Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
November 7, 2012 04:05 am

Google Security Engineer Issues Sophos Warning


angry tapir writes "Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster. Ormandy has released a scathing 30-page analysis (PDF) 'Sophail: Applied attacks against Sophos Antivirus,' in which he details several flaws 'caused by poor development practices and coding standards,' topped off by the company's sluggishly response to the warning he had working exploits for those flaws. One of the exploits Ormandy details is for a flaw in Sophos' on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the 'wormable, pre-authentication, zero-interaction, remote root' affected all platforms running Sophos. (Ormandy released the paper as an independent researcher, not in his role as a Google employee.)"

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/9mbVo8_SxBE/google-security-engineer-issues-sophos-warning

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot