Hitachi and Siemens data-stalking firm not bugged by security bods' report

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2013/03/12/open_source_monitoring_software_bug/

By John Leyden
The Register
12th March 2013

An open-source IT monitoring software firm has clashed with a security 
consultancy over the seriousness of a security bug in its technology.

GroundWork's technology provides a platform for IT operations management 
(network, system, application, and cloud monitoring) that is used by customers 
including Hitachi Data Systems, the Royal Bank of Canada, NATO, National 
Australia Bank, Siemens, and Tivo, among many others.

Security bods at SEC Consult last week published an advisory warning of 
"multiple critical vulnerabilities" in the GroundWork Monitor Enterprise 
platform. The firm said that many of the flaws cover authentication problems 
and claimed they are so serious that customers ought to avoid using the 
technology until the flaws are patched. The Austrian security consultancy also 
published a separate bulletin warning of other "high risk" bugs.

In response, GroundWork said its users were looking for "ease of use" rather 
than "maximum security". It didn't release a patch and told its users that 
tightening up settings was optional.

[...]


______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org