Latest OpenView flaw part of widespread security bypass trend

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci967917,00.html

"A vulnerability in Hewlett-Packard's OpenView Select Access
threatens to allow remote attackers to bypass restrictions and access
enterprise resources."

It is a characteristic of ALL, repeat all/any/everyone, tool that
provides for remote administration:

  The advantage of remote administration or status monitoring goes
hand-in-hand with potential new vector for network attacks.

As long as low assurance tools are used for network administration and
monitoring (and yes, COTS is low assurance), the potential for
exploitable flaws (aka vulnerabilities) exists.  (Potential = 100%
:-)

Lack of software engineering discipline is lack of discipline no matter
what the purpose of the resulting code.  (Security software is no
less flaw ridden 
just because it serves an explicit security purpose.)

Cheers,
Gary

PS:  subscribe/unsubscribe to these occasional security
items:

To: listproc@nist.gov
Subject: (optional)
Body: subscribe sec-info name-you-want-to-be-listed-as

To: listproc@nist.gov
Subject: (optional)
Body: unsubscribe sec-info name-you-want-to-be-listed-as

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************