http://www.newsbytes.com/news/02/174282.html By Brian Krebs, Newsbytes WASHINGTON, D.C., U.S.A., 06 Feb 2002, 11:06 AM CST The popular BlackIce Defender and BlackIce Agent personal Internet firewall programs are vulnerable to a denial-of-service attack that could render many home users defenseless against further assaults, the product's manufacturer said today. Internet Security Systems, which acquired the Network ICE security suite last year, issued an alert on Tuesday stating that all current versions of BlackIce running on Windows XP and Windows 2000 can be crashed using a modified ping-flood attack. Ping-flood attacks can overwhelm a computer by causing it to respond to an inordinate number of “are you there?” requests from other machines. ISS said the risk of the vulnerability to corporate BlackIce users is minimal, as most corporate firewalls already block ping requests from external Internet addresses. ISS is currently developing and testing a fix for the security hole. Until it is released, users can implement the interim workaround as described at: http://www.iss.net/security_center/alerts/advise109.php - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 07 2002 - 02:30:28 PST