Week In Security: N+I Product Rollouts, MSN Chat Vulnerability


Security was a hot topic at NetWorld Interop, held last week in Las Vegas, with vendors releasing a slew of new or upgraded products as well as new partnerships. Here's a rundown of that news, along with other happenings in information security last week:

  • Enterasys Networks
  • unveiled a new version of its Dragon Intrusion Detection System product line that features a modular architecture, increased performance and improved Web-based management.

  • SecureLogix
  • released TeleVPN Secure Call System, a circuit-switched VPN to secure communications over the Public Switched Telephone Network (PSTN).

  • WorldCom
  • and Internet Security Systems (ISS) unveiled an agreement under which WorldCom will offer ISS' managed network protection, intrusion-event monitoring, remote scanning and antivirus services.

  • Neoteris
  • , Mountain View, Calif., will roll out a new version of software for its "instant virtual extranet" appliances, which provide secure remote access to corporate resources from a standard Web browser. The new software includes native support for RSA Security's SecurID two-factor authentication. Neoteris also unveiled an addition to its product line, EmployeeAcess150, which targets enterprises with between 100 and 500 employees. Pricing for the device, which supports 50 simultaneous users, starts at $9,995.

  • IntruVert Networks
  • , a start-up in San Jose, Calif., plans to unveil its IntruShield line of intrusion-detection products, which combine signature, anomaly and denial-of-service techniques in one appliance. The product comes in two versions, the I-2600 for midsize to large networks ($34,995) and the I-4000 for the core of the enterprise ($99,995). Availability is slated for summer.

  • Microsoft
  • issued a patch for a buffer overflow vulnerability in the MSN Chat control that the company said could allow an attacker to run any code on the compromised computer. In order for an attacker to successfully exploit the vulnerability, a user must have installed MSN Chat control, MSN Messenger or Microsoft Exchange Instant Messenger. Microsoft said that by default, no version of Windows is vulnerable to this attack. MSN Chat control is available as a Web download from several MSN Chat sites and is included with MSN Messenger 4.5 or later and with the Exchange 2000 Instant Messaging service, the company said.

  • Security-services firm RedSiren Technologies said it will acquire Lawrence, Kan.-based Secure Network Group. The purchase price was not disclosed.