Harris Floridis: The researcher who detected a weakness in Checkpoint

Global Distinction: Harris Floridis - The Cypriot security researcher who identified & published a weakness of high importance in the company Checkpoint !!!

SecNews to EXCLUSIVITY today highlights the tracking event Critical weakness in Checkpoint, a leading security company in the world by a Cypriot researcher!checkpoint

According to information brought to the editor's attention s of SecNews and were confirmed by the report, 03 March 2015 the Cypriot security researcher Mr. Charis Floridis found a major weakness on her website Check Point Software Technologies Ltd.As it is known, Checkpoint is one of the world's leading network security systems manufacturers. Even the products of this company, Check Point Software Technologies Ltd, protect beyond 100.000 worldwide, as well as several million users.
Contents hide
The weakness on the Checkpoint website
A few words about the researcher
The plan to solve the weakness.

The weakness on the Checkpoint website

Exploiting weakness found by Mr. Harris Floridis  as it turned out, allowed an outside malicious attacker, with no knowledge of the company's internal infrastructure, intercept or alter critical information. Using weakness as reported by distinguished researchers contacted by SecNews could cause incalculable consequences exposing the company both in matters of confidentiality & legally to its customers but also mainly to be a blow to the reputation of the company

The vulnerability was due to an incorrect parameter of the subpage where its contributors appear around the world specifically here (http://partners.us.checkpoint.com/partnerlocator/).

The partial exploitation of the weakness enabled the attacker to gain access to the Check Point Database with additional access extension capabilities. Evidence of existence & use of the weakness is in the possession of the Researcher and the company. The company confirms this accessibility as shown in the relevant announcement, which however does not publish the exact details so as not to damage its reputation.image003

 In addition, SecNews has data that confirms the existence & use of the vulnerability, but does not disclose it since it mentions Checkpoint Customer data to which the tests were performed.

A few words about the researcher

Harris Floridis, who holds the CISSP certificate, works as an Information Systems Controller at the Cooperative Central Bank of Cyprus. In the past he worked as an Engineer for the design and implementation of systems in networks of large organizations and as an executor of penetration tests (Penetration ).

The plan to solve the weakness.

Harris Floridis, after identifying the weakness, sought as it owed and achieved continuous communication with the representatives of Check Point, where he briefed them in detail on the detection of the vulnerability and the possibilities of exploiting it.
Fully following ethics with regard to "Responsible Disclosure of Vulnerabilities", Mr. Floridis announced specific suggestions for its immediate resolution and proposals for further investigation of possible incidents.
In the communication we sought with Mr. Haris Floridis, he told us that the identification of extremely critical weakness was without the use of automated tools, but manually. It is also known that highly respected and knowledgeable penetration testers choose to use manual methods solely based on their knowledge background. The automated ones after all, they make the detection and exploitation of weaknesses often impossible (due to the limited controls they perform).
In honor of Mr. Harris Floridis, he chose the difficult route of manual detection, and thus led to the identification of a weakness with a global impact. Immediately after the update, Checkpoint, prepared an action plan to resolve and further investigate the issue. With the successful completion of this action plan, he informed his clients, and in the relevant publication he thanked Mr Floridis for his identification and cooperation (see more on the link) (code sk105183, https: // supportcenter.checkpoint.com/supportcenter/)It is noted that any malicious exploitation of the weakness, with all that entails (introduction of malware, information leakage, alteration of the website), combined with the nature and reputation of the company and the large and important clientele, would probably be one of the most important e-security events worldwide.
SecNews has to congratulate Mr. Haris Floridis on the extremely important discovery of critical weakness and the exemplary way of handling the responsible information he has done. Congratulations, however, are also worth mentioning to Checkpoint for the admission of the incident, the publication of a press release to inform its clients and the immediate resolution of the critical issue.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

2015checkhttpspenetration

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).