http://www.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html
...
Researchers from eEye Digital Security Inc. of Aliso Viejo, California,
discovered the vulnerability and provided evidence to Symantec engineers this
week, said eEye's chief hacking officer, Marc Maiffret. He demonstrated the
attack for The Associated Press.

eEye said it appeared consumer versions of Symantec's Norton Antivirus
software -- sold at retail outlets around the country -- were not vulnerable
to the flaw, though consumers who are provided Symantec's corporate edition
antivirus software by their employers for use at home may be affected.

Maiffret's company -- which has discovered hundreds of similar flaws in other
software products -- also produces intrusion-protection software, called
"Blink," that he said already blocks such attacks and can operate alongside
Symantec's antivirus products.

Maiffret published a note about the company's discovery on its Web site but
pledged not to reveal details publicly that would help hackers attack Internet
users until after Symantec repairs its antivirus software. eEye said it
intends to describe the problem in detail privately for some of its largest
customers.

"People shouldn't panic," Maiffret said. "There shouldn't be any exploits
until a patch is produced."

The reported flaw comes at an awkward time for Symantec. Its chief executive,
John Thompson, has campaigned in recent months to convince consumers they
should trust Symantec -- not Microsoft Corp. -- to protect their personal
information.

Maiffret said eEye's testing showed the problem affects Symantec Antivirus
Version 10, including its corporate editions. He said Symantec's consumer
antivirus product, known as Norton Antivirus 2006, and its current security
suite -- which includes both antivirus and firewall features -- did not appear
to be vulnerable.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *