You are here: silicon.com > Software > Security Strategy

Security Strategy

LDAP blues: Server weakness throws up security fears

Denial-of-service threat revealed...

Printer Friendly Email Story RSS

By Sally Watson

Published: 17 July 2001 12:02 BST

Researchers have uncovered a vulnerability in LDAP (lightweight directory access protocol) which has left thousands of web servers open to email bombardment by malicious attackers.

According to the CERT security team at Carnegie Mellon University, the flaw leaves servers open to denial-of-service (DoS) attacks and enables unauthorised access from outside the network.

The University of California estimates some 5,000 DoS attacks take place every week.

LDAP is a simple and widely used protocol enabling companies to access and search directories of names, phone numbers, addresses stored on a variety of incompatible systems.

Users running versions of IBM SecureWay, iPlanet Directory Server, Lotus Domino R5 Server, Network Associates' PGP Keyserver, Microsoft Exchange 5.5 LDAP Service, OpenLDAP, Oracle 8i Enterprise Edition, Qualcomm Eudora mail program and Teamware Office are at risk.

Add Comment Add comment  Printer Friendly Print story   Email Story Email story   RSS
In
Applications

Operating Systems

SOA/Web Services

Malware

Security Strategy


Related Links

Industry underestimating DoS attack threat

Oracle software flaws pose server attack threat

Oracle left red-faced by security flaw

Flash Demo: IBM OmniFind Enterprise Edition for Searching Domino

Google fixes phishing flaw

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Naked CIO Naked CIO: Should you monitor staff? Somebody's watching you

Elinor Mills Why 1970s hackers had 'whiz kid' status Q&A: Kevin Mitnick - blackhat hacker turned good guy

SMS flaw leaves iPhone vulnerable to attack

ID cards: 'A project nobody wants and the nation can't afford'

IT security training now the 'substantial' task of GCHQ

PayPal techies hit fraudsters where it hurts

SMEs on target list for UK cyber attack group


  • Jobs
Systems Integration Engineer

Support technologies including various software applications, web servers, LDAP, Databases, networks, etc. Knowledge of tools that would be ...

Security Engineer

On call rota for security incidentsExperience & QualificationsEssential: Proven track record in security operations with relevant qualifications ...

Finance strategy consultant 150k

Consequently all of our income as a company is entirely performance-based.City Executive Associates also has a specific focus upon senior executive ...

Agenda Setters 2008
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.

The Financial Close: Optimizing Performance and Driving Financial Excellence

Enterprise Performance Management - Financial Excellence and Beyond

A complete view of the enterprise

Making the Business Case for HR Investments

Martin Brokers cashes in on back-up swap

VocaLink makes virtualisation pay

Sony Pictures sets sights on best IT Oscar

Co-op Group kicks "server sprawl" into touch

Arts Council gets tech troubleshooting boost

Torex tech treats Thorntons to quicker sales

Stories from the web...


Large Hadron Collider's grid gets stressed

Heatwave? No sweat for CIOs

Has in-flight entertainment got wings in the iPod era?

MoD inks £231m deal to boost comms

Take a trip to the future of air travel

Orange launches managed videoconferencing




Quick Sitemap Links: