[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Hitachi and Siemens data-stalking firm not bugged by security bods' report
By John Leyden
12th March 2013
An open-source IT monitoring software firm has clashed with a security
consultancy over the seriousness of a security bug in its technology.
GroundWork's technology provides a platform for IT operations management
(network, system, application, and cloud monitoring) that is used by customers
including Hitachi Data Systems, the Royal Bank of Canada, NATO, National
Australia Bank, Siemens, and Tivo, among many others.
Security bods at SEC Consult last week published an advisory warning of
"multiple critical vulnerabilities" in the GroundWork Monitor Enterprise
platform. The firm said that many of the flaws cover authentication problems
and claimed they are so serious that customers ought to avoid using the
technology until the flaws are patched. The Austrian security consultancy also
published a separate bulletin warning of other "high risk" bugs.
In response, GroundWork said its users were looking for "ease of use" rather
than "maximum security". It didn't release a patch and told its users that
tightening up settings was optional.
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org