homepage Welcome to WebmasterWorld Guest from 54.198.148.191
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld

Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
Security Researcher Discovers Critical Vulnerabilities in Antivirus Product
engine




msg:4516576
 10:51 pm on Nov 6, 2012 (gmt 0)

Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos and advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices.

Ormandy, who works as an information security engineer at Google, disclosed details about the vulnerabilities he found in a research paper entitled “Sophail: Applied attacks against Sophos Antivirus” that was published on Monday. Ormandy noted that the research was performed in his spare time and that the views expressed in the paper are his own and not those of his employer.
Security Researcher Discovers Critical Vulnerabilities in Antivirus Product [pcworld.com]

 

vincevincevince




msg:4517782
 2:20 pm on Nov 10, 2012 (gmt 0)

I read this, and I had trouble establishing just how risky these security problems are. Did you have better luck?

graeme_p




msg:4517953
 8:54 am on Nov 11, 2012 (gmt 0)

Skimming it: It introduces multiple buffer overflow vulnerabilities AND removes the protection against overflows in Windows Vista and above. It also makes IE a lot more vulnerable to XSS.

These issues have been fixed, but given they have messed up so badly, would you trust them to secure your OS again?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved