Dennis Fisher

There is a severe flaw in Microsoft Corp.s ubiquitous Internet Explorer browser that could enable a malicious Web site operator to hijack user sessions and steal their credit card numbers and other sensitive data. The flaw lies in the way that IE verifies the validity of digital certificates issued to Web sites that offer SSL […]

A group of security experts working on a plan for responsible vulnerability disclosure met here earlier this month to set the final details of their organizations structure and discuss the status of their plan. The group, known informally as the Organization for Internet Safety, has been collaborating for nearly a year and said it hopes […]

A new online authentication technology developed by researchers at Lucent Technologies Inc.s Bell Labs could finally make true single sign-on in the enterprise a reality. In addition, it has the potential to add tighter security to similar sign-on efforts by the Liberty Alliance Project and Microsoft Corp. The software, called Factotum, is unique in that […]

Two cryptography experts and a graduate student have identified an attack on the widely deployed PGP e-mail encryption software that enables an attacker to decode an encrypted mail message. The attack itself is not new, but it had been thought to be impractical. However, a new paper to be published today by Bruce Schneier, chief […]

As further evidence of the trend toward convergence of security products, Internet Security Systems Inc. on Monday will release a new version of its RealSecure Desktop Protector software, which will include a new application-protection feature. Desktop Protector already combines IDS, firewall and several other security functions in one box. The new functionality can prevent modified […]

The Federal Trade Commission Thursday issued a proposed consent order with Microsoft Corp. over complaints that the company falsely represented the security and privacy provisions in its Passport family of services. As part of the order, Microsoft must submit to a bi-annual review of its security program for Passport by an independent third party. The […]

Microsoft Corp. on Wednesday issued a patch for three critical vulnerabilities in one of its .Net servers, the Microsoft Content Management Server 2001 (MCMS). All three flaws give an attacker the ability to execute code on a vulnerable server. MCMS, one of the .Net Enterprise Server products on which Microsoft is pinning much of its […]

Researchers at Lucent Technologies Inc.s Bell Labs have developed a new authentication technology that experts say could greatly improve the security of enterprise networks. The software comprises two pieces, known as Secure Store and Factotum, and is unique in that it doesnt store usernames and passwords on client machines. All user credentials are stored on […]

Researchers have identified a security flaw in a code library included in numerous popular applications that could enable an attacker to execute code on remote servers. The problem affects the External Data Representation (XDR) libraries derived from Sun Microsystems Inc.s SunRPC remote procedure call technology. XDR libraries are used to translate data between systems, regardless […]

A dire warning from the FBIs Internet security unit about potential large-scale attacks on U.S. Web sites and ISPs caused a stir in the security community Tuesday, but so far there has been little attack activity of note. The FBIs National Infrastructure Protection Center, known as NIPC, on Monday night issued an alert warning that […]