De ontwikkelaars van Internet Security Systems hebben een nieuwe versie uitgebracht van BlackICE met 3.6.cpw als de versieaanduiding. Deze update is in twee smaken verkrijgbaar, namelijk BlackICE PC Protection en BlackICE Server Protection. Het pakket is een veelzijdige firewall met een volledige intrusiondetectie. Zowel de inkomende als uitgaande netwerkstromen worden gecontroleerd en bij een mogelijk vermoeden dat er iets niet klopt, wordt de beheerder gewaarschuwd en kan de verbinding gesloten worden. De lijst met aanpassingen ziet er als volgt uit:
[break]New Security Content:
ProductCheckName Event Type Risk Level SIP_Invalid_URI Suspicious Activity Low HTTP_Orion_JSP_SourceRead Suspicious Activity Low HTTP_MHTML_Redirect Suspicious Activity Medium Shellcode_Detected Unauthorized Access Attempt High HTML_ClassID_Overflow Unauthorized Access Attempt High HTTP_AIMExpress Suspicious Activity Low FTP_Checksum_Cmd_BO Unauthorized Access Attempt High HTML_IE_Render_Memory_Corruption Unauthorized Access Attempt High SMTP_MailEnable_NTLM_Type1_Overflow Unauthorized Access Attempt High SMTP_MailEnable_NTLM_Type3_Overflow Unauthorized Access Attempt High EPolicy_Orchestrator_Source_Overflow Unauthorized Access Attempt High Sunrpc_BackupProduct_BO Unauthorized Access Attempt High Sunrpc_BackupProduct_String_Overflow Unauthorized Access Attempt High SIP_Invalid_Invite_Address Suspicious Activity Low VPN_Hamachi_Client Suspicious Activity Low Video_Flic_Color_BO Unauthorized Access Attempt High Video_Flic_Malformed Suspicious Activity Low ACF_Mem_Corruption Unauthorized Access Attempt High MSRPC_WksSvc_Mgmnt_JoinDom_Bo Unauthorized Access Attempt High MSRPC_Netware_Change_Password_BO Unauthorized Access Attempt High MSRPC_Netware_Get_User_DoS Denial of Service Low DNS_Malformed_Flood Denial of Service Medium Security Content Improvements:
- Fixed an attacker vs. victim reporting error in SSH_Vulnerable_OpenSSH
- The PAM tuning parameter, pam.email.executable.extension.blacklist, has been changed to report all of the default file extensions on one line in the pam log file.
- Fixed memory leak in the processing of .url files.
- The Compound File parser was optimized to reduce space.
- The Flash file parser was updated to reduce the potential of a false positive in some circumstances.
- Fixed a false positive in Email_HTML_File_URI wherein an IP address in the hostname portion of the URI was incorrectly detected.
- Fixed a false positive for SIP_Long_Via_Host and SIP_Unknown_Via_Parameter that could occur in certain networking-relaying configurations.
- The IRC parser was updated to more closely adhere to RFC 1459.
- The report for URL_file_URI_overflow now displays the correct length value.
- A false positive was corrected in HTTP_DotDotDot that occured when using carefully constructed URLs.
- False positives were removed for DPS_Magic_Number_DoS.
:strip_exif()/i/1123860176.jpg?f=thumbmedium)
/u/56483/crop5b2d04280372e_cropped.png?f=community){kind=small}