Dennis Fisher

One year after embarking on an ambitious plan to improve the security of its products, Microsoft Corp. is moving into the second phase of its Trustworthy Computing initiative and crafting several new projects to help secure applications all the way from the development process through customer deployment. Among the efforts is a set of guidelines […]

In most security circles, the federal government does not exactly enjoy what one would call a stellar reputation. Years of missteps and wrongheaded attempts to rein in innovation, not to mention leaky security in its own networks, has done little to help the government win the hearts and minds of security experts and technologists. In […]

Security researchers have discovered a serious vulnerability that may be present in many Ethernet device drivers that is causing the devices to broadcast sensitive information over networks. According to the IEEEs Ethernet standard, packets transmitted on an Ethernet network should be a minimum of 46 bytes. If, as sometimes happens with protocols such as IP, […]

A lack of consensus on the way that new viruses are named led to confusion among anti-virus companies this week and may have resulted in some users being unsure whether they were protected against the latest variant of the Yaha worm. Anti-virus vendors began seeing a new minor variant of the Yaha mass-mailing worm shortly […]

A new variant of the Yaha worm, discovered last week in several Middle Eastern countries, has begun spreading more rapidly and widely, anti-virus experts say. Yaha.K is a mass-mailing worm and propagates through e-mail, using its own built-in SMTP engine. It can also retrieve addresses from Yahoo Messenger, MSN Messenger and .Net Messenger Service directories. […]

Subscribers to the BugTraq security mailing list got a belated and unwanted Christmas present over the weekend when someone posted exploit code for a set of recently discovered flaws in the SSHv2 protocol. The code is designed to exploit one of the vulnerabilities on the Putty SSH client. Putty is a freeware SSH and Telnet […]

Security issues continue to haunt Microsoft Corp., as the software company recently disclosed several serious vulnerabilities in its Java implementation and was forced to restate the severity of two flaws in Internet Explorer. The Redmond, Wash., company earlier this month upgraded the severity rating of a vulnerability in the way that IE handles PNG (Portable […]

A growing number of Microsoft Corp. customers are angry and frustrated with what they say are the companys thinly veiled attempts to use its well-publicized security initiative to get them to upgrade or buy new software. Users contacted by eWeek last week reported various technical problems with Microsofts automated services that let customers download and […]

Scott Culp, the man responsible for Microsoft Corp.s security response efforts, has left his post and moved to a new position within the companys Security Strategy Group. As manager of the Microsoft Security Response Center, Culp has been the public face of the software giants efforts to respond to security problems in its products and […]

RealNetworks Inc. has issued a patch for three newly discovered vulnerabilities in its Helix Universal Server media delivery software. The vulnerabilities, all buffer overruns, could enable an attacker to run code on remote machines. All of the flaws affect version 9.0 of the server running on all of the available platforms. Its unknown whether any […]