Vendors Fix Snort Flaws
VigilantMinds and Sourcefire discover and fix flaw in Snort, an open source intrusion prevention system
PITTSBURGH -- VigilantMinds, a global provider of information security services and solutions, and Sourcefire, the world leader in network intrusion prevention, worked quickly to identify and remedy flaws in open source Snort®, the most widely deployed Intrusion Prevention System (IPS) and a fundamental security component of thousands of networks.
The Computer Emergency Response Team (CERT) and the SANS Attack Attribution Research Group recently conducted research into the effects of malformed TCP/IP packets on certain classes of software and hardware. CERT reached out to VigilantMinds to determine if their findings had implications for IPS applications. VigilantMinds was able to identify a flaw and demonstrate an exploit that would allow malicious hackers to circumvent monitoring from Snort. VigilantMinds then worked through CERT to coordinate with Sourcefire on the creation of a patch and quick resolution of the potential evasion.
“It’s important that the information security community works together proactively to address security concerns in a responsible manner,†said Dave Keener, Chief Security Officer of VigilantMinds. “At VigilantMinds, we consider it a responsibility and privilege to contribute our expertise to the global effort of securing information and business systems. It was great to have Sourcefire acknowledge our findings, but most importantly to work with us to quickly and aggressively mitigate the situation. The responsible actions taken by all parties essentially ensure the continued protection for millions of systems around the world.â€
Sourcefire Inc. (Nasdaq: FIRE)
Read more about:
2006About the Author(s)
You May Also Like
Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024