homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

Security Researcher Discovers Critical Vulnerabilities in Antivirus Product

 10:51 pm on Nov 6, 2012 (gmt 0)

Security researcher Tavis Ormandy discovered critical vulnerabilities in the antivirus product developed by U.K.-based security firm Sophos and advised organizations to avoid using the product on critical systems unless the vendor improves its product development, quality assurance and security response practices.

Ormandy, who works as an information security engineer at Google, disclosed details about the vulnerabilities he found in a research paper entitled “Sophail: Applied attacks against Sophos Antivirus” that was published on Monday. Ormandy noted that the research was performed in his spare time and that the views expressed in the paper are his own and not those of his employer.
Security Researcher Discovers Critical Vulnerabilities in Antivirus Product [pcworld.com]



 2:20 pm on Nov 10, 2012 (gmt 0)

I read this, and I had trouble establishing just how risky these security problems are. Did you have better luck?


 8:54 am on Nov 11, 2012 (gmt 0)

Skimming it: It introduces multiple buffer overflow vulnerabilities AND removes the protection against overflows in Windows Vista and above. It also makes IE a lot more vulnerable to XSS.

These issues have been fixed, but given they have messed up so badly, would you trust them to secure your OS again?

Global Options:
 top home search open messages active posts  

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved