UK information security agency warns of product flaws

The government agency responsible for protecting the UK's critical IT infrastructure has issued an urgent alert to users after hundreds of security vulnerabilities were found in email gateways and web browsers.

The National Infrastructure Security Co-ordination Centre (NISCC) issued the warning yesterday, after an information security consultancy spotted more than 800 vulnerabilities in products using the multipurpose internet mail extensions (MIME) protocol.

The flaws were found in what the firm, Corsaire, classify as the top 10 email gateway and security products, and pose a risk to businesses by allowing attackers to bypass content checking and antivirus tools.

'The information security community should treat this with particular concern at the present time as this kind of deliberate corruption has already been used by a number of high-profile viruses and worms, such as Nimda, Netsky and Badtrans,' said Corsaire's technical director Martin O'Neal.

Corsaire found the flaws between June and August last year when assessing email systems for a large corporate client, and since then has been working with NISCC to ensure affected vendors fix the breaches.

What do you think? Email feedback@computing.co.uk

If you want to be first with the news, visit Computing every day.