NWC | Buzzcut | NAI Follows Through |

NEWS BLOGS FORUMS NEWSLETTERS RESEARCH EVENTS DIGITAL LIBRARY CAREERS

IMMERSE YOURSELF:

Storage & Servers

N E W S / A N A L Y S I S

NAI Follows Through

October 10, 2002
By Mike Fratto

A buffer overflow has been discovered by Foundstone in all versions of Pretty Good Privacy Corporate Desktop 7.1. And Network Associates has issued a hot fix.

The overflow occurs when PGP Corporate Desktop tries to decrypt a PGP archive that contains a file name with more than 200 characters. Foundstone was able to run arbitrary code by sending a PGP-encrypted archive containing a long file name using a proof-of-concept exploit the vendor developed.

It's commendable that even though Network Associates is in the process of divesting itself of interests in PGP, it researched the problem and issued a patch. NAI could have passed the problem off to PGP Corp. In the turmoil of a company transition, the vulnerability may not have received the attention it deserved.

That's not to say that NAI jumped on the problem without prodding. Foundstone did have to get to the right person at NAI. But this event serves as a good example of responsible disclosure. All vendors should be so responsive

--Mike Fratto

Looking for a new job?
Open | Close

Post Your Resume

Employers Area

News & Features

Blogs & Forums

Career Resources

Browse By:
State | City

SPONSOR

RECENT JOB POSTINGS

Featured Jobs:

Boeing seeking Software Engineer 5 in Anaheim, CA

KForce seeking Inside Sales Associate in San Diego, CA

Amalgamated Bank seeking Chief Information Officer in New York, NY

Apollo College seeking Medical Billing and Coding Instructors in Albuquerque, NM

Allstate seeking Exlusive Agent in Las Vegas, NV

For more great jobs, career-related news, features and services, please visit our Career Center.

CAREER NEWS

IT Jobs Stabilize; Tech Unemployment Rate 5.5%

The tumbling of IT jobs stopped in the second quarter, as the IT sector added about 44,000 jobs.

Oracle Execs See First Hints Of IT Spending Turnaround

It's just a glimmer, but Oracle is starting to see a bit of light at the end of the recession tunnel.

More articles from our career center


Today's Most Popular Stories • Rolling Review: SOA Appliances • Making The Move To Multicore • Rolling Review: Web 2.0 Tools Demand A Cautious Approach • Rolling Review: Windows Server 2008 Server Core
Today's News Analysis • Amazon EC2 Entices Innovative Uses With Persistent Storage • AIG Private Client Group Diagnoses SOA Glitches With BMC Solution • CA Emphasizes Holistic Enterprise IT Management • Apple Previews Its Next Mac OS 'Snow Leopard'
REPORTS Analyize In-Line NAC strategies and products.	ANALYTICS Plan and design your enterprise blade server deployments

2009 IT Salary Survey: Meager Raises, Solid Prospects

Though raises are notably smaller than a year ago, and job security�s shrinking, IT careers are looking safer than many others in this economic downturn. Get all the findings in InformationWeek's 2009 IT Salary Survey. Available FREE for a limited time.