RAZOR, BindView's Newly Named Security Team, Discovers `Syskey Bug' on Microsoft NT Feature; Top Security Experts Join RAZOR.Business/Technology Editors HOUSTON--(BUSINESS WIRE)--Dec. 22, 1999 BindView Corporation (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on :BVEW BVEW Binary View ), the leading provider of IT risk management solutions, today announced that members of its newly named security team, RAZOR, have discovered a security vulnerability on Microsoft NT's Syskey feature and have collaborated with Microsoft to release a hot fix. The company is also announcing the addition of top new security experts to RAZOR to further the advancement of its mission to uncover and alert the public to potentially devastating dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. security vulnerabilities. The Syskey Bug The latest security hole was discovered during the course of RAZOR's ongoing investigation of the latest network security threats and was reported to Microsoft. This vulnerability has been discovered to exist on Syskey, a Microsoft utility that encrypts registry files. Through various means, hackers can gain access to the Security Accounts Manager (SAM) database where valuable user authorization and password hashes are stored. Access to this information can devastate dev·as·tate tr.v. dev·as·tat·ed, dev·as·tat·ing, dev·as·tates 1. To lay waste; destroy. 2. To overwhelm; confound; stun: was devastated by the rude remark. a network. "RAZOR's discovery of the Syskey Bug validates our team's ability to keep networks safe and further underscores our commitment to expose network vulnerabilities and alert the public of these devastating risks," said Scott Blake, security program manager at BindView and head of the security team. "This discovery also demonstrates how we effectively partner with Microsoft to resolve Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. security issues." Microsoft issued a Security Advisory on December 14 that can be downloaded at http://www.microsoft.com/Security/Bulletins/ms99-056.asp and includes a URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. to the hot fix. BindView customers can download BindView's anti-hacker product, HackerShield 2.0 from www.BindView.com and deploy its Rapid-Fire update feature to find out if the bug exists on their networks. The RAZOR Team The BindView security team was formed in 1998. Led by security program manager, Scott Blake, the combined talent of the team can be credited with identifying more than 80 network security vulnerabilities and has played a key role in working with companies like Microsoft to issue patches to these dangerous network threats. Mark Loveless, senior security analyst, is one of the newest members who brings distributed systems Distributed systems (computers) A distributed system consists of a collection of autonomous computers linked by a computer network and equipped with distributed system software. expertise for Unix, Windows NT and Novell NetWare (operating system, networking) Novell NetWare - Novell, Inc.'s proprietary networking operating system for the IBM PC. NetWare uses the IPX/SPX, NetBEUI or TCP/IP network protocols. It supports MS-DOS, Microsoft Windows, OS/2, Macintosh and Unix clients. to the RAZOR team. Loveless, better known as Simple Nomad, the founder of the Nomad Mobile Research Centre, has spent years developing and testing various computer systems for security strengths. Todd Sabin Sa·bin , Albert Bruce 1906-1993. American microbiologist and physician who developed a live-virus vaccine against polio (1957), replacing the killed-virus vaccine invented by Jonas Salk. , senior security analyst, also is one of the newest RAZOR members and is best known as the author of pwdump2. Sabin contributes security expertise to BindView's HackerShield and NOSAdmin for Windows NT products. He conducts research into new host and network vulnerabilities on Windows NT and 2000. Stated Eric Pulaski, president and CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. at BindView, "The efforts of BindView's RAZOR are greatly enhanced by the addition of these new security gurus. As corporate networks continue to expand in scope, security risks become much more prevalent, leaving companies vulnerable to internal and external hacker A person who writes programs in assembly language or in system-level languages, such as C. The term often refers to any programmer, but its true meaning is someone with a strong technical background who is "hacking away" at the bits and bytes. intrusions. Through the efforts of this worldwide team of experts, BindView can minimize potentially devastating risks and continue to provide the necessary products to help corporations keep their networks safe." About BindView Corporation Founded in 1990, BindView provides IT risk management solutions for managing the security, configuration and availability of network operating systems An operating system that is designed for network use. Normally, it is a complete operating system with file, task and job management; however, with some earlier products, it was a separate component that ran under the OS; for example, LAN Server required OS/2, and LANtastic required DOS. , e-services and business applications. Focusing on the critical elements of the corporate IT infrastructure, BindView's award winning products enable corporate IT professionals to effectively leverage their existing technology to achieve their organizations' business goals. More than 7 million licenses of BindView's products have been shipped worldwide to more than 4,500 companies, including 75 of the Fortune 100 and 22 of the largest 25 U.S. banks. Contact BindView via e-mail at info@bindview.com or visit BindView's World Wide Web Site at http://www.bindview.com. BindView can also be reached at (800) 749-8439 or at (713) 561-4000. Editors Note: BindView product names used in this document are trademarks, which may be registered in one or more jurisdictions, of BindView. The names of products of other companies mentioned in this document, if any, may be the registered or unregistered trademarks of the owners of the products. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion