ADVISORY/AppShield Software From Sanctum, Inc. Blocks Latest Microsoft IIS Server Hole From Attack; Recently Announced Vulnerability Exists on Estimated 5,000,000 Web Sites.Business/Technology Editors ADVISORY...for Monday (May 7) SANTA CLARA Santa Clara, city, Cuba Santa Clara (sän`tä klä`rä), city (1994 est. pop. 217,000), capital of Villa Clara prov., central Cuba. , Calif.--(BUSINESS WIRE)--May 7, 2001 In an announcement released last week, Microsoft strongly urged network administrators using IIS (Internet Information Services) Microsoft's Web server. IIS runs under the server versions of Windows, adding HTTP server capability to the Windows operating system. 5.0 Web Servers running on the Windows 2000 Server series to patch a newly discovered buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. security flaw. Web-based printer support enabled by default in IIS can be used to overload the buffer to exploit an automatic restart feature in Windows 2000 from which a hacker can easily gain remote access to the server. An estimated five million Web sites currently running Microsoft IIS Microsoft IIS - Internet Information Server need to install the patch. By its very nature, the large amount of code generated by Microsoft contains flaws that leave Web applications open to attack. Typically, new holes are discovered by a hacker, the bug is widely publicized and then the vendor posts a fix on its Web site. The key problem with patches is patch latency, the delay between the software supplier creating a patch and the actual deployment throughout an affected organization. Patches for flaws are distributed almost daily but the problem is a perpetual cycle of reactive quick fixes rather than a truly comprehensive security defense. "With over 50% of commercial Web sites using Microsoft's IIS Web Servers, one security flaw like this clearly exposes millions of businesses and their data on the Web," said Izhar Bar-Gad, CTO (Chief Technical Officer) The executive responsible for the technical direction of an organization. See CIO and salary survey. of Sanctum, Inc. "It is impossible to stay in front of these security vulnerabilities with a manual solution. Sanctum's AppShield is an automated security solution that protects a company's mission critical information from any type of application manipulation including hacks such as buffer overflow, cross-scripting and parameter tampering Modifying elements in the URL sent to a Web site in order to obtain unauthorized information. User queries are often passed to the database in the Web server by appending search arguments to the URL used to locate the site. ." WHO: Izhar Bar-Gad, Chief Technology Officer, Sanctum, Inc. (Santa Clara, Calif.) WHAT: Expert commentary on hacking and common Web application vulnerabilities WHERE: Bar-Gad is available by phone or in person in the San Francisco Bay-Area Izhar Bar-Gad is the Chief Technology Officer for Sanctum. Prior to joining the Sanctum team, he was a project leader for Amdocs in Israel for both the Infrastructure and Advanced Research groups. During his military service in the Israeli Defense Forces, Bar-Gad led the development of a large software project involving communications and information security. Mr. Bar-Gad holds a Bachelor of Science Noun 1. Bachelor of Science - a bachelor's degree in science BS, SB bachelor's degree, baccalaureate - an academic degree conferred on someone who has successfully completed undergraduate studies degree from Tel-Aviv University, and a Masters degree from the Hebrew University Hebrew University of Jerusalem, at Mt. Scopus, Givat Ram, Ein Karem, and Rehovot, Israel; coeducational. First proposed in 1882, formally opened 1925. It is the world's largest Jewish university and is noted for its work on the Dead Sea Scrolls. , Jerusalem. He is currently a Ph.D. candidate in "Neural Computation" at Hebrew University. For more information, contact Drea Garrison or Tara Dugan, Schwartz Communications, Inc. at 415-512-0770. About Sanctum, Inc. (www.SanctumInc.com) Founded in 1997 and headquartered in Santa Clara, Calif., Sanctum, Inc. pioneered the market for Web application security and control software. Sanctum software works autonomously and continuously to monitor how individuals interact with Web applications. By detecting and defending against any unauthorized behavior, Sanctum prevents application perversion Perversion See also Bestiality. bondage and domination (B & D) practices with whips, chains, etc. for sexual pleasure. [Western Cult.: Misc. , even if a site has unknown security holes or flaws. Sanctum's customers include industry leaders in banking, retailing, finance, government and telecommunications. Privately held, Sanctum is funded by blue-chip venture capital firms Name Location Founding date Managing Partners/Directors Specialty Capital managed 5AM Ventures Menlo Park, CA; Waltham, MA 2002 John Diekman, PhD (managing partner), Scott Rocklage, PhD (managing partner), Andrew Schwab (managing partner) life sciences $200M [1] and industry leaders including Sequoia Capital, Walden, Sprout Group and Intel Corporation. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion