Dennis Fisher

A vulnerability in numerous versions of Symantec Corp.s Raptor firewall enables an attacker to hijack any session going through the firewall. The problem lies in the algorithm the firewalls use for generating initial sequence numbers (ISN) at the beginning of each session. The ISNs, used as identifiers between client machines and host machines in TCP […]

Government officials preparing the federal cyber-security plan due out next month are considering ways of exerting more influence on Internet security that could impact the software and security industries. The biggest change being discussed would require government agencies to purchase hardware and software that have been certified under the National Institute of Standards and Technologys […]

LAS VEGAS—A group of security experts working on a plan for responsible vulnerability disclosure will meet here Friday to try to nail down the final details of their organizations structure and discuss the status of their plan. The group, known informally as the Organization for Internet Safety, has been collaborating for nearly a year and […]

Security appliance vendor SonicWall Inc. on Thursday announced the resignation of its CEO, Cosmo Santullo. The company appointed Mike Roach, vice president of partners, alliances and strategic accounts, to fill the position on an interim basis. Santullo joined the Sunnyvale, Calif., company last year and has been commuting between the companys headquarters and his home […]

LAS VEGAS—The governments top information security official sharply criticized the software industry, ISPs and the government itself for a lack of commitment to security. Saying that the current climate demands more and better security, Richard Clarke, chairman of the Presidents Critical Infrastructure Protection Board (PCIPB), said it was time for a change. “The software industry […]

Check Point Software Technologies Ltd. this week will unveil a new set of features and capabilities for its line of virtual private network products. The most noticeable enhancement is the addition of support for “clientless” VPN connections via Secure Sockets Layer. Customers can now connect to their corporate networks using any Web browser on any […]

Microsoft Corp. last week unleashed a flurry of security bulletins warning of problems in several of its products, including SQL Server 2000, Exchange 5.5 and Metadirectory Services 2.2. The most serious of the vulnerabilities are two buffer overruns in SQL Server 2000. Both of these problems enable an attacker to completely compromise a target server […]

The WS-security specification reached a significant milestone last week when the Organization for the Advancement of Structured Information Standards announced that it had formed a technical committee dedicated to the proposed standard. The committee will be co-chaired by representatives from Microsoft Corp. and IBM, which published the original specification in conjunction with VeriSign Inc. The […]

Microsoft Corp.s vision for its Palladium security architecture is jelling as the software maker prepares software development kits and a detailed road map for the technology. But as the Redmond, Wash., vendor shares more details of Palladium, there is a growing unease in the security community about not only the technology but also Microsofts intentions. […]

Everywhere you turn these days, someone is talking about security. Microsoft Corp. has announced a massive effort to improve the security of its products, a strategy that included a two-month-long review of Windows code and weeks of training for developers. A group of government agencies and industry organizations recently released a set of guidelines for […]