Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 4th quarter (Oct-Dec) 1998: Re: Breaking into houses to steal the security systems...

Re: Breaking into houses to steal the security systems...

Christopher Klaus (cklausISS.NET)
Mon, 7 Dec 1998 18:12:15 -0500

> -----Original Message-----
> From: Dr. Mudge [SMTP:mudgeL0PHT.COM]
> Sent: Thursday, December 03, 1998 9:45 PM
> Subject:      Breaking into houses to steal the security systems...
Was:[SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
> In the SAFER bulletin they mention compromising software that was
> explicitly installed as an additional security measure.
> While joking around I was mentioning to some colleagues about the
> attrocity of some (most) of the security related products out there right
> now. Not in what they are claiming to accomplish but in the lack of sound
> coding in their own products. I thought it was pretty much understood but
> the amazed looks on their faces told me otherwise. So I figured I might
> point this out in case that was not an isolated assumption that these
> people had. Hopefuly I'm already preaching to the choir on Bugtraq.
> [Note - though I explicitly mention ISS and Axent they are by no means
> worse or better than others not mentioned here... in addition I am
> referring to older versions of their products. I have not spent time
> looking at their most current releases to verify whether things have
> improved or gotten worse. Please take this for what it is meant to be - a
> general rant about the security vendor world as it stands... not an
> against particular vendors]

The security issues brought up by Dr. Mudge have been fixed for close to 2
years now.  Internet Scanner 4.3 and higher are not affected, but I'd
recommend upgrading to the latest version of Internet Scanner 5.4 or
soon-to-be released 5.6.

We have added a significant number of new security checks since IS 4.3, so
there are probably bigger holes left unexposed on your network then just an
old Internet Scanner if you are still running that. Internet Scanner 5.4
includes many new checks for routers (e.g., Cisco) and IS 5.6 is in beta on
our web with an additional 90 checks for Windows NT. IS 5.6 also contains
Smart Scan technology that leverages known vulnerabilities (ie.,
compromised accounts from certain domains) from one machine and applies to
the rest of the scanned network, thus identifying possible extended paths
for further compromise of the entire network.

I agree with Mudge about trying to write secure products.  At the time that
the issue that Mudge points out was introduced, ISS was less than 10 people
in total.  Since then, ISS is now over 300 people and we have put in place
internal design reviews, source code reviews, and QA to make our products
more secure, reliable, and better quality. We are taking steps to improve
our products as best as we can.