CA provides protection against "Brown Orifice"
HONG KONG - Computer Associates International, Inc. (CA) is advising
computer users of a severe security vulnerability in the Netscape Internet browser which is already being exploited
by a malicious application known as "Brown Orifice".
This vulnerability, as demonstrated by "Brown Orifice", enables hackers to penetrate remote systems,
providing remote access to the files and services of those machines and by extension, access to critical system
files, and confidential business information.
All versions of Netscape Navigator and Netscape Communicator versions 4.74 and earlier are vulnerable when Java
is enabled.
"We consider this to be a significant and serious exposure that represents a real threat to many corporate
environments," said Simon Perry, vice president of security solutions, CA. "This is not a virus, but
rather a vulnerability inherent to Netscape Web Browsers and Java. It is very similar to the Outlook exposure which
caused great concern a few weeks ago."
For several years, content inspection based security technologies have been developed, and many in the industry
considered them an elegant solution in search of a problem.
This latest threat, and the recent Outlook exposures of a few weeks ago should remove any doubt as to the need for content inspection based security systems.
John Kane, senior vice president, research and development, CA, said that traditional countermeasures such as firewalls and anti-virus solutions, while essential, are no longer sufficient .
"To put it another way, while others in the industry are scrambling to come up with a solution for this
problem, our clients that are running eTrust Content Inspection, are already protected," Kane said.
eTrust Content Inspection is part of CA's eTrust security solutions, which is built on CA's Unicenter TNG Framework.
It enables e-business by safeguarding all mission-critical resources, from the browser to the mainframe.