Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems. The flaws, discovered during a short crash test by security researchers at Austrian firm SEC Consult, created a means to execute code with root privileges - or the ability …
What a list
"SEC Consult identified six vulnerabilities with the technology in total, including: cross-site scripting; OS command injection; security misconfiguration; SQL Injection; and cross-site request forgery flaws"
If I'm not mistaken, OS command injection and SQL injection are simply due to the absence of input sanitization. If that is indeed the case, then BOOOOO !
Seriously? Cross Symantec Web Gateway off the list for consideration. I wonder which failed acquisition this technology is from?
I wonder if this is a bloated pig, too. Another good reason to wipe Norton/Symantec off you hard drive.
- 'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
- Crawling from the Wreckage THE DEATH OF ECONOMICS: Aircraft design vs flat-lining financial models
- Pics Facebook's Oculus unveils 360-degree VR head tracking Crescent Bay prototype
- Moon landing was real and WE CAN PROVE IT, says Nvidia
- Apple's iPhone 6 first-day sales are MEANINGLESS, mutters analyst