Calyptix Alerts Multiple Vendors of Security Flaw That Threatens over One Million Networks.CHARLOTTE, N.C. -- Internet security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. firm Calyptix Security has produced research exposing vulnerabilities within security devices of multiple vendors including Redwood City Redwood City, city (1990 pop. 66,072), seat of San Mateo co., W Calif., on San Francisco Bay; inc. 1868. Manufactures include commmunications, electrical, electronic, and medical equipment. , CA-based Check Point Software Technologies. Check Point immediately responded to the report and issued a June 26, 2007 patch to eliminate the noted vulnerability. To date, Calyptix Security has not received technical responses from any other vendors that it has notified. The cross-site request forgery Cross-site request forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. vulnerability verified by Calyptix Security impacts firewalls, unified threat management See UTM. appliances, routers, storage systems and other devices that are managed through a web browser The program that serves as your front end to the Web on the Internet. In order to view a site, you type its address (URL) into the browser's Location field; for example, www.computerlanguage.com, and the home page of that site is downloaded to you. interface, such as Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. , Firefox or Safari. Versions prior to 7.0.45x of the Safe@Office Unified Threat Management device were vulnerable. When the user is logged into a vulnerable device and views a hostile web page crafted by an attacker, the attacker can run commands on the device as if they were done by the user. On the products that Calyptix has tested, these malicious actions include creating new VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. tunnels, adding users, changing passwords, and allowing remote administration - all of which can be done without the user's knowledge. "We rated this vendor's specific vulnerability as a medium threat level," said Calyptix security expert Dan Weber. "For other vendors we've contacted the threat level ranges from low to high, depending upon the implementation by that vendor and how the device is typically used. The potential vulnerability across all notified vendors may place more than one million organizations and the information contained in their networks at risk of exploitation by malicious attacks." Calyptix Security's research and development is directed by internationally renowned authorities in Internet security that have provided cutting edge security knowledge, development and advice to governmental agencies, military branches, financial institutions, large commercial enterprises and academic institutions. Official advisory information reported by Calyptix Security is posted at http://labs.calyptix.com/CX-2007-04.php along with the security team's advice for reducing exposure to risk when using potentially vulnerable devices. Given the potential widespread prevalence of the vulnerability in numerous devices, Calyptix Security strongly urges users of these appliances to follow the practical guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. reflected in the advisory, especially if their vendors have not confirmed or patched the security of their devices for this vulnerability. Calyptix has leveraged its expertise to develop effective and affordable protection for the small to medium sized business sector that is easy to use. Calyptix Security's AccessEnforcer proved to be immune to the aforementioned threat. More information is available on the company's web site. About Calyptix Security Calyptix Security Corporation was founded in 2002 as a developer of all-in-one security solutions for small and medium businesses. AccessEnforcer[TM], the company's premier product, is an all-in-one security appliance Security appliances protect computer networks from unwanted data traffic, intruders, email spam, enforce policies, and may also be used to create and manage VPNs. There are a number of types of security appliances. that deploys DyVax[TM], a proprietary algorithm and inspection engine that has been effectively deployed to dynamically filter email traffic from true zero-day threats without reliance on signatures. DyVax has proven more successful than leading antivirus Refers to detecting and blocking computer viruses. See antivirus program, behavior blocking, virus and virus hoaxes. solutions. For more information, please visit www.calyptix.com. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion