BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- Subject: [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- From: mbr at arlsoft.com (MBR)
- Date: Wed, 29 Jun 2016 14:36:15 -0400
- In-reply-to: <Pine.NEB.4.64.1606291325140.15580@panix1.panix.com>
- References: <Pine.NEB.4.64.1606291325140.15580@panix1.panix.com>
Does anyone have a technical description of how exactly this vulnerability operates? A magazine like Fortune won't provide that information because 99% of their readers couldn't understand it. The nearest they come is the sentence: "The vulnerabilities affect a ?decomposer engine??a program that unpacks compressed files in order to help scan for potentially malicious ones?that?s used across Symantec?s products." This sounds like it uncompresses .gz files and extracts the contents of .tar.gz and .zip files. But I can't imagine how that could result in transferring execution control to code inside those files. Mark Rosenthal mbr at arlsoft.com <mailto:mbr at arlsoft.com> On 6/29/16 1:26 PM, Stephen Ronan wrote: > > From: Lauren Weinstein <lauren at vortex.com> > Subject: [ NNSquad ] Google Found Disastrous Symantec and Norton > Vulnerabilities That Are 'As Bad As It Gets' > Date: June 29, 2016 at 11:27:40 AM EDT > To: nnsquad at nnsquad.org > > > Google Found Disastrous Symantec and Norton Vulnerabilities That Are > 'As Bad As It Gets' > > http://fortune.com/2016/06/29/symantec-norton-vulnerability/ > > Google's "project zero" team, a group of security analysts > tasked with hunting for computer bugs, discovered a heap of > critical vulnerabilities in Symantec and Norton security > products. The flaws allow hackers to completely compromise > people's machines simply by sending them malicious > self-replicating code through unopened emails or un-clicked > links. The vulnerabilities affect millions of people who run > the company's endpoint security and antivirus software, rather > ironically to protect their devices. Indeed, the flaws > rendered all 17 enterprise products (Symantec brand) and eight > consumer and small business products (Norton brand) open to > attack. > > - - - > > --Lauren-- > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss >
- Follow-Ups:
- [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- From: greg at freephile.com (Greg Rundlett (freephile))
- [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- References:
- [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- From: sronan at panix.com (Stephen Ronan)
- [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- Prev by Date: [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- Next by Date: [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- Previous by thread: [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- Next by thread: [Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
- Index(es):