Dennis Fisher

Security researchers have discovered a serious vulnerability in PeopleSoft Inc.s PeopleTools application framework that can lead to a complete compromise of the installations embedded Web server. This could in turn give the attacker confidential information about the server and its contents and help him compromise other PeoplSoft applications. The flaw is in the Java servlet […]

A jury on Friday ruled that an engineers claims that two of the biggest security companies in the industry infringed on his patent for technology contained in the ubiquitous SSL protocol are baseless. Leon Stambler, an electrical engineer, sued RSA Security Inc. and its former subsidiary, VeriSign Inc., two years ago. He claims that a […]

SAN DIEGO—Now that the federal government has released its plan to secure the nations critical networks, officials are asking the rank-and-file security specialists and network administrators to take an active role in implementing the strategy. This kind of cross-industry cooperation is necessary if the country is going to defend itself against attacks on its networks […]

Two Cambridge University researchers have discovered a new attack on the hardware security modules employed by banks that makes it possible to retrieve customers cash machine PINs in an average of 15 tries. The attack takes advantage of a weakness in the cryptographic model used by many HSMs to encrypt, store and retrieve PINs. The […]

Security vendors are introducing capabilities that up the ante for traditional anti-virus applications to help catch more viruses and rein in emerging threats, including memory- resident worms such as SQL Slammer and Code Red. Network Associates Inc.s McAfee Security division and Computer Associates International Inc. this week will roll out their latest enterprise-class virus protection […]

Researchers have discovered a critical new security vulnerability that places millions of mail servers all over the Internet at risk of compromise. The flaw is in the immensely popular Sendmail Mail Transfer Agent and could enable an attacker to gain root privileges on affected machines. The vulnerability affects Sendmail versions 5.79 through 8.12.7 on Unix […]

Guardian Digital Inc. on Monday will release its new Secure Mail Suite, an enterprise-class mail system that features integrated anti-virus and anti-spam technology. The software scans all of a networks incoming and outgoing mail messages and screens out junk mail, viruses and messages containing malicious code. In addition, Secure Mail Suite has several security features, […]

BOSTON—The herd mentality in corporate America that scares executives into choosing the safe path in the middle of the road is one of the major factors holding back the adoption of better security technologies, experts say. When it comes time to choose security products, many CIOs prefer to stick with easily understood, proven technologies such […]

Microsoft Corp. on Wednesday issued a patch for a new critical vulnerability in Windows Me that gives attackers the ability to execute code on remote machines. The vulnerability is the result of a buffer overrun in the Help and Support Center in Windows Me. Specifically, the problem lies in the URL handler for the “hcp://” […]

There are several security vulnerabilities in recent versions of Apple Computer Inc.s popular QuickTime Streaming Server and Darwin Streaming Server that give attackers the ability to execute code on remote machines. The flaws affect version 4.1.2 of the Darwin server and 4.1.1 of the QuickTime server. Apple, based in Cupertino, Calif., has released updated versions […]