Networking

GuardedNet, developer of an advanced threat management and information security operations software, announces its flagship product, NeuSecure·, first to deliver mission-critical, security threat identification and response, proactive protection, and top-level management of security operations.

NeuSecure solves the issue of "log data overload" by consolidating log data from your current security products, correlating the data, and then providing the "real" threat information needed to make critical decisions...

ovactiond is a component of OpenView by Hewlett-Packard Company (HP) and NetView by Tivoli, an IBM Company (Tivoli). These products are used to manage large systems and networks. There is a serious vulnerability in ovactiond that allows intruders to execute arbitrary commands with elevated privileges. This may subsequently lead to an intruder gaining administrative control of a vulnerable machine.

Summary: Novell has discovered a security issue that affects all GroupWise 5.5 Enhancement Pack and GroupWise 6 customers. If you are using either of these versions of GroupWise, download and apply the GroupWise Padlock Fix.

Who must act: All organizations using GroupWise 5.5 Enhancement Pack and GroupWise 6.

Click here to go to the Padlock support area at the Novell web site .

From the Novell Padlock Support Page

Apply the Padlock Fix Now!

Microsoft has published details of a recently discovered vulnerability. According to the company "the NNTP (Network News Transport Protocol) service in Windows NT 4.0 and Windows 2000 contains a memory leak in a routine that processes news postings.

Thomas C Greene reporting for The Register says "We've been eager to spill the beans about this for weeks, and even hinted at it in a previous story. Today it's official; MS has released a command-line application, HFNetChk, which will scan all NT and/or 2K machines in a network from a single location and compare their currently-installed patches with the latest ones available, making it easy for admins to identify and patch vulnerable machines.

Poor communications between an event management company and an ISP may have exposed credit card details of some customers. Most at risk are delegates to an upcoming Canberra conference organised for the government-funded industry association Software Engineering Australia (SEA).

Augmenting or replacing internal security with a managed security service provider lets the enterprise focus on its core competencies while improving security.

Most enterprises look at security as a cost center, and few resources and little attention are devoted to it. Believe it or not, most enterprises don't have a consistent, companywide security policy. Nor do they perform regular external audits. This makes them a lightning rod for hacker attacks.....

Should enterprises outsource security to a third party? -- Security Outsourcers Offer Expertise, SLAs

Corey Bates was chatting on his MSN Messenger recently when his high school buddy Trey sent him a winking-face icon. Then Trey sent him another icon. Then another.

Crowbar-wielding thieves beat up a security guard yesterday and made off with the "brains" of the Montreal Gazette's new printing-plant operations, derailing plans to produce about 15,000 copies of today's paper on the new presses. Computer equipment worth $100,000 was stolen from the newspaper's new plant, in what John Laurin the Gazette's vice-president (manufacturing) described as a "pretty professional burglary."

A DoS vulnerability with the installation and management software used on HP's line of commercial print servers has been reported. The potential flaw, which HP has not so far publically acknowledged, is interesting not because it is particularly devasatating (it isn't) but because it may explain problems our readers are having with printers of late. According to a posting on security mailing list BugTraq, HP JetDirect devices configured using the JetAdmin web interface fail to set a password for Telnet access when the administrator password is chosen.