Minnesota teen pleads guilty to creating Blaster variant
Jeffrey Lee Parson, 19, of Hopkins, Minn., pleaded guilty Wednesday to unleashing a Blaster worm variant that contributed to the millions of machines compromised by the virulent malcode last summer. Parson admitted in court he modified the original worm to cause a denial-of-service attack against a Microsoft Web site and then pushed it out on the Internet. At least 48,000 computers were infected with Parson's creation, authorities told the Associated Press. Parson faces up to three years in prison and millions of dollars in restitution and fines when he is sentenced Nov. 2.
Check Point unveils Integrity SecureClient to enhance end-point security
Redwood City, Calif.-based Check Point Software Technologies Ltd. is showing off its first technological integration with Zone Labs with Check Point Integrity SecureClient. The product combines Zone Labs' Integrity 5.0 with Check Point's VPN-1 client to create faster deployment times, easier configuration and hardened security, the company said. The release marks the first product to come from the two companies' merger earlier this year. Pricing varies, depending on volume. Sold through resellers, the base price is $56 a seat for a management and enforcement software license and 1,000 endpoint licenses.
ISS BlackICE flaw revealed
BlackICE Server Protect 3.6cno and below are vulnerable to a medium-level threat that could allow any trusted or local unprivileged user to remotely remove or modify the BlackICE firewall rule set, according to researchers. The flaw's discoverers recommend removing The EveryoneFull Control ACL from the blackice.ini, firewall.ini, protect.ini and sigs.ini files. Before doing so, ensure that administrators and system have full control. Backup the blackice.ini, firewall.ini, protect.ini and sigs.ini before each update. And after using UpdateBIDServer.exe, validate the permissions because they are always reset to the default.
NGSEC disputes iDefense claims of flaw in StackDefender
Madrid-based Next Generation Security (NGSEC) is disputing reports of a vulnerability in its StackDefender product by Reston, Va.-based security firm iDefense. Earlier, iDefense reported that NGSEC's intrusion prevention system for Win32 platforms could be exploited by an attacker who specifies an invalid address for 'ObjectAttributes' and can crash a system. NGSEC said testing to overflow a buffer in order to overwrite a pointer pointing to a read-only region and saying StackDefender is not working, is like testing a firewall by not sending packets to it and claiming it is not blocking any packet. "Based on our tests, StackDefender prevents the execution of code in stack, heap, and every user-writeable memory region," according to a statement.
Read the NGSEC statement here.