Feeds

BlackICE slips up over serious security risk

Modified ping flood attack

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Security tools vendor ISS is warning of a potential denial of service risk to its range of desktop firewall/intrusion protection systems.

Crackers might be able to crash or disrupt affected versions of its BlackICE Defender and BlackICE Agent desktop products, and affected versions of RealSecure Server Sensor using a modified ping flood attack, it has been discovered.

The vulnerability could allow attackers to execute arbitrary code (which could be a virus or Trojan horse backdoor) on targeted computers, ISS warns.

A flaw in routines used for capturing transmitted packets is behind the problem.

Most corporate firewalls already block ICMP-based attacks (like ping flood) from external IP addresses, so the risk isn't that serious for enterprise users. That said, the vulnerability stills counts as an embarrassing oversight by ISS, especially after it made considerable play in highlighting a lesser DoS risk affecting its open source competitor, Snort, less than a fortnight ago.

ISS has developed and is testing fixes for the vulnerability. Details of what patches are available now, and details of suggested workarounds (which involve blocking ICMP packets) can be found here. ®

Related stories:
Stealth encoding bypasses IDS protection
Denial of service warning for network security tool
IDS users swamped with false alerts
Network ICE CTO responds to further BlackICE criticisms
ISS to acquire Network ICE
Different approach to intrusion detection touted
Carnivore substitute keeps Feds honest
Network Ice posts do-it-yourself Carnivore kit

Choosing a cloud hosting partner with confidence

More from The Register

next story
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
4chan outraged by Emma Watson nudie photo leak SCAM
In the immortal words of Shaggy, it wasn't me us ... amirite?
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.