Week In Security: Solaris Flaw, NAI-ISS Alliance, SonicWall Restructuring


Here's a rundown of some of the events, announcements and other happenings in information security last week:

• A vulnerability affecting Sun Microsystems' Solaris operating system could allow an attacker to execute code and consume system resources, according to an advisory released by the CERT Coordination Center at Carnegie Mellon University. The flaw, which affects Solaris 2.5.1, 2.6, 7 and 8, is a format string vulnerability in a utility used to listen for remote wall requests on the network, CERT said. Sun was developing patches for the problem last week.

• Network Associates and Internet Security Systems (ISS) unveiled an alliance that includes integrating their technologies and joint research. Under terms of the agreement, Network Associates will integrate ISS' RealSecure intrusion-detection technology with its Sniffer network-management technology, and ISS will integrate Network Associates' McAfee antivirus technology with its IDS products.

• SonicWall revealed a series of cost-cutting measures, including a workforce reduction of between 15 percent and 20 percent, consolidation of office facilities and elimination of duplicate resources resulting from recent acquisitions.

• WatchGuard Technologies, Seattle, rolled out software upgrades for its Firebox III products that features enhanced authentication and Web filtering capabilities. The vendor also announced a new version of ServerLock content integrity software with a new graphical interface that makes it easier for administrators to protect individual parts of the operating system or application files. WatchGuard also launched version 1.1 of AppLock/Web, which provides protection for Microsoft IIS and Web servers.

• 4Front Security, a security consultancy and services firm in Reston, Va., announced its formal corporate launch. The company was founded by CEO Christopher Parker, and Stephen Crutchley, chief security officer, who have a combined 60 years of experience in the IT and information security markets. The firm's partners include Clearswift, eEye Digital Security and Symantec.

• Hitachi Computer Products (America) said its Enterprise Application Security Integration (EASI) Developer Tool is now available. The tool is the latest addition to the Quadrasis EASI Security Unifier software suite, which the company described as a standards-based solution for integrating and managing new and existing security products from multiple vendors.