the port used by the backup agent) from outside their network, which helps to prevent attacks from impacting corporate entities."
Flaw Found in March
The flaw in the software, used to trigger back ups of data files on Windows servers in case of computer crashes or other problems, was first discovered in March by security firm iDefense.
Veritas has issued patches for the vulnerability, which the company and iDefense announced last week.
U.S.-CERT said in the warning that the exploit code is publicly available and that it has seen a spike in attack attempts, a situation Moyle said was to be expected.
"In most cases, once a vulnerability is published, exploit code, software that attacks the vulnerability, is published as well," he said. Once exploit code does become available, the frequency of active attack spikes for a period of time after the publication, as it is very easy for attackers to gain access to the exploit and use it to break into machines."
Delay in Installing Patches
The patches will take care of the problem, but they are not always promptly installed.
"It is extremely difficult for enterprises to keep ahead of a vulnerability like this, particularly when the timeframe to deploy the patch is so small as it was with this vulnerability," Moyle said.
"In this case, the patch for this flaw became available on the 22nd and exploit code was available on the 24th. Most IT departments understand the need to install patches quickly, but I think that in this case, the small window of time between when the patch was released and when exploit code was available made this incident a particularly difficult one for enterprises to address."
DVD Jon Gets Into Google Code June 30, 2005
Analysts said there are likely two reasons why Google is not yet making paid content available. First, the company does not have its payment mechanism in place. Second, Google has a tradition of releasing new software in beta for consumers to test so the company can fix any known bugs before launching the final version.
Related Stories
Adoption of Alternate E-Mail Security Technologies Pushed June 25, 2005
"Each protocol provides different answers to different problems involving e-mail security issues. But both new protocols deal with sender authentication," Thomas Gillis, senior vice president for worldwide marketing at IronPort Systems, said.
Better PC Security Years Away June 22, 2005
John Pescatore, research director for Internet security for the Gartner Group, said future secure desktops will act more like mainframes than PCs. "You would still have this area on your PC with its own separate disk storage and software that you could screw up and get viruses that would chew everything up, but there would also be this safe, trusted execution environment where I could do really secure things."
Report Suggests Security Software Attacks Increasing June 21, 2005
Yankee Group recommended quality assurance and penetration testing measures such as reviewing security designs early and often; integrating security tests into regular software builds; reviewing code base; and truly simulating the tactics of an attacker.
Companies Not Keeping Up With Network Security Needs June 21, 2005
Vernier President and CEO Simon Khalaf said that the survey revealed some "shocking" findings about companies' knowledge level about internal network security. "Companies did not realize how open their network and their systems are to attacks from within the company," he said.
Related News Alerts
More by Susan B. Shor
Salesnet President Jonathan Tang Ready to Take On Salesforce.com February 07, 2006
"We think it's Salesnet's time now. We've been around since the beginning, we've been lying low, but you're going to start to see more of us. We've done it through organic growth and happy customers. We continue to focus on customers."
Comcast Follows Time Warner in Offering 'Family' Programming Tier December 23, 2005
"The demand for this type of tier is coming from the FCC and Christian conservatives. It has nothing to do with legitimate consumer demand," Todd Chanko, senior analyst at Jupiter Media, told the E-Commerce Times.
High-Risk Flaw Found in Symantec's Software December 22, 2005
"Part of the significance of this vulnerability announcement is that your machine can be exploited without you needing to do anything at all. You don't even have to open an e-mail or attachment, and this happens with the default configuration of the product," said Forrester Research senior analyst Michael Gavin.
Headline Feeds
Talkback: 
