Week In Security: SQL Patch, Klez Variant, Mixed Earnings


Here's a rundown of some of the events, announcements and other happenings in information security last week:

• Microsoft issued a patch for a security vulnerability affecting SQL Server 7.0 and 2000. Microsoft said the software includes extended store procedures, which have a flaw that makes them susceptible to buffer overruns which could allow an attacker to gain control of the database and possibly the server itself. Microsoft also issued a patch for two security flaws in Internet Explorer for Macintosh that could allow an attacker to run arbitrary code.

• Sun Microsystems appointed security expert Whitfield Diffie to its newly created position of chief security officer. The company also announced the appointment of Joanne Masters as director of the newly created Sun Global Security Program Office. Sun said the CSO and the new global security program will advocate Sun's security offerings and educate customers and partners on security issues.

•A new variant of the Klez worm circulated on the Internet, mostly in Asia and Europe. The W32.Klez.H worm, like its predecessors, spreads via e-mail with random subject lines and attachments and tries to disable antivirus software, security vendors said.

• Finjan Software, Los Gatos, Calif., unveiled a new worldwide channel partner program to recruit and train VARs and systems integrators. The three-tier program includes sales and technical training, account management, technical support, marketing and lead-generation activities. In addition to reselling Finjan's security and Internet content management software, the program enables partners to offer new professional services, including security audits and assessments.

• Internet Security Systems, Atlanta, reported pro forma first-quarter earnings that met Wall Street expectations. The software vendor reported pro forma net income of $4.7 million on revenue of $58.4 million for its first quarter, excluding non-cash acquisition charges.

• SonicWall, Sunnyvale, Calif., posted pro forma first-quarter earnings that missed Wall Street estimates by a penny. The vendor reported pro forma net income of $1.7 million, or 2 cents per share, on revenue of $28.1 million. That compares to a net income of $5.2 million on revenue of $24.6 million for the same quarter a year ago.

SonicWall also rolled out an upgrade to its Global Management System (GMS), a tool that allows companies to centrally manage distributed security deployments. GMS Standard Edition 2.2 manages RedCreek Ravlin devices running firmware version 3.8 and features support for Windows XP, Oracle 9i and SQL Server 2000 Service Pack 2.

• Secure Computing, San Jose, met analyst expectations for its first quarter, reporting a net loss of $1.3 million, or 4 cents per share, on revenue of $13.5 million. That compares to a net loss of $4.5 million on revenue of $11.2 million for the same quarter a year ago.

• WatchGuard Technologies, Seattle, announced mobile user VPN software for Windows XP with integrated personal firewall and encrypted VPN configuration files.

• Symantec said it plans to develop the first enterprise-level, full-application inspection proxy firewall for the IBM eServer iSeries for Linux. The project is expected to be released later this year.

• RedSiren Technologies, a security-services firm in Pittsburgh, named Douglas Goodall as president, CEO and director. He replaces Harvey Pollack, who will be executive vice president and focus on strategic acquisitions in North America and Asia.

• Rainbow eSecurity, a Rainbow Technologies company, Irvine, Calif., said its Sentinel software now secures applications developed for Microsoft's .Net platform. Sentinel software protects developers and ISVs from illegal licensing and distribution.

•Dallas-based Entrust launched TruePass 6.0 software with enhanced authentication features, including token and smart-card support, roaming authentication with local generation of the digital identity and local workstation digital ID storage. Several third-party vendors, including Rainbow eSecurity, announced plan to integrate their products with the software.