Symantec Corp. last month announced an upgrade to the DeepSight Threat Management System. DeepSight Threat Management System is an early warning system that uses a worldwide network of firewall and intrusion detection systems maintained by more than 19,000 data partners to aggregate and correlate attack data. New features include: the addition of firewall data to the threat information tracked by the system and customization features that allow security administrators to filter DeepSight notifications by severity, impact, or affected software version. Administrators can also choose a format in which notifications will be sent, such as e-mail, fax, telephone or short message service.

No identity crisis here

A new software application by Netegrity Inc. is intended to make it easier for organizations to securely exchange user-identity and sign-on information using SAML (Security Assertion Markup Language). The Waltham, Mass.-based company announced the new tool, called the Netegrity SAML Affiliate Agent, last month. The Agent is designed to run on the servers that support business-to-business (B2B) and business-to-customer (B2C) sites as well as corporate intranets. The lightweight application will make it easier for companies to share user and sign-on information between their Web sites regardless of the technology infrastructure being used on each side of a transaction, according to Bill Bartow, vice-president of products at Netegrity.

Patching a patch

After removing links to a security patch that caused the NT 4.0 operating system to fail, Microsoft Corp. last month posted an updated patch that fixes the NT 4.0 problem. The patch, MS02-071, was originally released on Dec. 11 and addressed a vulnerability affecting the WM_TIMER function on a variety of Microsoft’s operating systems, including Windows NT 4.0, Windows 2000 and Windows XP. By taking advantage of the security hole, an attacker could gain full administrative privileges on a vulnerable system, enabling the attacker to add, delete or modify data at will and create or delete user accounts. Microsoft rated the vulnerability “Important.”