Dennis Fisher

There are three security vulnerabilities in an ActiveX control included in several of Microsoft Corp.s most popular applications that give an attacker the ability to execute code and read files on a remote machine. The flaw itself is in the Office Web Components (OWC) 2000 and 2002 software, which is included with Office 2000 and […]

Microsoft Corp. has alerted some of its customers to a security vulnerability in a software application used to download beta releases and other limited-release software from the companys Web site. The flaw in the File Transfer Manager could enable an attacker to take control of a vulnerable machine, Microsoft said in its note to customers. […]

Cache Flow Inc. on Wednesday announced that it has changed its name to Blue Coat Systems Inc. to reflect a new focus on selling security appliances. The company also unveiled its first new product, the SG800, designed to inspect and filter Web traffic entering the network through TCP port 80. The appliance is installed behind […]

Security researchers have found a new flaw in Microsoft Corp.s SQL Server database software. The problem lies in the SQL Server agent, which is responsible for various functions, including running scheduled jobs and restarting the database service if it stops. By default, low privileged users can add jobs to the SQL queue and specify the […]

Crypto fans take heart, PGP is here to stay. A group of venture capitalists and veteran high-tech executives on Monday announced the formation of a new company called PGP Corp. that has purchased Network Associates Inc.s remaining PGP assets and released PGP 8.0, a new version of the beloved encryption application. And, in a move […]

For nearly a year, federal officials have been telling anyone willing to listen that terrorists have the knowledge and equipment to carry out sophisticated information warfare attacks against targets in the United States. This declaration is usually followed by an ominous warning that a “digital Pearl Harbor” is around the corner. Bureaucrats have used this […]

Microsoft Corp.s commitment to security, specifically its Trustworthy Computing initiative, is being questioned after its inaction regarding two new reports of security vulnerabilities in its products, security experts say. Twice in the past three weeks, experts have issued reports of security flaws in Microsoft products, and both times the company remained silent, making no immediate […]

Microsoft Corp. on Thursday issued a patch for a critical flaw in Windows 2000 that could allow an attacker to run code with system-level privileges on vulnerable machines. The vulnerability lies in the Network Connection Manager (NCM), a component of Windows 2000 that controls all the network connections managed by a given host. One of […]

Security vendors, beginning to take the spread of peer-to-peer applications seriously, are marshaling their forces on two fronts in an effort to protect both P2P users and their employers. Check Point Software Technologies Inc. and McAfee.com Corp. this week have announced new P2P security initiatives, taking different tacks in their quest to catch up to […]

Palisades Systems Inc. on Tuesday introduced a new version of its PacketHound security and monitoring appliance, adding new reporting and tracking capabilities. The appliance operates in passive mode and sits in the network traffic flow, monitoring inbound and outbound connections, much as a firewall does. The difference is that PacketHound uses a database of signatures […]