Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Flawed Security Software Distributed by France Telecom

SecureWorks : 21 June, 2010  (Technical Article)
Customers of Orange/France Telecom have been hit by weakened security after flaws were discovered in software distributed by the company to protect against peer-to-peer software security issues
Don Smith, VP of Engineering & Technology, SecureWorks, comments on the reported security flaws in the software distributed by Orange/France Telecom to protect customers from the negative impacts of Peer to Peer software:

"Several independent security researchers reported this past week that security software from Orange/France Telecom, developed to protect consumers from the negative impacts of peer to peer software, in actuality weakened the security of the computer it was installed on. This case has been of particular interest to the press and blogging communities in France because the service was created in response to HADOPI—the controversial French legislation aimed at protecting copyrighted materials on the Internet.

"The researchers state that the software 'enables the bypass of existing protections and permitted an unprivileged user or process to execute arbitrary commands at full privilege - essentially creating a vector for system compromise.'

"If true, it is ironic that a service aimed to improve the security posture of its users could have resulted in the opposite effect, yet it is certainly not unusual. We have seen many cases, where in the development of software, security flaws have been introduced, and we will continue to see such incidents in the future, unless Secure Programming Standards are incorporated into the software development lifecycle.

"The 'controle du telechargement' software from Orange/France Telecom, which cost €2 per month, is no longer available to purchase but this is yet another example of how important it is to recognise the potential impact on your overall security stance when choosing to deploy new software. Organisations and individual computer users implementing software of any kind should always take steps to ensure that the product performs the intended task without negatively impacting their overall security posture.

"Incorporating Secure Programming Standards into one's product development must also be a top-line priority for those producing and distributing software. If organisations and individual computer users are to successfully defend against the barrage of current and emerging cyber threats, producers and distributors must consider the overall security environment during the design and implementation of their products. This is of course especially true in the case of software intended to address a security concern."

SecureWorks will be exploring this topic at length in its upcoming security briefing at the 2010 Black Hat USA Security Conference July 24-29th in Las Vegas, Nevada, entitled The Emperor Has No Clothes: Insecurities in Security Infrastructure.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo