Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

05:21 PM
Connect Directly

Security Firm Strikes Back At Cenzic Patent Lawsuit Threat

NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art

Cenzic is back on the legal warpath with another patent infringement lawsuit filed against a security company over Cenzic's patented "fault injection methods" technology. But this time the target of the lawsuit is challenging the validity of the patent.

NT Objectives, a small Web application scanning vendor, on Feb. 14 filed a lawsuit in the U.S. District Court in the Central District of California for a declaratory judgment of noninfringement, calling the patent invalid and unenforceable after Cenzic threatened litigation. Cenzic claims its patent, awarded in 2007, gives it exclusive rights to use the technology, and that after making "good faith attempts to resolve issues amicably" with NT Objectives, it decided to file a lawsuit late last week.

This isn't the first time Cenzic has sued a security firm over the use of this Web application vulnerability scanning technology: In August 2007, Cenzic filed a patent infringement suit against SPI Dyamics, which HP was in the process of acquiring. The suit put Web application security vendors and penetration testers on alert, and several hackers associated with the sla.ckers.org site demonstrated their displeasure with the patent at the time by exposing cross-site scripting flaws in Cenzic's website. HP later settled with Cenzic by signing a cross-licensing agreement. IBM also signed such an agreement nearly two years later with Cenzic.

At the heart of the Cenzic patent dispute is the so-called "prior art": Security experts argue that there are already some fault-injection tools that were released in the 2000-2001 time frame, well before Cenzic first filed for its patent, which would basically render the so-called Patent 232 moot. And critics say the patent is far too broad, covering the day-to-day tasks of most security scanners, penetration testing tools, and even that of the penetration testers themselves.

Neither Cenzic nor NT Objectives would comment on the cases, but some security researchers have begun rallying behind NT Objectives. A site called Stop Cenzic 232 Patent has been launched, and its author is calling for a Month of Prior Art on the technology at issue in the patent that will begin on April 1.

"Now this patent is of no concern if they used the patent 'defensively,' but Cenzic has chosen to go around chasing companies that create Web scanners for licensing money using this broad and unfortunately granted patent," blogged Enrique Sanchez Montellano.

Mantellano lists several products that could also be subject to Cenzic's patent claims because they employ the same method of injection, including Rapid7 Nexpose, Nessus, eEye Retia, McAfee Foundscan, nCircle Suite360, Qualys, Metasploit, Core Impact, and Burp Proxy.

According to a penetration tester familiar with the case and who requested anonymity, the way the patent is written, it could even apply to SQL injection and cross-site scripting attacks or pen tests. It could apply to any products that execute these techniques for bypassing normal security routines. "Even when I do this manually -- it would apply. So as a pen tester, I couldn't do that" according to the lawsuit, the source says.

Alan Shimel, CEO of The CISO Group, says he has heard from sources that Cenzic is "looking for seven figures" from NT Objectives.

"Initially, it looked like Cenzic was using the patent defensively. But now they are using it offensively," Shimel says. "This is just a lousy patent. There's a lot of prior art that should have been looked at before it was granted."

Meanwhile, among the Cenzic employees named in the patent when it was filed in 2002 include Greg Hoglund, founder and CEO of HBGary, whose company was targeted by the Anonymous hacking group.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-21
btif/src/btif_dm.c in Android before 5.1 does not properly enforce the temporary nature of a Bluetooth pairing, which allows user-assisted remote attackers to bypass intended access restrictions via crafted Bluetooth packets after the tapping of a crafted NFC tag.
PUBLISHED: 2020-02-21
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.
PUBLISHED: 2020-02-21
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent hea...
PUBLISHED: 2020-02-20
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial produc...
PUBLISHED: 2020-02-20
The Trend Micro Security 2019 ( and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the ...