Dennis Fisher

Security firms are tracking a new worm that is attacking Linux-based Web servers running the OpenSSL software. The worm appears to be exploiting one of the vulnerabilities in OpenSSL that were discovered in late July. A preliminary analysis by experts at Symantec Corp. has found that the worm picks targets based on the “server:” response […]

A feature in Microsoft Corp.s Outlook Express mail client that enables users to send large e-mails in several parts can also be used by virus writers and attackers to sneak malicious code past filters and anti-virus software. The feature is disabled by default but can be enabled with a few mouse clicks from the Tools […]

Network Associates Inc. on Tuesday moved one step closer to bringing McAfee.com Corp. back under its corporate umbrella. The Securities and Exchange Commission declared NAIs registration statement regarding its exchange offer for McAfee.com effective. The offer expires Thursday at midnight EST. NAI, of Santa Clara, Calif., has been pursuing McAfee.com for most of the spring […]

Despite a year of unrelenting talk about the specter of cyberterrorism, 30 percent of information security professionals responding to a new survey said that their companies dont have adequate plans for dealing with security and cyberterror issues. And, nearly 40 percent said that their companys security policies and plans are not regularly reviewed by senior […]

A new WLAN security specification is gaining momentum in the marketplace, with several vendors set to announce new products that use the technology. However, experts warn that the specification, 802.1x, has unresolved problems and should not be considered a panacea for the security ills plaguing wireless LANs. 802.1x is meant to serve as a framework […]

Three major security vendors on Monday joined forces to create what theyre calling an “intrusion prevention ecosystem.” The alliance, which brings together Check Point Software Technologies Ltd., IntruVert Networks Inc. and Okena Inc., presents a formidable combination of technologies and marketing power. At its simplest level, the partnership involves IntruVert and Okena integrating their respective […]

Security researchers at Foundstone Inc. have discovered a serious vulnerability in PGP–the popular e-mail encryption program–that gives remote attackers the ability to use encrypted files to force a vulnerable machine to run arbitrary code. The flaw lies in the way that the Pretty Good Privacy Corporate Desktop 7.1.1 application handles encrypted files. In many instances, […]

The president of the Liberty Alliance Project resigned his position Friday, citing a shortage of time resulting from the problems facing his employer, United Airlines. Eric Dean, who serves as chief information officer at UAL Corp.s United Airlines, said, “The challenges that United Airlines currently is facing prevent me from devoting the amount of time […]

Microsoft Corp. on Thursday released a patch for the Windows flaw discovered last month that allows an attacker to generate and sign fake certificates for third-party Web sites. The flaw affects all versions of Windows back to 95, Office for Mac, Internet Explorer for Mac and Outlook Express for Mac. The vulnerability is actually in […]

Microsoft Corp. is working on patches for several services within Windows that run with inappropriately high privileges, making the operating system vulnerable to a sophisticated attack that could lead to a complete compromise of the machine. The fixes in the works are meant to prevent interactive services on the Windows desktop from running with the […]