CA provides protection against "Brown Orifice"

Computer Associates International, Inc.'s eTrust safeguards vulnerable users of Netscape Web browser.
Written by ZDNet Staff, Contributor
Traditional countermeasures such as firewalls and anti-virus solutions, while essential, are no longer sufficient, says CA's senior vice president.

HONG KONG - Computer Associates International, Inc. (CA) is advising computer users of a severe security vulnerability in the Netscape Internet browser which is already being exploited by a malicious application known as "Brown Orifice".

This vulnerability, as demonstrated by "Brown Orifice", enables hackers to penetrate remote systems, providing remote access to the files and services of those machines and by extension, access to critical system files, and confidential business information.

All versions of Netscape Navigator and Netscape Communicator versions 4.74 and earlier are vulnerable when Java is enabled.

"We consider this to be a significant and serious exposure that represents a real threat to many corporate environments," said Simon Perry, vice president of security solutions, CA. "This is not a virus, but rather a vulnerability inherent to Netscape Web Browsers and Java. It is very similar to the Outlook exposure which caused great concern a few weeks ago."

For several years, content inspection based security technologies have been developed, and many in the industry considered them an elegant solution in search of a problem.

This latest threat, and the recent Outlook exposures of a few weeks ago should remove any doubt as to the need for content inspection based security systems.

John Kane, senior vice president, research and development, CA, said that traditional countermeasures such as firewalls and anti-virus solutions, while essential, are no longer sufficient .

"To put it another way, while others in the industry are scrambling to come up with a solution for this problem, our clients that are running eTrust Content Inspection, are already protected," Kane said.

eTrust Content Inspection is part of CA's eTrust security solutions, which is built on CA's Unicenter TNG Framework. It enables e-business by safeguarding all mission-critical resources, from the browser to the mainframe.

Editorial standards