Hole Found in Net Security Program
[ note: affected versions appear to be:BlackICE Defender 2.9 on Microsoft Windows 2000 and XP ]
02/08/2002 6:44 PM EST
By D. IAN HOPPER
A programming mistake in a popular consumer Internet protection program can give hackers control over a user's computer, the publisher disclosed Friday.
All current versions of BlackICE Defender and BlackICE Agent, both made by Atlanta-based Internet Security Systems, running on Microsoft Windows 2000 and Windows XP are vulnerable to the attack.
The company released an update Friday evening that plugs the hole. It can be downloaded through the ISS Web site, or through the program itself.
Researchers at eEye Digital Security in Aliso Viejo, Calif., found the problem while probing a related hole in the product discovered earlier this week that lets hackers shut down the target computer. The patch fixes both problems.
BlackICE is designed to protect home computers - particularly ones with high-speed connections - from hacker attacks. Market researcher IDC recently named Internet Security Systems as the worldwide leader in intrusion detection products.
The problem, known as a "buffer overflow," is deep within BlackICE, said eEye's "Chief Hacking Officer," Marc Maiffret.
"It's basically the worst you can get," Maiffret said. "It lets you bypass any sort of protection that might be there."
Without the update program, the hole would let hackers remotely control the victim's computer, steal or modify files, or spy on their Internet habits.
Maiffret said his company suspects that the business edition of the product, known as RealSecure, also may be vulnerable, though that program hasn't been fully tested.
Internet Security Systems is a member of the recently announced National Cyber Security Alliance, made up of top technology companies and government security agencies.
In December, the same eEye team discovered a similar problem in Microsoft's Windows XP operating system t hat would give hackers the same freedom over a person's computer. Microsoft scrambled to create and deploy an update for the system.
apnews.excite.com
more specifics (including some patches) available here....
iss.net |
