Re: Security Hole in Axent ESM

From: Dr. Mudge (mudgeat_private)
Date: Thu Aug 27 1998 - 08:27:53 PDT

Next message: Larry Bassett: "Re: Security Hole in Axent ESM"

Previous message: Gene Spafford: "Re: Security Hole in Axent ESM"
Maybe in reply to: dcuppat_private: "Security Hole in Axent ESM"
Next in thread: Larry Bassett: "Re: Security Hole in Axent ESM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>I talked with our Axent contact and he claimed that their file integrity
>validation could not be compromised by a hacker because Axent has
>security experts that designed ESM.

These are probably the same 'experts' that decided in 4.4 that XOR was a
strong cryptographic method of protecting the communications back to the
server from the remote clients. Apparently they changed this in 4.5 but
probably only after someone called their 'security experts' on it.

.mudge

Next message: Larry Bassett: "Re: Security Hole in Axent ESM"
Previous message: Gene Spafford: "Re: Security Hole in Axent ESM"
Maybe in reply to: dcuppat_private: "Security Hole in Axent ESM"
Next in thread: Larry Bassett: "Re: Security Hole in Axent ESM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:42 PDT