Dennis Fisher

Microsoft Corp. is in the process of overhauling its security response process in an effort to get patches to customers more quickly and to make it easier for researchers to report vulnerabilities. The company is also beginning to use the data that it collects in this process as part of its Secure Windows Initiative (SWI) […]

Microsoft Corp. on Wednesday unleashed a flurry of security bulletins warning of problems in several of its products, including SQL Server 2000, Exchange 5.5 and Metadirectory Services 2.2. The most serious of the vulnerabilities are two buffer overruns in SQL Server 2000. Both of these problems enable an attacker to completely compromise a target server […]

RSA Security Inc. on Wednesday reported a net loss of $25 million for the second quarter, compared to a net profit of $13.3 million in the same period last year. Revenue was also down, falling to $56.5 million from $80.8 million in the second quarter of 2001. RSA executives attributed much of the net loss […]

Security researchers have found a serious vulnerability in PHP, a scripting language used in creating dynamic Web pages, that could give an attacker control of some vulnerable Web servers. Parser Hypertext Preprocessor (PHP) is an embedded HTML scripting language used mainly by Web servers running on Linux machines. It is a server-side language and is […]

A security start-up is hoping to help fill the void in Web services security with its new firewall designed specifically to protect Web-enabled applications. Reactivity Inc. on Monday will introduce its Service Firewall 1.0, a software firewall meant to not only protect Web applications but to do so in such a way that the security […]

Security researchers at @stake Inc. have found more than a dozen vulnerabilities in one of the most popular lines of voice-over-IP phones, some of which have consequences that go beyond the telephony infrastructure. The researchers gained remote administrative access to Pingtel Corp.s Xpressa SIP (Session Initiation Protocol) PX-1 phones, hijacked calls to and from the […]

Microsoft Corp. over the last six months has spent more than $100 million on its much-hyped effort to improve the security of its products, Bill Gates told customers in an email sent Thursday. Most of that cost came from the forced hiatus from writing code that all of the companys developers took earlier this year. […]

Shavlik Technologies LLC on Monday will release an updated version of its HFNetChkPro patch inspection tool, which will include a new patch rating system and a new structure that provides a detailed view of the status of each machine. Version 3.8 of the tool, which is a full-featured edition of the free software that Shavlik […]

An attacker defaced a page on the U.S. Army Research Laboratorys Web site Friday with a message criticizing the military organization for supplying weapons to Israel. The attacker, going by the handle Rivver, posted a long, profanity-laced tirade against the Unites States government and its stance in the Middle East, the military and India. The […]

A day after shaking the security industry out of its summer doldrums by making three major acquisitions, Symantec Corp. officials said that for the time being they have no plans to meddle in how Recourse Technologies Inc., Riptech Inc. and SecurityFocus run their businesses. The companies respective technologies eventually will be integrated wherever makes sense, […]