"Nick Themopolis" <[EMAIL PROTECTED]> writes:
>I was searching on the Yahoo! stock boards, and found this message about NFR.
>Has anyone heard about this security flaw in NFR?
That was fixed in the last release and we (as well as NAI) announced
the problem and its fix some time ago.
We never encountered any cases of anyone actually exploiting it, but
if you're running an out of date version of the software, you should
probably upgrade it. If you're running the commercial version, your
system integrator should already have contacted you with an update.
As far as I'm concerned, this vindicates our policy of making
our source code available for public review. Our product is now
better. In fact, NFR is the only IDS product which has been
reviewed by so many independent (and sometimes hostile!) eyes.
We think that's good, and most of our consumers do, too.
Most of the discussion on the Yahoo message board wasn't really
about NFR's merits or demerits, it was just someone hiding under
an assumed identity, who was trying to sling a little mud. (ahem,
speaking of which, fresnomail.com's another of those free email
services... _you_ wouldn't happen to have an axe to grind, would
you?) The whole thing kind of reminds me of the early days of
the firewall market, when vendors would tell their customers
"so-and-so's firewall has been hacked, I hear" to try to influence
them. I guess there will always be folks who do business that
way, but I refuse to play that game.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
