Information Security News mailing list archives
The Breach That's Shocking the Firewall Industry
From: InfoSec News <isn () C4I ORG>
Date: Fri, 26 May 2000 02:23:56 -0500
http://www.businessweek.com/bwdaily/dnflash/may2000/nf00526f.htm?scriptFramed The Breach That's Shocking the Firewall Industry Network Associates' vaunted Gauntlet firewall system crumbled during an outside engineer's routine audit In an age of increasing hacker attacks, calling any computer-security product "The World's Most Secure" would seem to be inviting disaster. But that didn't stop Network Associates (www.nai.com) from proudly making the claim about its flagship Gauntlet firewall system. In fact, this month's issue of Network magazine gives Gauntlet its prestigious "Security Product of the Year" award. That was no consolation on May 19, when a San Diego computer engineer found a flaw in Gauntlet while performing a routine security audit, BW Online has learned. The flaw, if exploited, could allow hackers to break into tens of thousands of supposedly protected computer networks. The engineer, Jim N. Stickley, immediately notified Santa Clara (Calif.)-based Network Associates and helped it come up with a fix for the program. But the breach was a shocker for the firewall industry as a whole. "If companies that specialize in security can't write secure software, what should we expect of the rest of the world?" says Elias Levy, the chief technology officer of computer security Web portal SecurityFocus.com (www.securityfocus.com). NA quickly hustled out the corrective "patch" over the weekend of May 20-21. And Stickley says he still believes that the Gauntlet product, despite the flaw he discovered, will frustrate the vast majority of intruders. Still, the breach set off what NA says was a "massive response," as its sales reps scrambled to notify thousands of Gauntlet customers. [...] ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- The Breach That's Shocking the Firewall Industry InfoSec News (May 26)