• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Symantec's 'Submit a Deal' Flawed 

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
ComSec
Trusted SF Member
Trusted SF Member


Joined: 26 Jul 2002
Posts: 16777215


Offline

PostPosted: Wed Jan 29, 2003 8:24 pm    Post subject: Symantec's 'Submit a Deal' Flawed  Reply with quote

A security glitch at Symantec's corporate website revealed to casual Web surfers hundreds of proposals from companies seeking to be bought out by the security firm. The hole at Symantec's Submit a Deal site has some would-be buyout targets fuming over the billion-dollar company's careless handling of their sensitive data. "We're talking about business deals. This is critical stuff, and I'm pretty upset about the potential damage this could do to us," said Eric Robichaud, chief executive of Rhode Island Soft Systems. RISS' proposal that Symantec acquire its Vmyths virus information site was among the many proffered deals revealed on the site.

After being notified this week that entries in its Lotus Notes database could be viewed by anyone with a Web browser, Symantec took the deal site offline. NGS Software, one of many security software companies that had submitted partnership proposals at the site, discovered the flaw. Chris Paden, a spokesman for Symantec's business development group, said the company was unsure how long the data went unprotected. According to Paden, the information in the database was not confidential. "It's not necessarily classified or covert information or tied up through legal bounds," he said. But security industry analysts said the goof could be harmful to companies that opened their kimonos to Symantec. "Just exposing the fact that a company sent in a deal to Symantec is a bad thing," said John Pescatore, vice president of security research for Gartner. "It lets competitors see each others' moves, including Symantec's competitors." Robichaud confirmed that RISS has been shopping Vmyths since late 2001, when the site's ad revenues dried up. In his proposal, submitted in June, Robichaud offered to sell Vmyths to Symantec for $350,000, plus $50,000 a year for the contract of the site's editor, Rob Rosenberger....continued..

http://www.wired.com/news/infostructure/0,1377,57438,00.html
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register