Week in Security: SQL Worm, Microsoft And Cisco Vulnerabilities


Here's a rundown of some of the events, announcements and other happenings in information security last week:

• Security companies warned of an Internet worm targeting Microsoft SQL servers. Dubbed various names, including Spida, the worm tries to compromise Microsoft SQL servers using the default SQL administrator account, "SA," and a blank password. The worm is not destructive to the system it infects, but can generate a damaging amount of network traffic as it scans for more targets, according to Internet Security Systems' X-Force research team. Antivirus vendors rated the worm as low risk.

• Microsoft issued an alert about an authentication flaw in a Windows debugging tool that could allow an attacker to gain control of a system. In order to exploit the flaw, an attacker would have to log on interactively to the system, either at the console or through a terminal session, Microsoft said. Details are in Microsoft Security Bulletin MS02-024.

• Cisco Systems issued an advisory about several vulnerabilities discovered in Cisco IP Phones, models 7910, 7940, and 7960. One of the security flaws allows unauthorized modification of the phone's configuration while the rest of the flaws cause the phone to restart when certain types of network traffic are received, Cisco said. Details about the vulnerabilities and workarounds are available at http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml.

• TA Associates completed a minority investment of $60 million in Sophos, a corporate antivirus software maker headquartered in the United Kingdom, to help drive the company's U.S. business. TA Associates is a Boston-based private equity and buyout firm.

• Zone Labs, a maker of personal firewalls and other security products, said it won $24.5 million through a Series C round of financing. New investors include JK&B Capital, BA Venture Partners and Capital Guardian Trust Company.

• Symantec announced VelociRaptor 1.5, the latest version of its firewall and VPN appliance. The product now provides support for Advanced Encryption Standard (AES), new proxy functions to secure videoconferencing, and has an optional integrated high-availability/load-balancing feature. The VelociRaptor appliances comes in three models: The 1100 costs $4,495 and comes with a 100-node license; the 1200 costs $9,995 and comes with a 250-node license; the 1300 costs $14,995 and provides an unlimited node license.

• PoliVec, Mountain View, Calif., said its PoliVec Enforcer software, which monitors systems for compliance with written security policy, is now available. The company said the software rounds out its product suite, which provides companies with the ability to automate the process of creating, implementing and auditing written security policy.