Symantec late on Friday released an update for AntiVirus Corporate Edition 9.0 to fix a security weakness that was disclosed earlier last week. The unpatched software stores usernames and passwords in plain text in a log file when connecting to an internal LiveUpdate server for updates. One scenario in which these credentials could be abused is by a local attacker to gain higher privileges, according to a post on the Bugtraq mailing list last week.
Symantec has now updated its LiveUpdate client to address the problem, according to a security advisory. Still, the company recommends that LiveUpdate user accounts are unique for accessing LiveUpdate only, and have no other system access. Symantec ranks the password problem "medium" risk.
Join the conversation
Comment replyThe posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Join the conversation