Security Web Digest: Customers Hit By Problem In McAfee GroupShield

Bug was patched months ago, but can corrupt Exchange message store on unpatched systems Computer Associates plans new client protection software Fortinet adds intrusion prevention Trusted Network Technologies secures fu


Network Associates confirmed Thursday that in the past two days, four customers have been affected by a problem in its McAfee GroupShield 5.2 antivirus software for Exchange 2000 servers. A fifth company discovered the issue, but didnt suffer a crash, the security software maker said. The vulnerability causes the GroupShield software to crash -- corrupting the Exchange message store -- when an e-mail message with certain characteristics is received by Exchange servers. A patch for the flaw was issued to clients in January, said Network Associates, but apparently, several corporations have yet to apply the fix.

Computer Associates this fall plans to ship security and policy-enforcement software to fight viruses and spam, to filter Web content in accordance with corporate use policies, and to block peer-to-peer file sharing. CAs eTrust Secure Content Management marks the first time CA has sought to integrate security for the Web, e-mail and file transfers into one software package. Ian Hameroff, CAs business manager for security solutions, said eTrust Secure Content Management will cost $55 per seat, but only half that for users of CAs antivirus products that want to upgrade.

Fortinet is adding intrusion prevention software to its multifunction security platform, enabling customers to block a range of threats or suspected attacks. The new intrusion prevention platform is configured to block more than 30 known attacks such as denial of service and distributed DoS, syn floods and other protocol floods, buffer overflows, ping of death and port scanning. The 2.5 version of its FortiOS software for FortiGate appliances also upgrades its virus scanning intrusion detection, firewall and VPN capabilities.

Trusted Network Technologies on Monday announced that it completed a $6 million first round of financing co-led by Boston-based Charles River Ventures and Flagship Ventures. The Security software startup stops misuse on internal networks by ensuring that only authorized users can access protected systems and applications while making those same assets essentially invisible to unauthorized users, the company said in a statement. According to company founder and CEO Stephen Gant, the app provides user access control by embedding a two-factor identity -- one linked to the user and the other to the system -- into each session request. Authentication requires no extra steps be taken by the user, and theres no impact on network operations, Gant said.


Writing the final chapter of the six-year legal battle over the domain name, the U.S. Supreme Court last week rejected the appeal of Stephen Michael Cohen, the man found to have illegally hijacked the domain. "Cohen has tried unsuccessfully both in the Ninth Circuit and, most recently in the Supreme Court, to overturn the $65 million judgment against him. There is nowhere else for him to try to appeal; the judgment is final," said Pamela Ureta, an attorney for Gary Kremen, founder of In September 2002, the U.S. Court of Appeals for the 9th Circuit approved a $65 million award in Kremen v. Cohen, setting the wheels in motion for Kremen to regain control of and collect a substantial judgment from Cohen, including $25 million in punitive damages.