Dennis Fisher

The same person who earlier this week posted three unpublished CERT Coordination Center vulnerability reports to a security mailing list has again posted more of CERTs internal communications and has promised to post further documents on a weekly basis. This time, the person going by the name Hack4life, has published an e-mail message from a […]

Security researchers say that they have identified several additional attack vectors that can exploit the critical Windows 2000 vulnerability disclosed this week, and are urging everyone running the operating system to patch their machines. When Microsoft Corp. released its advisory and patch for this vulnerability on Monday, it said that only Windows 2000 machines running […]

Symantec Corp. on Monday will unveil a new set of anti-spam capabilities that introduce a layered approach to beating back the torrents of junk mail that flood corporate mail servers. The functionality, included in the companys AntiVirus for SMTP Gateways 3.1, is separated into three main categories: detection, false positive prevention and false positive management. […]

An independent group of security experts is close to finalizing details of a document that it hopes will become a de facto standard for the reporting and handling of software vulnerabilities. The Organization for Internet Safety is currently putting the finishing touches on its vulnerability disclosure plan, which members say could be released within a […]

There is a vulnerability in a Sun Microsystems Inc. code library that enables a remote attacker to execute code on a users machine. The flaw also affects libraries derived from the Sun library, including any BSD-derived libraries with XDR/RPC routines and the GNU C Library with sunrpc. The vulnerability is located in the Sun Network […]

Microsoft Corp. has released a patch for a critical vulnerability in every version of Windows from 98 forward. The flaw lies in the Windows Script Engine for Jscript, which enables the operating system to execute script code. The engine incorrectly processes the script and does not correctly size a buffer during a memory operation. As […]

Security experts say that the new Windows vulnerability revealed Monday by Microsoft Corp. has been used by crackers to attack at least one machine belonging to the U.S. Army. And, it turns out, the flaw used to attack the Web server was discovered not by Microsoft or an independent researcher, but by the attacker himself. […]

As the U.S. military makes its final preparations for a possible war on Iraq, officials at the Department of Homeland Security said they are monitoring the Internet for any signs of state- or terrorist-sponsored attacks on U.S. networks. Meanwhile, security experts say they have seen a significant increase in recent days in the number of […]

The recent rash of Internet worms has produced an army of hundreds of thousands of compromised machines that could ultimately be used to launch a massive distributed-denial-of-service attack at any time, according to security officials. Officials at the CERT Coordination Center said the organization is monitoring at least five large networks of compromised machines installed […]

Security experts and overworked systems administrators for years have implored users to pick hard-to-guess passwords and to change them often. But many users persist in using their names or childrens birthdays as log-on credentials, and two recent worm outbreaks have shown why thats such a risky practice. Deloder, the latest worm to hit vulnerable Windows […]