SPAM: -------------------- Start SpamAssassin results ---------------------- SPAM: This mail is probably spam. The original message has been altered SPAM: so you can recognise or block similar unwanted mail in future. SPAM: See http://spamassassin.org/tag/ for more details. SPAM: SPAM: Content analysis details: (5.74 hits, 5 required) SPAM: Hit! (1.94 points) From: ends in numbers SPAM: Hit! (3 points) Listed in Razor, see http://razor.sourceforge.net/ SPAM: Hit! (0.8 points) Forged hotmail.com 'Received:' header found SPAM: SPAM: -------------------- End of SpamAssassin results --------------------- Norton Antivirus Corporate Edition includes LiveUpdate. LiveUpdate stores Username and Password information in cleartext in the registry. Depending on your implementation, you may not need LiveUpdate installed at all on your clients. I brought this to Symantec's attention months ago. Since then a new version of LiveUpdate has been released. The information is still not encrypted. Any user with the client installed can run "regedit" search for "password" and viola! Here's a "fix": Paste the following into a .reg file (i.e. nav.reg) and push it out to your clients via login script or whatever: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LiveUpdateSource] "Login"=- "Password"=- _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com
This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 15:27:00 PST