Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

05:21 PM
Connect Directly

Security Firm Strikes Back At Cenzic Patent Lawsuit Threat

NT Objectives files suit challenging claims it infringed on Cenzic's patent for "fault injection methods," security experts gathering proof of prior art

Cenzic is back on the legal warpath with another patent infringement lawsuit filed against a security company over Cenzic's patented "fault injection methods" technology. But this time the target of the lawsuit is challenging the validity of the patent.

NT Objectives, a small Web application scanning vendor, on Feb. 14 filed a lawsuit in the U.S. District Court in the Central District of California for a declaratory judgment of noninfringement, calling the patent invalid and unenforceable after Cenzic threatened litigation. Cenzic claims its patent, awarded in 2007, gives it exclusive rights to use the technology, and that after making "good faith attempts to resolve issues amicably" with NT Objectives, it decided to file a lawsuit late last week.

This isn't the first time Cenzic has sued a security firm over the use of this Web application vulnerability scanning technology: In August 2007, Cenzic filed a patent infringement suit against SPI Dyamics, which HP was in the process of acquiring. The suit put Web application security vendors and penetration testers on alert, and several hackers associated with the sla.ckers.org site demonstrated their displeasure with the patent at the time by exposing cross-site scripting flaws in Cenzic's website. HP later settled with Cenzic by signing a cross-licensing agreement. IBM also signed such an agreement nearly two years later with Cenzic.

At the heart of the Cenzic patent dispute is the so-called "prior art": Security experts argue that there are already some fault-injection tools that were released in the 2000-2001 time frame, well before Cenzic first filed for its patent, which would basically render the so-called Patent 232 moot. And critics say the patent is far too broad, covering the day-to-day tasks of most security scanners, penetration testing tools, and even that of the penetration testers themselves.

Neither Cenzic nor NT Objectives would comment on the cases, but some security researchers have begun rallying behind NT Objectives. A site called Stop Cenzic 232 Patent has been launched, and its author is calling for a Month of Prior Art on the technology at issue in the patent that will begin on April 1.

"Now this patent is of no concern if they used the patent 'defensively,' but Cenzic has chosen to go around chasing companies that create Web scanners for licensing money using this broad and unfortunately granted patent," blogged Enrique Sanchez Montellano.

Mantellano lists several products that could also be subject to Cenzic's patent claims because they employ the same method of injection, including Rapid7 Nexpose, Nessus, eEye Retia, McAfee Foundscan, nCircle Suite360, Qualys, Metasploit, Core Impact, and Burp Proxy.

According to a penetration tester familiar with the case and who requested anonymity, the way the patent is written, it could even apply to SQL injection and cross-site scripting attacks or pen tests. It could apply to any products that execute these techniques for bypassing normal security routines. "Even when I do this manually -- it would apply. So as a pen tester, I couldn't do that" according to the lawsuit, the source says.

Alan Shimel, CEO of The CISO Group, says he has heard from sources that Cenzic is "looking for seven figures" from NT Objectives.

"Initially, it looked like Cenzic was using the patent defensively. But now they are using it offensively," Shimel says. "This is just a lousy patent. There's a lot of prior art that should have been looked at before it was granted."

Meanwhile, among the Cenzic employees named in the patent when it was filed in 2002 include Greg Hoglund, founder and CEO of HBGary, whose company was targeted by the Anonymous hacking group.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (, contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P2 (, contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.