Week in Security: Symantec Names New President, AIM Flaw


Here's a rundown of some of the events, announcements and other happenings in information security last week:

• Symantec named John Schwarz, a former IBM executive and CEO of software company Reciprocal, as president and COO. Schwarz will be responsible for product development, incident response, sales, support, professional services,and partner relationships. John Thompson, Symantec CEO and chairman, formerly held the position of president while the COO position is a new one for the security software vendor.

•America Online said it fixed a security hole in its AIM instant messaging service that security experts said had the potential to allow an attacker to take control of a victim's system. The flaw, a buffer overflow vulnerability in a game feature, affects the latest version of AIM and also a test version of the service, both for Windows.

•A new mass-mailing worm surfaced over the New Year's holiday but was rated a low risk by McAfee, the antivirus division of Network Associates, and Trend Micro. The worm, Maldal.D, spreads through Microsoft Outlook and tries to delete antivirus software and other files. Maldal.D is a variant of the Zacker.C worm from earlier this month, according to security services firm Vigilinx.

•Network Associates Friday said it bought 15.6 acres of land in Plano, Texas, to build a new regional office and boost its presence in the Southwest. The purchase will allow it to capture new opportunities in the Latin American, South American and southwestern U.S. markets, the company said. The price of the land was not disclosed.

The new office will replace the facility that Network Associates leases in the Dallas area. The facility is the company's largest regional office, with 800 employees working in customer support and telesales groups. Scheduled for completion in early 2003, the new office will hold up to 1,100 employees.

•Datakey, a Minneapolis-based developer of smart card technology, unveiled a $1 million order from a U.S. government agency for Datakey smart cards, card readers, and CIP (Cryptoki Interface Provider) client software. The initial order with the agency, which Datakey did not name, is expected to ship by the end of the first quarter and is about 50 percent of the total expected order from that agency. The rollout is scheduled for completion over the next six months.

•Secos, a provider of e-commerce software and services based in Irvine, Calif., unveiled the North American launch of its intrusion-detection software, SecoShield. Tailored for medium to large-size business networks, the product is a network-based intrusion-detection system that was launched in Korea by Secos' sister company, InfosecTechnologies, about two years ago.