Dennis Fisher

There is a serious weakness in MITs Kerberos v4 authentication protocol that allows an attacker to impersonate any principal in a given realm. The Kerberos development team at MIT said the contents of an unpublished paper with details of this vulnerability have been leaked on the Internet. Using these details, an attacker familiar with Kerberos […]

Microsoft Corp. on Monday released a patch for a critical vulnerability in Windows 2000 that company officials say is being actively exploited. The vulnerability is in a Windows component used by the WebDAV protocol and could give an attacker control of a vulnerable machine. The flaw only affects Windows 2000 machines that are configured to […]

Now that the federal government has shown its cards on the issue of Internet security, a newly formed task force of security company executives is planning a response that it hopes will make some measurable progress in the effort to improve computer security. The CEO Cybersecurity Task Force will by the end of this year […]

Security researchers have discovered a vulnerability in Sun Microsystems Inc.s Sun ONE Application Server that can give an attacker control over the Web server. The vulnerability, found by researchers at @stake Inc., in Cambridge, Mass., is a stack buffer overflow in the Connector Module. The module, which ships with the Application Server, is a Netscape […]

As wireless networks continue to gain acceptance and become integral to corporate computing environments, IT departments continue to ignore the myriad security problems inherent to wireless LANs, according to a new study by RSA Security Inc. The study found that of 328 wireless access points detected in downtown London, nearly two-thirds did not have WEP […]

Wireless LAN security vendor AirDefense Inc. on Monday unveiled two new products designed to give administrators more tools to defend against unauthorized use of the network and rogue access points. Both RogueWatch 3.0 and Guard 3.0 have a slew of new features, many of which are meant to make the system easier to use and […]

Security experts and overworked systems administrators for years have implored users to pick hard-to-guess passwords and to change them often. But many users persist in using their names or childrens birthdays as log-on credentials, and two recent worm outbreaks have shown why thats such a risky practice. Deloder, the latest worm to hit vulnerable Windows […]

Security experts are watching a new variant of the Code Red II worm that began appearing on some monitoring networks Tuesday. The worm is nearly identical to its ancestor, save for a modified drop-dead date that is now several thousand years in the future. Known as Code Red.F, the worm uses the same infection method […]

When a new security vulnerability is found in a piece of commercial software, the discovery inevitably touches off the seemingly endless search for a culprit. Who is responsible for the defect? Typically its either a developer or a tester. Developers are the ones who wrote the faulty code; testers are the ones who should expect […]

SAN DIEGO—The White House and the new Department of Homeland Security have begun in earnest the process of implementing the plan to secure the nations critical networks—starting with extensive changes in the federal security infrastructure. The most significant move is the development of a private, compartmentalized network that will be used by federal agencies and […]