Week In Security: Code Red Variant, PeopleSoft Vulnerability

• A minor variant of the Code Red worm from 2001 surfaced Tuesday, antivirus vendors said. Called CodeRed.F, it differs in only two bytes from Code Red II, a variant of the original Code Red, according to Symantec. Another worm that surfaced over the weekend, dubbed W32/Deloder, preyed on passwords. However, antivirus vendors rated it as low-risk. According to Network Associates, the W32/Deloder worm spreads via network shares protected by weak passwords.

• The Internet Security Systems X-Force research team issued an alert about a flaw it discovered in the PeopleSoft PeopleTools application framework for the management of human resources, CRM, finance and other functions. Attackers could exploit the vulnerability to write arbitrary files, leading to remote command execution and a compromise of PeopleSoft Web Server installations, ISS said.

• An electrical engineer lost his patent-infringement suit against RSA Security and VeriSign. According to a release issued this week by RSA, engineer Leon Stambler claimed that RSA-marketed products using SSL version 3.0 infringed on three of his patents. On March 7, a Delaware jury issued a verdict in favor of RSA and VeriSign.

• RSA released its new authentication device, the RSA SecurID 6100 USB Token. The product is different from traditional smart-card solutions because it doesn't require a reader infrastructure, which makes it less expensive and easier to deploy, RSA said. The token will be available within 60 days.

id
unit-1659132512259
type
Sponsored post

• WatchGuard Technologies released Firebox 500, an appliance designed for small businesses that provides 75 Mbps of firewall throughput and supports up to 50 mobile user VPN tunnels. The product costs $1,790. WatchGuard also released Firebox V60L for midsize enterprises. Priced at $3,990, the device provides 100 Mbps of firewall throughput and supports up to 150 IPSec VPN tunnels and 250 users.

• SonicWall introduced an upgraded VPN client for small and midsize companies. Called the Global VPN Client, the product features automated policy provisioning and gateway-level management capabilities. Pricing ranges from $50 for a single user to $795 for a 100-user license.

• Entercept Security Technologies unveiled a new version of its intrusion-prevention software with new management features. Entercept 4.0 provides centralized management of up to 5,000 security agents per management server, helping to streamline administration. Prices start at $1,295 to $2,995 per agent and $4,995 per management server.

• Top Layer Networks announced IDS Balancer 4500, which combines network intrusion-detection systems (IDS) for load sharing, increasing their ability and reliability in performing at gigabit and multi-gigabit speeds. Top Layer said it has certified many IDS sensors to work with IDS Balancer 4500, including sensors from Cisco Systems, Computer Associates International, Enterasys Networks and ISS.

• SurfControl released a new version of its Internet content-filtering software for Linux, Web Filter VS 2.3, which features support for major antivirus tools and the ability to filter by individual or group IP addresses. Pricing is about $8 per user, based on an installation of 3,000 users.

• Sybari Software and Interwork Technologies, an Ottawa, Ontario-based distributor, signed an agreement for Interwork to offer Sybari's antivirus, content-filtering and e-mail security products.