Companies Trying to get it Right
Several days ago, British telecommunications provider BT disabled support for the "Remote Assistance" feature on their "Home Hub" router, that had been supplied to around 2 million UK homes based on vulnerability reporting that had emerged over the previous several days.
Despite a seemingly rapid response to the issues that had originally been identified by the GNUCITIZEN team, it seems that not all of the discovered vulnerabilities that were reported have been patched.
While the company was rapidly developing a software response to the identified problems, it comes as a concern that company spokespeople publicly denied that there was any practical risk to end users, even after detailed vulnerability reports were provided. In their defence, GNUCITIZEN had not publicly released in depth information (including exploit code), only descriptive information about the vulnerabilities.
Given that BT owns CounterPane Security, it would be expected that the company would know how to handle vulnerability reporting and discussion in a better manner, but the incident shows that there is still some way to go.
After all the public argument about the handling of URIs by Windows, multiple examples of sample exploit code, and even third party software patches for Windows, Microsoft appear to have been stung into action after malware that utilises the URI issue to infect machines was found spreading across the Internet.
At this stage it looks like there might be an out-of-cycle patch (based on publicity rather than severity) due for release, but there has been no information about the sort of timeframe to be expected for the patch release.
Other companies aren't doing so well at the moment, with Real finding that their RealPlayer has been the subject of repeated rounds of exploits and vulnerability disclosure over the last several days (some might suggest that the exploits had been buffering... up to that point), despite releasing patches to address a number of vulnerabilities. Alternative Internet browser developers have also been releasing patches and updates for their various product lines, with notable security releases from Opera, and the Firefox, SeaMonkey and Thunderbird teams in recent days.
28 October 2007
Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis
Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.
Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.
Comments will soon be available for registered users.
Subscribe to our feed.