Brian Prince

Database security vendor Sentrigo has broken out some of the technology from its flagship software to help businesses block database exploits as patches are being prepped. Sentrigo announced July 15 the release of Hedgehog vPatch, software taken from the Hedgehog Enterprise product the company unveiled in 2007. The idea behind the software is to shield […]

Despite the fact that few people know all the technical details of the bug affecting domain name servers that security researcher Dan Kaminsky reported July 8, there is no shortage of opinions on it. As we all should know by now, the exploit discovered by Kaminsky, director of penetration testing for IOActive, takes advantage of […]

Oracle is preparing to release 45 security fixes across hundreds of its products July 15 as part of its upcoming Critical Patch Update. Although specific details about the vulnerabilities are scarce in the advisory, the most serious vulnerabilities, according to CVSS base scores, affect Oracle Application Server and Oracle WebLogic Server. In both cases, the […]

Oracle has extended support for its Real Application Testing technology to earlier database systems in a move partly intended to speed upgrades to Oracle Database 11g. Real Application Testing is an option in the enterprise edition of 11g that combines a workload capture and replay feature with a SQL Performance Analyzer to help organizations test […]

Microsoft officials once again are battling reports of attacks on their software. The company is now investigating reports of targeted attacks being launched against Microsoft Office Word 2002 Service Pack 3. This is the second advisory of zero-day attacks against Microsoft products this week. On July 7, the company warned of hackers targeting a vulnerability […]

While users await a patch for a flaw in the ActiveX control for the Snapshot Viewer for Microsoft Office Access, Microsoft has suggested a number of workarounds to dodge the problem. Microsoft officials reported July 7 that they are investigating targeted attacks that take advantage of a bug in the ActiveX control for Snapshot Viewer […]

A number of vendors have teamed up to solve a serious flaw inherent in the Domain Name System that could allow an attacker to redirect Internet traffic. The flaw in the DNS, an Internet service that translates domain names into IP addresses, was uncovered by security researcher Dan Kaminsky, director of penetration testing for IOActive. […]

Security pros warned IT administrators not to sleep on the security fixes issued by Microsoft in this month’s Patch Tuesday because of their ratings. Microsoft classified as “important” all four of its July security bulletins, which affect Microsoft SQL Server, Exchange Server, Windows DNS (Domain Name System) and Windows Explorer. However, some say IT admins […]

Responding to complaints from Web masters, AVG Technologies is moving to fix a problem with the LinkScanner feature it added to its antivirus software to prevent the component from eating up bandwidth during Web site scans. According to company officials, AVG has already patched the component in the free version of its security software, Anti-Virus […]

Virtualization Security 101 By Brian Prince Virtualization Security 101By Brian Prince Virtualization Security 101 – Segment Virtual Machines Virtualization Security 1011. Segment Virtual MachinesIt’s a good idea to segment VMs (virtual machines) according to the information they handle and their use. (As a general rule, separating resources reduces risk). Any VMs connected to a common […]