Dennis Fisher

Microsoft Corp. on Friday said that a patch it released Thursday for an Outlook Express vulnerability erroneously tells users they need a different version of Internet Explorer in order to install the fix. In fact, the patch requires IE 6, but users who have installed Service Pack 1 for the browser are already protected against […]

Microsoft Corp. on Thursday warned of a critical new flaw in its Outlook Express e-mail client that gives attackers the power to run any code they choose on a vulnerable machine. The company has issued a patch for the problem, which affects Outlook Express 5.5 and 6.0. Machines running Outlook are not affected. The problem […]

In a surprising move, Microsoft Corp. on Thursday announced that it will open up a portion of the source code of its Passport identity service on a limited basis. Speaking at a conference on digital identity in Denver, Microsoft CTO Craig Mundie said the company will make the source code of its Passport Manager available […]

Someone has inserted a Trojan horse into a recent version of the source code for the widely deployed Sendmail package, exposing an unknown number of servers to remote compromise. The files Sendmail.8.12.6.tar.gz and Sendmail.8.12.6.z, available from the open source Sendmail Consortium, are both compromised, according to an advisory released late Tuesday by the CERT Coordination […]

VeriSign Inc. and IBM on Monday announced a set of security services designed to deliver access management and authentication technology, mainly to small and medium-sized businesses. The new offering comprises two services: the VeriSign Access Management Service and the IBM-VeriSign Trusted e-Business Integration Solution. The former is a fully managed service, hosted by VeriSign, that […]

A worldwide team of volunteers, using spare computing power, found the secret key for a message encrypted with the RC5-64 cipher late last month, winning a $10,000 prize and, they said, casting some doubt on the security of messages protected by the cipher. Distributed.net, a collection of more than 331,000 volunteers who lent their machines […]

As the bill authorizing the proposed Department of Homeland Security languishes in the Senate, government officials are discussing the possibility of informally consolidating federal information security agencies, according to sources familiar with the plan. The effort would take the place, at least temporarily, of more formal consolidation spelled out in the Homeland Security proposal, sources […]

A new vulnerability in the Apache Web server gives local users the ability to terminate processes or launch denial-of-service attacks against the server. The Apache Software Foundation has released an updated version of the affected server. The new release, 1.3.27, fixes the problem. The vulnerability is in the shared memory scoreboard, which is stored in […]

Microsoft Corp. on Wednesday issued a raft of new patches, including one for a vulnerability in a component of Windows that gives an attacker the ability to run any code of choice on remote systems. The vulnerability lies in an ActiveX control found in the Windows HTML Help Facility. One of the functions exposed by […]

A Canadian company this week unveiled a new smart-card based authentication system capable of providing users with secure access to offices as well as their corporate networks. The system, from Ottawa-based CryptoCard Corp., comprises several components, including the CryptoAdmin 5.32 back-end server, the CryptoCard itself and separate PCMCIA and USB smart-card readers. Together, the system […]