Advertisement
Promo

Security threats Toolkit

NISSC warns over MIME flaws

Dan Ilet ZDNet.co.uk

Published: 14 Sep 2004 10:25 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The National Infrastructure Security Coordination Centre (NISCC) has released details of hundreds of serious flaws in security products that use the MIME protocol.

Security consultancy firm Corsaire found more than 800 vulnerabilities in what it described as "the top 10" gateway protection products. MIME encodes email attachments and Internet file transfers on HTTP.

"[Vendors] say that the world is wonderful and that they'll protect you from everything," said Martin O'Neil, technical director for Corsaire. "But there have been a number of viruses and worms that get around the MIME protocol."

The firm warned NISCC of 190 attack vectors from 14 core issues with the Multi-Purpose Internet Mail Extensions protocol.

If exploited, the vulnerabilities could allow hackers to bypass content checking and antivirus tools Before going public with the research today, NISCC warned firms last year of the problem, and as a result, many vendors have already prepared patches.

"NISCC has done a really good job of communicating this to vendors. If people have been patching properly, they'll be OK," said Martin O'Neil, technical director for Corsaire.

Corsaire said there were around 100 gateway security products including antivirus, mail content checkers and Web filtering.

The vulnerabilities were found between June and August 2003.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
42 out of 116 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Official Organizations Losing Data

How does this article from earlier today make you feel? How many more government, health service, or military officials are going to lose pen drives, DVDs, USB hard disks and even entire... More

1 comment

Twitter hack was DNS redirect

Twitter has said an attack on Thursday which took the site offline for many users was the result of a DNS redirect. A group calling itself the Iranian Cyber Army redirected users... More

1 comment

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Win a BlackBerry with Vlingo voice recognition

Win a BlackBerry with Vlingo voice recognition

What is ZDNet UK's usual tagline?

Competition closes - 14 Jan 2010


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters