News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Coalition establishing spyware blacklist

Meanwhile: A botnet mastermind pleads guilty; flaws affect CA products; Gartner pans Oracle security; and the University of Notre Dame probes a network breach.

Coalition establishes spyware blacklist
An alliance of tech vendors, consumer groups and other entities are setting up a blacklist of companies that distribute spyware and adware. The goal is to get these companies to stop pushing the unwanted programs by publicizing their activities.

The newly formed Stop Badware Coalition will publish the names of companies it considers the worst offenders, showing how they make money through unethical marketing practices and fraud, CNET reported Wednesday. Alliance members include search engine giant Google Inc., PC maker Lenovo, Sun

Spyware and SMBs

Check IT List: Five steps for rootkit detection

Book chapter: The spyware menace

Microsystems Inc., Consumer Reports' WebWatch project, the Berkman Center for Internet & Society at Harvard Law School and the Oxford Internet Institute in England.

The group's Web site,, went live Wednesday. Visitors can use the site to check whether programs they want to download are infected with spyware, adware or other malicious software, and alert others to malicious programs they have found, CNET said.

Botnet mastermind pleads guilty
A hacker who created armies of bot-infested computers and sold them to spammers and others pleaded guilty Tuesday to federal criminal charges in Los Angeles, a prosecutor at the U.S. attorney's office told the IDG News Service.

Jeanson James Ancheta pleaded guilty in a U.S. District Court in Los Angeles to four felony charges and could face five to 25 years in prison, James Aquilina, assistant U.S. attorney at the cyber and intellectual property crimes section of the U.S. attorney's office, told the news service. This marks the first time in the U.S. that a hacker has been convicted of not only creating and spreading malicious code, but also of making money from it, Aquilina said. A sentencing hearing is set for May 1 in the U.S. District Court of California, Central Division.

The FBI arrested Ancheta last November.

Security hole affects multiple CA products
Attackers could exploit a vulnerability in a variety of products from New York-based Computer Associates International Inc. to launch malicious commands of cause a denial of service, the French Security Incident Response Team (FrSIRT) said in an advisory.

The flaw is due to a buffer overflow error in the iGateway component that doesn't properly handle a negative "Content-Length" HTTP header value sent to port 5250/TCP, FrSIRT said. Remote attackers could exploit this to execute arbitrary commands with system privileges on Windows, and cause an iGateway component failure on UNIX and Linux platforms.

FrSIRT said the flaw has been reported in versions of iGateway prior to 4.0.051230, which is included with such products as BrightStor ARCserve Backup, eTrust Audit and various versions of Unicenter. The advisory offers a full list of affected products. FrSirt recommends users upgrade iGateway to version 4.0.051230.

Gartner pans Oracle security
Stamford, Conn.-based research firm Gartner Inc. says Oracle's latest set of vulnerabilities shows the company can no longer be considered a bastion of security.

In an analysis on its Web site, Gartner said that while it supports Oracle's quarterly patching program because it allows system administrators to plan and schedule Oracle maintenance, "the range and seriousness of the vulnerabilities patched in this update cause us great concern. The database products alone include 37 vulnerabilities, many rated as easily exploitable and some potentially allowing remote database access."

Gartner said Oracle's security efforts are falling short on several fronts: Critical Oracle vulnerabilities are being discovered and disclosed at an increasing rate, exploit tools and proof-of-concept code are appearing more regularly on the Internet; Oracle provides only very limited information about vulnerabilities -- far less than is industry-standard -- making it difficult for enterprises to evaluate the risk; the quality and ease of use of Oracle patches still require improvement because of reported installation and stability problems; and Oracle does not describe manual workarounds because they typically do not work across the entire stack of Oracle products. This practice makes it difficult for managers of Oracle systems to make informed risk decisions, Gartner said. The research firm recommended users:

  • Move immediately to shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies.
  • Develop a shielding schedule that coincides with Oracle CPU release dates.
  • Apply the available patches as rapidly as possible, because incomplete information from Oracle will necessarily make shielding incomplete.
  • Use alternative security tools, such as activity-monitoring technologies, to detect unusual activity.
  • Pressure Oracle to change its security management practices.

Bloom leaving Symantec
Cupertino, Calif., AV giant Symantec Corp. announced this week that Vice Chairman and President Gary Bloom will leave the company before the end of March. He also will resign from his position as vice chairman of the board of directors.

"Gary has been a terrific partner in the merger and with the integration of the teams complete, this is a natural time for this transition," John W. Thompson, Symantec chairman and chief executive officer, said in a statement. "I appreciate the dedication and passion he brought to Symantec."

"The strength of the management team at Symantec gives me comfort in deciding to use this transition to take a break after almost 25 years in the high technology industry," Bloom said in the same statement. "I still firmly believe in the strategic rationale for bringing Symantec and Veritas together."

The lines of business currently reporting to Bloom will report directly to Thompson. Bloom's current role as president will not be filled at this time, Symantec said.

Bloom joined Symantec through the company's merger with Veritas Software. Prior to the merger, Bloom had served at Veritas as the chief executive officer from 2000 and as chairman since 2002. Under Bloom's leadership, Veritas grew its revenue to $2.04 billion in 2004, Symantec said.

University of Notre Dame investigates computer breach
The University of Notre Dame is using forensic investigators to investigate a computer system breach that may have exposed personal information. According to All Headline News, hackers may have made off with Social Security numbers, credit card information and check images, Hilary Crnkovich, Notre Dame's vice president of public affairs, is quoted as saying. She added that any donor whose checks were received by the school between Nov. 22, 2005, and Jan. 12, 2006, may be at risk and have been contacted. It is unclear how many donors might be affected.

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.