INTERNET

AOL Forced To Patch Netscape Hours After Release

Print Version
E-Mail Article
Reprints

By Susan B. Shor
TechNewsWorld
05/20/05 11:01 AM PT

"It shows a good commitment on the part of AOL that they were able to turn the patches around within a day," Ed Moyle, president of SecurityCurve, told TechNewsWorld, "but this ought to put them on notice that in the future if people are coming to them for a security product that they would want to make sure the patches are in their core product."


Web 2.0 is Here– Is Your Web Infrastructure Ready?
Web 2.0 has paved the way for a new level of interaction between shoppers and retailers. However, without rapid delivery of your rich Web content, the benefits will go unrealized. Maximize the value of your interactive Web site. Read White Paper Now.

Just a few hours after releasing its new browser, Netscape 8.0, to analysts' praise, America Online has issued a critical update that plugs 44 security holes.

AOL touted Netscape 8.0's security features, so the release of the patch could be considered a blow. The problem arose because, while the browser emulates Mozilla's Latest News about Mozilla Foundation open-source Firefox and Microsoft's (Nasdaq: MSFT) Latest News about Microsoft Internet Explorer, it did not incorporate any of the security patches in Firefox 1.0.4, which was released in March to fix some security flaws.

No Announcement Today

Version 8.0.1 has been released for Windows users. It can be found on the Netscape site, but AOL did not issue a press release on the patches.

Ed Moyle, president of SecurityCurve, told TechNewsWorld he could see how the mistake happened. "It's understandable because they probably have a bunch of custom development they did for Netscape. They probably took a snapshot of Firefox and since that time Firefox has evolved and fixed security holes. They wouldn't necessarily have the fixes and updates."

One of the flaws, in the handling of GIF images, could allow an attack to remotely control an infected computer.

"It shows a good commitment on the part of AOL that they were able to turn the patches around within a day," Moyle said "but this ought to put them on notice that in the future if people are coming to them for a security Take the FREE Motorola AirDefense WLAN Security Assessment. Click here. product that they would want to make sure the patches are in their core product."

Proceed with Caution

Moyle also pointed out that AOL might have doubled its trouble when it comes to keeping up to date on patches.

"Now, there's two different things that you have to fix if there are security issues. If there's a bug in Firefox, a certain number of your users will be affected, and if there's a bug in IE, a different number of your users will be affected," he said.

He also said he was concerned that Netscape patches will always be released behind either Firefox or Microsoft patches, depending on the communication between the companies.

"The Netscape people are providing more security, but they have to make sure that any released patches for the underlying technology don't affect their software, and that adds to the time it takes to release patches," Moyle said. "They need to be on the ball in watching for these patches."

Social Networking Toolbox:
Talkback: Be the first to comment on this story.

Print Version E-Mail Article Reprints More by Susan B. Shor   RSS

Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]