Brian Prince

Microsoft has done a 180-degree turn and decided to support failover clustering for SQL Server running in a virtual machine. “Last October I posted on our updated policy for support of SQL Server in a virtualization environment,” Microsoft Product Manager Bob Ward wrote in a blog post. “One fairly controversial aspect to this policy was […]

Perhaps it should come as no surprise that after the Internet failed to implode after April 1, the hype surrounding the Conficker worm died down. The worm itself, however, is still alive kicking. So the question is – why? According to Symantec, the worm is still attempting to infect 50,000 new PCs daily. Earlier this […]

The words “in the cloud” were heard numerous times at this year’s RSA security conference in San Francisco. With the number of cloud-based security products growing, the Anti-Malware Testing Standards Organization (AMTSO) has been stirred to action. Last week, the two-year-old industry standards body adopted a paper setting forth best practices for testing in-the-cloud security […]

Sometimes when you buy a computer you get more than you bargained for. Such was the case when Kaspersky Lab purchased an M&A Companion Touch netbook. Bundled along with the device were three pieces of malware–Worm.Win32.AutoRun.aayn, Rootkit.Win32.Agent.hwq and Packed.Win32.Krap.g. After some analysis, researchers concluded the files had been present since February, long before the security […]

It’s time for Apple to close a security hole opened by vulnerable Java applets. That’s the message from security researcher and former Apple engineer Landon Fuller, who posted a proof-of-concept exploit that takes advantage of a Java flaw that was fixed by Sun Microsystems months ago. The vulnerability, CVE-2008-5353, enables malicious code to escape the […]

From a security standpoint, Adobe Systems has taken its share of lumps so far in 2009. In February, news that Adobe Reader and Acrobat were vulnerable to a zero-day attack became public; in April, two other bugs surfaced. All three were eventually patched, but not before proof-of-concept exploit code for each bug began to circle. […]

For all the advances in browser security, cross-site scripting remains at the top of the list when it comes to Website vulnerabilities affecting users. Browser vendors have started to address the security issue by building more protections into the browser. Microsoft, for example, added a cross-site scripting filter to Internet Explorer 8. The challenge for […]

A security researcher from nCircle says Microsoft is downplaying a vulnerability in its IIS (Internet Information Services) software. Tyler Reguly, senior security engineer for nCircle, has accused Microsoft of gamesmanship in its description of the bug, noting Microsoft characterized it in separate ways. For those who missed it, the vulnerability exists in the way the […]

Exploit code for a vulnerability in Microsoft’s Internet Information Services software is circulating around the Web, leaving organizations in search for ways to keep hackers at bay. According to US-CERT, attacks leveraging the vulnerability are already under way, though Microsoft said in an advisory it was unaware of any exploits. Still, US-CERT urged users waiting […]

Microsoft wants to bring its secure development lifecycle to an application near you. In a series of announcements, the company laid out a path today to speed the adoption of its security development lifecycle (SDL) in the developer community. For starters, the company has released version 1.0 of the SDL Process Template for free and […]