Security pros warn of critical flaws in Kerberos

Vulnerabilities in technology widely used for network authentication leave computers open to attack.

(continued from page one )

However, Sun's Solaris, Linux from Red Hat and Mandrake, and OS X all use Kerberos. Some companies, such as Sun and Red Hat, have announced patches for the problem, but not all have.

Even if a worm may not be created to exploit the flaws, administrators need to patch the issue as soon as possible, said Alfred Huger, senior director for security at network protection firm Symantec. "We see a lot of it in customer environments," he said. "It is very common."

Busy company IT managers frequently will not place high priority on vulnerabilities that have not been exploited by hackers. Yet, Huger stressed that thinking that way is asking for trouble.

"A worm likely won't be created using this flaw, but that means that it may stay unpatched, and that is really dangerous, especially with something that serves up your authentication," he said.

The Computer Emergency Response Team coordinated the Kerberos advisory, MIT's Hartman said.

The publication of the advisory went much smoother than a year ago , when another flaw in Kerberos was found. That information was leaked out early by an unknown person who claimed to have access to the network.

Administrators should check their operating system vendor's Web site for more information on the recent flaws.

<<Previous | 1 | 2

Featured Video
6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Top 5: Cars with best resale value

Brian Cooley runs down the top five US automobiles with the best resale value in 2015, five years after original sale.

by Brian Cooley