Dennis Fisher

The White Houses cyber-security arm will not release the next draft of its National Strategy to Secure Cyberspace by the end of the year, as it had originally planned. The Presidents Critical Infrastructure Protection Board, which produced the strategy, is still going over the comments submitted this fall on the original draft. No specific date […]

Thanks to a newly found flaw in Windows XP, two of the most popular audio file formats can be used by crackers to take control of remote PCs. Users only need to hover their mouse pointers over the icons for malicious MP3 or Windows Media files to execute the attackers code, Microsoft Corp. said in […]

RealNetworks Inc. this week released updates that fix several remotely exploitable buffer overruns in its media players. The company has been working on the fixes for several weeks after a security researcher discovered the vulnerabilities and alerted RealNetworks to the problems. Several earlier attempts at fixing the flaws failed to solve all of the problems. […]

Nokia Corp. is planning to move deeper into the security market next year, with products designed to help secure wireless LANs and mobile terminals playing a prominent role in the strategy. The company, based in Espoo, Finland, is working with longtime partner, Check Point Software Technologies Ltd., on ways to lock down WLANs, which are […]

An independent advisory panel appointed by Congress issued a report on Monday that is sharply critical of the Bush administrations cyber-security policy, saying it is tepid and relies too much on the cooperation of the private sector. The report is the fourth annual study delivered by the Advisory Panel to Assess Domestic Response Capabilities for […]

The Mitre Corp. last week announced the availability of a new language designed to make it easier for researchers to define and explain vulnerabilities found in software. Known as OVAL (Open Vulnerability Assessment Language), the budding standard is built on Mitres well-known description of vulnerabilities, the CVE (Common Vulnerabilities and Exposures) database. Whenever a researcher […]

Microsoft Corp. customers are growing frustrated by a series of actions the company has taken that they say call into question its efforts to improve security. Much of the ill will surrounds the recent release of a cumulative patch for Internet Explorer, which also contains a fix for a newly discovered critical vulnerability. Some users […]

Bush administration officials want private-sector CIOs to share more of their sensitive security information, saying the data is vital to the governments success in improving network security. But corporate America remains wary and unconvinced that the federal efforts are worth the time. Government security experts meeting here last week at the Infosecurity show say their […]

Security researchers have discovered a set of vulnerabilities in several vendors implementations of the SSHv2 protocol that could give an attacker the ability to execute code on remote machines. The new flaws are especially dangerous in that they occur before authentication takes place. The SSH (secure shell) protocol is a transport layer protocol that enables […]

RSA Security Inc. on Monday announced that its SecurID two-factor authentication solution now includes functionality capable of helping to protect wireless LANs. The solution now supports PEAP (Protected Extensible Authentication Protocol), a security add-on to the 802.1x WLAN standard. PEAP is designed to solve many of the security issues associated with WLANs, most of which […]