Symantec recently revealed that recent versions of their Symantec Security Check tool contain a buffer overflow vulnerability. The flaw lies in an ActiveX control installed by the tool. If a user with the affected control user visits a malicious web site, it could invoke the exploit, potentially executing arbitrary code. Symantec has replaced the control with a fixed one, so recent visitors should return and run another system scan, which will replace the installed control on their systems with the fixed one. Ambitious users can also remove the control manually by rebooting and, at the command prompt, removing the file "%SystemRoot%\Downloaded Program Files\rufsi.dll". You must not visit the Symantec Security Check site between the reboot and removing the control.
A scanner the government is testing for Airport screening reveals much more than meets the eye to be comfortable for most passengers. Susan Hallowell, director of the Transportation Security Administrations security laboratory, sacrificed a large measure of her own modesty Wednesday to demonstrate the problem. She stepped into a metal booth that bounced X-rays off her skin to produce a black-and-white image where she showed up naked -- except for the gun and bomb she had hidden under her outfit. David Sobel, general counsel for the Electronic Privacy Information Center in Washington, thinks most people will object to the technology. Others proclaimed it "a whole lot nicer than having someone pat me down," according to Randal Null, the agencys chief technology officer.
A partnership between Computer Associates (CA) and SteelCloud will deliver CAs eTrust family of security technology in the form of rack-mounted appliances that are "hardened" to reduce their vulnerability to attack. SteelCloud will soon offer a family of enterprise security appliances using eTrust antivirus and intrusion detection technology, the company said this week. The SteelCloud Anti-Virus Gateway (AVG) 3000 will run CAs eTrust Antivirus software and will sell for just under $20,000. The partnership with Computer Associates is SteelClouds first attempt at packaging a hardware appliance under its own name and Computer Associates first try at a security appliance.
The Information Technology Association of America (ITAA)