travisormandy
Latest
Google: Symantec antivirus flaws are 'as bad as it gets'
Products from Symantec that are supposed to protect users have made them much more open to attack, according to Google. Researcher Tavis Ormandy has spotted numerous vulnerabilities in 25 Norton and Symantec products that are "as bad as it gets," he says. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it -- the victim does not need to open the file or interact with it in any way." Symantec has already published fixes for the exploits, so users would do well to install them immediately.
Trend Micro anti-virus software leaves users open to attack
When they're not working on their own projects, Google engineers often focus on highlighting potential issues with software delivered by others. We've already seen bug hunter Tavis Ormandy expose a vulnerability in AVG's Chrome security add-on, but he's now also found an exploit in another popular virus scanner: Trend Micro. According to Ormandy's security disclosure, a weakness in Trend Micro's Password Manager, which is automatically installed alongside the main scanner on Windows machines, let attackers execute commands and launch programs on unsuspecting users' PCs. He also pointed out that all saved passwords on the machine could be read as a result.
