A network security expert is sounding the alarm about the vulnerability of e-mail servers to attacks by malicious programs.
Rob Rosenberger, network security analyst and Webmaster of the Computer Virus Myths Web site, recently demonstrated e-mail security flaws to anti-virus software makers with a variation of the so-called Ping of Death attack – a simple, yet effective method to crash a server that first appeared in 1996.
Pings are used to test a network to see if an Internet address is valid. By adding enough Bytes onto the data to make the ping overlong, attackers found they could cause servers to crash.
Rosenberger created numerous files, each of which exploits the assumptions programmers have made about incoming e-mail. Taken together, he claims they can crash most e-mail scanners.
While some anti-virus software makers called the threat a legitimate concern and have already designed software patches to defend against it, others expressed disapproval for making public the fact that such security holes exist.
The full story is available at www.zdnn.com.