Bugtraq mailing list archives
Another ISS BlackIce & RealSecure Update ?
From: Jeff <secfocus () bedrox com>
Date: Sat, 27 Mar 2004 13:16:52 -0500 (EST)
Word of warning-- on my machines, this update (3.6cch) changed my previous config by enabling auto-blocking and changing settings to Paranoid (block all inbound). On a busy server, it didn't take long for users to start screaming loudly when they suddenly could not connect. ISS is real vague with their info, and they get low marks for not having an update-notify email list. There is no automated way of finding out if an update is available without logging on to a machine that has BI installed and either manually checking for updates or looking for some icon indicator in the BI admin console window. We update BI regularly-- but because there is NO automated notify mechanism, NO auto-update feature, and because there was such an incredibly SHORT amount of time (matter of hours) between when the 'ccg' update was released and the Witty worm struck, we lost 2 servers. What was *supposed to keep us safe was the very mechanism that cost us a full day of downtime while the destroyed servers were rebuilt from scrach & backups.
it seems that a new problem was discovered in the default config of many
versions of BlackICE and RealSecure...
Whats' new (26 Mar 2004) : Updated to correct a misconfiguration in the
default settings that changed the default blocking and reporting behavior and may affect the level of protection provided by the product.
http://blackice.iss.net/update_center/
any details ?
God bless (in)security...
--------------------------------------------
Berty Stephane - Senior Security Consultant
Cellule Incidents & Veille Sécurité
http://www.k-otik.com
Current thread:
- Another ISS BlackIce & RealSecure Update ? K-OTiK Security (Mar 27)
- <Possible follow-ups>
- Another ISS BlackIce & RealSecure Update ? Jeff (Mar 27)