QualysGuard Updated to Detect and Report Latest BIND Vulnerability Threat

— February 5, 2000 — Qualys, a leader in the emerging field of online network vulnerability assessment services, today announces that it has reacted quickly to the latest threat of attack on one of the internet’s most important software packages, BIND (Berkeley Internet Name Domain). On Monday 29th January 2001, PGP Security, a unit of Network Associates Inc. in the US, discovered vulnerabilities in Versions 4 and 8 of BIND. In response to this and ahead of its competitors, Qualys has already updated its hosted application, QualysGuard, to be able to detect and report these latest serious threats. This latest update to QualysGuard is available to all subscribers with immediate effect.

The new attack allows electronic intruders to seize on the vulnerability and gain control of domain name servers. Once in control of these devices, attackers could conceivably change and reroute the Protocol addresses. IT departments have been urged to update versions 4 and 8 of BIND immediately to BIND Version 9.1.0.

QualysGuard, a hosted application, detects and reports network vulnerabilities, and is accessed via a secure browser that requires no dedicated hardware or software. The application is updated by Qualys on a daily basis for new network vulnerabilities, which are made available to QualysGuard users automatically. In the instance of the latest BIND vulnerabilities, the process of discovery, coding, documentation and updating the application has taken Qualys just three days.

“The threat of this vulnerability cannot be understated,” said Adil Pastakia, Qualys Managing Director of Northern Europe and Middle East Operations, “Any internet traffic relying on versions 4 and 8 of BIND can be seriously disrupted or even brought to a halt. The speed of Qualys’ response to this new threat will become apparent to companies using traditional shrink-wrapped vulnerability auditing solutions. For these companies, not only is the onus on the user to initiate the process, but it could take anything up to 6 months to proliferate across the user base. This time-lag period will leave them open to attacks from hackers.”

Notes to Editors

The four BIND vulnerabilities reported on Monday 29th January by PGP Security, a unit of Network Associates Inc. in the US, are as follows:

• ISC Bind 8 Transaction Signatures Heap Overflow Vulnerability
• ISC Bind 8 Transaction Signatures Buffer Overflow Vulnerability
• ISC Bind 4 nslookupComplain() Buffer Overflow Vulnerability
• ISC Bind 4 nslookupComplain() Format String Vulnerability

About QualysGuard

QualysGuard is a subscription-based, automated service that assesses on an ongoing basis the security of Internet entry points to corporate networks. Subscribers use the service to gain an enterprise-wide view of network security exposures, recommended fixes, and access to the most up-to-date resources, customised for their particular needs.

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com