HONG KONG - Computer Associates International, Inc.
(CA) is advising computer users of a severe security vulnerability in the Netscape Internet browser which is
already being exploited by a malicious application known as "Brown Orifice".
This vulnerability, as demonstrated by "Brown Orifice" enables hackers to penetrate remote systems, providing remote access to the files and services of those machines and by extension, access to critical system files, and confidential business information. All versions of Netscape Navigator and Netscape Communicator versions 4.74 and earlier are vulnerable when Java is enabled.
"We consider this to be a significant and serious exposure that represents a real threat to many corporate environments," said Simon Perry, vice president of security solutions, CA. "This is not a virus, but rather a vulnerability inherent to Netscape Web Browsers and Java. It is very similar to the Outlook exposure which caused great concern a few weeks ago."
For several years, content inspection based security technologies have been developed, and many in the industry considered them an elegant solution in search of a problem. This latest threat, and the recent outlook exposures of a few weeks ago should remove any doubt as to the need for content inspection based security systems.