July 30, 1998 12:50 PM PDT
Security firms target email flaw
To be clear, some companies are offering free patches and add-ons to current products. But a handful of vendors are viewing the discovery of the flaw as an opportunity to sell new products.
As earlier reported, a security hole in three of the most popular email programs has been identified by a team of researchers at a Finland university, raising the possibility that hordes of users may have to upgrade their software.
The security glitch affects the way email clients handle file attachments with extremely long file names. When a user attempts to download, open, or launch a file attachment that has a name greater than 200 characters in length, the action might cause the email software to crash. At that point, a skilled hacker could possibly run arbitrary code in the computer's memory, according to a security bulletin posted yesterday by Microsoft.
Today, Network Associates said that it will update its Internet security products to address the newly discovered security threat.
Network Associates said updates to its Net Tools Secure products would detect and block this type of attack. Network Associates will also keep information on its Web site regarding the security risk. The company appealed for customers not to "overreact" to the security loophole as there have been no reports of any actual attacks.
Meanwhile, Internet security software vendor WorldTalk took advantage of the highly publicized security flaw and announced that its email firewall and policy management software WorldSecure Server will protect organizations from the recently discovered security flaw. It also debuted a new version of the server today.
Finally, WebCom, a Web hosting company from Santa Cruz, California, said it has eliminated the potential threat of the email security hole, by implementing a new email server four-tier architecture which identifies attachments with filenames of more than 255 characters within emails and truncates them, which, the company claims, closes the security hole.
Sybari Software, a partner of Lotus Development, used the occasion to remind the market that it protects Lotus Notes against groupware threats, including those that are facing Microsoft and Netscape today. Sybari claims its Antigen product prescans Lotus Notes messages for auto launching features and then detects and disables threats from outside the corporate intranet.
Israeli firm eSafe Technologies also jumped on the bandwagon, claiming its software, eSafe Protect Enterprise, implements a resource protection technology it calls Sandbox Quarantine, which works to protect systems from hackers and other potential malicious attacks, including the recent email bug. The client-level security is integrated with scanning components located on the file servers as well as the corporate firewall, and identifies, isolates, and disables security and other bugs in the system.
Reuters contributed to this report.