Dennis Fisher

Despite all of the attention being paid these days to security, and in particular wireless security, the message apparently hasnt gotten through to everyone, including many vendors. AirDefense Inc., a wireless LAN security company, set up one of its sensors on the show floor at last weeks Networld+Interop show in Las Vegas, and in just […]

Millions of .Net Passport accounts were threatened by a flaw in the log-in services coding that allowed attackers to reset the password to any account, and thereby access users personal information. The problem enabled an attacker to change the password on any account for which he knew the user name, simply by entering a URL […]

A hoax e-mail purporting to come from First Union Bank and attempting to dupe recipients to visit a malicious Web site is making the rounds on the Internet. The e-mail arrives from the address [email protected] and informs the recipient that the bank has lost the recipients online banking username and password. It directs users to […]

There is a new vulnerability in the ubiquitous Windows Media Player that could enable an attacker to execute code on the machine of a user who downloads a skin for the player. When users download new skins—or user interfaces—for the Windows Media Player, the files are automatically saved to the players “Skins” file folder. As […]

When Microsoft Corp. raises the curtain on the first piece of its Next-Generation Secure Computing Base for Windows technology this week, company executives said it will mark the beginning of a fundamental shift in the architecture of the PC and the way users interact with their machines. While it could take years to test that […]

Record labels and movie studios are eagerly anticipating the potential file protection capabilities of Microsoft Corp.s Next-Generation Secure Computing Base technology, but new research contends the architectures security features may also help pirates and file swappers protect their ill-gotten gains. At the heart of the issue, according to a paper due to be published this […]

In a sign of users increasing frustration with the security shortcomings of many software applications, a civic group in South Korea has made good on their threat to file a lawsuit against Microsoft Corp.s Korean subsidiary, a Korean ISP and the countrys Information Ministry. The suit is the direct result of the havoc caused by […]

As administrators and IT managers continue to look for ways to improve the signal-to-noise ratio in their IDS systems, a small Indiana company is unveiling a new product designed to reduce false positives and get fixes to vulnerable machines quickly. Intelligent IDS combines the functionality of a typical network IDS with real-time vulnerability assessment and […]

Microsoft Corp. has released an updated patch for a security vulnerability discovered in Windows NT 4.0 in December. The new update fixes a flaw in the original patch that installed the wrong binaries on multi-processor machines, causing them to crash in some situations. The original vulnerability that the patch was meant to fix affected Windows […]

Security researchers have identified a dangerous new vulnerability in several recent releases of Oracle Corp.s flagship database software. The vulnerability puts not only the information in the database at risk, but in some cases, also can lead to a compromise of the operating system. The vulnerability, which is the result of an unchecked buffer, is […]