This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. --------------2E48E4B89CF41D6670E30377 Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Content-ID: <Pine.SUN.3.96.981111232735.18265dat_private> Forwarded From: darek milewski <darekmat_private> http://www.centraxcorp.com/srgrel.html CENTRAX'S SECURITY GROUP (SRG), DETECTS NEW CLASS OF SECURITY THREAT SAN DIEGO, Calif.-- (Business Wire) -- October 20, 1998 -- Centrax Corporation, the experts in detection and response technology, today announces the detection of a new class of Microsoft=AE Windows=AE NT securi= ty threat that allows unauthorized insiders to gain access to sensitive information and bypass all other security in Windows NT. Methods to exploit this attack are already circulating on the Internet and new methods are being invented, making this a very real and present danger to corporations worldwide. The Security Research Group (SRG) at Centrax Corporation has identified the entire class of attacks so that new methods to exploit this attack will always be detectable even though they have not been invented yet.=20 This new class of insider threat is based on individuals using hacker tools and techniques to add unauthorized users to administrative groups. Specific attacks in the class have been circulated on the Internet under names such as "SecHole" and "GetAdmin." While Microsoft has delivered hotfixes for these specific attacks, new mutations of the attack will continue to surface. The Centrax solution detects the root cause of the attack independent of the mutation used to perpetrate it, giving Centrax the ability to detect attack methods that have not yet been invented.=20 "Organizations with sensitive or critical information need to be aware of this class of threats that are perpetrated by insiders," said Ira Winkler, president of Information Security Advisory Group and author of Corporate Espionage. "So much time and attention is spent on outsider attacks and perimeter defenses that corporations forget that the majority of losses occur from the inside."=20 "Intrusion detection products are only as good as their analysis engines," says Paul E. Proctor, chief technology officer, Centrax Corporation. "This advanced analysis, completed by the Centrax SRG, will significantly improve detection capabilities and lower the management overhead involved in detecting the insider threat."=20 About SRG The Security Research Group at Centrax Corporation uses their experience in information security to help Centrax customers. The group has several decades of experience with an emphasis in host-based intrusion detection. They use their knowledge to create new security policies and detection capabilities for the Centrax Security Suite of products. This latest class of attacks will be detectable in eNTrax Version 2.1 that is currently in beta and scheduled for release in December, 1998.=20 About Centrax Centrax offers a comprehensive line of security solutions for the enterprise and is dedicated to providing the most advanced assessment, monitoring, detection and response technology. The Company=92s experts have been designing and developing intrusion detection solutions for over a decade, some of which are currently protecting some of the nation=92s most vital secrets. Centrax is a privately held company located in San Diego, California. Call Centrax Corporation at (619) 546-2400 or (800) 546-7733 for additional information or visit our Web site at www.centraxcorp.com.=20 --------------2E48E4B89CF41D6670E30377-- -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:10:53 PDT