Dennis Fisher

A security vulnerability in an online payment site run by Citibank may be leaving sensitive customer data exposed and leaving the door wide open for crackers. The flaw in Citibanks c2it.com site enables any logged-in user of the site to access other users accounts and transfer cash, view credit-card and bank data, and even cover […]

A cracker apparently compromised and installed a bot that could be used as a DDoS client on several hundred servers belonging to customers of a large credit card processing company. CCBill LLC late last month said in an e-mail message sent to customers that the companys security had been breached and that customer passwords and […]

Novell Inc. next week will unveil a centralized authentication and authorization solution that, despite being the vendors biggest security effort to date, likely will be hamstrung by ties to Novells eDirectory. The new solution is based on eDirectory and will include support for authentication technologies such as tokens, biometrics and smart cards, said sources familiar […]

NetScreen Technologies Inc. on Monday rolled out a new line of four security appliances based on its upgraded ScreenOS software. The biggest addition to the ScreenOS is support for network segmentation, a concept that enables administrators to set different security levels for different zones in their networks. Users can also set separate protection levels for […]

The Business Software Alliance is taking its aggressive and somewhat controversial campaign against pirated software to seven more metro areas this month. Under its Grace Period campaign, the BSA uses letters and radio ads to offer businesses in selected cities the opportunity to avoid penalties and acquire licenses for any illegal software they may have […]

AOL Time Warner Inc.s AOL unit on Thursday said it has fixed a flaw in its popular Instant Messenger program that could have enabled an attacker to take control of another users computer. The fix was installed on AOLs AIM servers and does not require users to download a patch. “I figured they would fix […]

2001 was the worst year yet in the annals of Internet security, and experts say things are only going to get worse in the year ahead. The past 12 months have been one long coming-out party for the fast-spreading e-mail worm, several flavors of which ran amok on the Internet at various points. Names such […]

As the process for developing a replacement for a leading wireless security protocol drags on, new questions are arising about the effectiveness of the replacement and whether WLAN vendors will even implement it once its ready. With sales of 802.11b gear brisk, most vendors are reluctant to implement a replacement to the WEP (Wired Equivalent […]

Topping off what can only be described as a disastrous week for the security of its products, Microsoft Corp. on Thursday night said it has discovered two vulnerabilities in the two most recent versions of its popular SQL Server database software. Four separate patches are available for these flaws on the Microsoft Security Web site. […]

Security researchers have discovered two new vulnerabilities in Microsoft Corp.s Windows XP and ME and some versions of Windows 98, one of which gives attackers complete control over a vulnerable machine. Both flaws are in the Universal Plug and Play service, which enables computers to find and use network-based devices, and affect Windows XP and […]