• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Symantec Enterprise Software Has a Big Security Hole

    May 30, 2006 Timothy Prickett Morgan

    We don’t normally worry too much about what is going on with the security of Windows desktops–well, at least not editorially in this newsletter. But as users of Windows desktops and laptops, as most of you are, we get a little concerned about security holes and the potential havoc they can wreak in the data center and on the desktops.

    With that in mind, we just wanted you to be aware that Symantec has issued a statement that there is a stack overflow vulnerability in its Symantec Client Security 3.1 and Symantec AntiVirus Corporate Edition 10.1 software. The vulnerability is such that it can allow someone local or remote to potentially take over the machine and execute code on your machine. The hole does not require a hacker to authenticate on your machine or for you to do anything at all, so it is a good thing that there is not an exploit available for this security hole. Basically, the antivirus portion of the program is an open door right now as I write this. Apparently, the low-end desktop products do not have this vulnerability, which is a bit peculiar.

    eEye Security, a security software firm that sells complimentary products for managing network security, put out a statement on May 24 saying it had discovered the vulnerability. On May 25, Symantec’s software engineers verified that this vulnerability exists and released a statement itself. Symantec has released intrusion detection system (IDS) signatures to help security officers detect when this vulnerability is being exploited, and further advises everyone to be careful opening attachments and surfing the Web, since code can just run if it sniffs you out. Symantec is working on a patch for this hole. The tricky bit is that as soon as a patch is released, hackers will be able to craft an exploit instantly. So keep your Symantec software up to date.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: mtfh_rc, Volume 15, Number 22 -- May 30, 2006

    Sponsored by
    UCG Technologies

    CYBER-ATTACKS ON THE RISE. PROTECT WITH THE TRIPLE PLAY.

    COVID-19 has not only caused a global pandemic, but has sparked a “cyber pandemic” as well.

    “Cybersecurity experts predict that in 2021, there will be a cyber-attack incident every 11 seconds. This is nearly twice what it was in 2019 (every 19 seconds), and four times the rate five years ago (every 40 seconds in 2016). It is expected that cybercrime will cost the global economy $6.1 trillion annually, making it the third-largest economy in the world, right behind those of the United States and China.”1

    Protecting an organization’s data is not a single-faceted approach, and companies need to do everything they can to both proactively prevent an attempted attack and reactively respond to a successful attack.

    UCG Technologies’ VAULT400 subscription defends IBM i and Intel systems against cyber-attacks through comprehensive protection with the Triple Play Protection – Cloud Backup, DRaaS, & Enterprise Cybersecurity Training.

    Cyber-attacks become more sophisticated every day. The dramatic rise of the remote workforce has accelerated this trend as cyber criminals aggressively target company employees with online social engineering attacks. It is crucial that employees have proper training on what NOT to click on. Cyber threats and social engineering are constantly evolving and UCG’s Enterprise Cybersecurity Training (powered by KnowBe4) is designed to educate employees on the current cutting-edge cyber-attacks and how to reduce and eliminate them.

    A company is only as strong as its weakest link and prevention is just part of the story. Organizations need to have a quick response and actionable plan to implement should their data become compromised. This is the role of cloud backup and disaster-recovery-as-a-service (DRaaS).

    Data is a company’s most valuable asset. UCG’s VAULT400 Cloud Backup provides 256-bit encrypted backups to two (2) remote locations for safe retrieval should a cyber-attack occur. This is a necessary component of any protection strategy. Whether a single click on a malicious link brings down the Windows environment or an infected SQL server feeds the IBM i, once the data is compromised, there is no going back unless you have your data readily available.

    Recovery is not a trivial task, especially when you factor in the time sensitive nature of restoring from an active attack. This leads to the third play of the Triple Play Protection – DRaaS.  Companies have myriad concerns once an attack is realized and a managed service disaster recovery allows employees to keep focus on running the business in a crisis state.

    The combination of training employees with secure backup and disaster recovery offers companies the best chance at avoiding financial disruption in an age of stronger, more frequent cyber-attacks.

    Reach out to UCG Technologies to discuss your company’s security needs and develop a data protection plan that fits you best.

    ucgtechnologies.com/triple-play

     800.211.8798 | info@ucgtechnologies.com

     

    1. https://theconversation.com/cyberattacks-are-on-the-rise-amid-work-from-home-how-to-protect-your-business-151268

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: Setting Up Unattended i5 Server IPLs The Inside Stories of the Innovation Award Winners

    Leave a Reply Cancel reply

TFH Volume: 15 Issue: 22

This Issue Sponsored By

    Table of Contents

    • Symantec Enterprise Software Has a Big Security Hole
    • IBM Buys Rembo for Bare-Metal Server and Desktop Provisioning
    • Server Sales Decline for the Second Straight Quarter
    • Database Sales Grew in 2005, Say IDC and Gartner
    • IBM to Buy SAP? Why Not?
    • Outsourcing, Offshoring on the Rise in North America, Evans Data Survey Says
    • Business Continuity Planning Part 2: Disaster Without Warning
    • DataMirror’s Sales Decline in Its Fiscal First Quarter
    • As I See It: Net Reality
    • IBM Names Eight New IBM Fellows, But Forgets One

    Content archive

    • The Four Hundred
    • Four Hundred Stuff
    • Four Hundred Guru

    Recent Posts

    • Why Open Source Is Critical for Digital Transformation
    • mrc Refreshes IBM i Low-Code Dev Tool
    • Unit Testing Automation Hits Shift Left Instead of Ctrl-Alt-Delete Cash
    • Four Hundred Monitor, March 3
    • IBM i PTF Guide, Volume 23, Number 9
    • Doing The Texas Two Step From Power9 To Power10
    • PHP’s Legacy Problem
    • Guru: For IBM i Newcomers, An Access Client Solutions Primer
    • IBM i 7.1 Extended Out To 2024 And Up To The IBM Cloud
    • Some Practical Advice On That HMC-Power9 Impedance Mismatch

    Subscribe

    To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

    Pages

    • About Us
    • Contact
    • Contributors
    • Four Hundred Monitor
    • IBM i PTF Guide
    • Media Kit
    • Subscribe

    Search

    Copyright © 2021 IT Jungle

    loading Cancel
    Post was not sent - check your email addresses!
    Email check failed, please try again
    Sorry, your blog cannot share posts by email.