Dennis Fisher

Long treated as the poor cousin of the encryption world, SSL is getting new attention as a protocol for simple, cost-effective VPNs. In response to growing interest from IT managers, OpenReach Inc. and Aventail Corp. this week will announce virtual private network solutions that incorporate traditional IP Security and Secure Sockets Layer encryption. The introduction […]

Just two days after several advisories warned of a serious vulnerability in the popular Apache Web server, a file containing exploit code for the flaw was posted Wednesday to several mailing lists and security sites. The message was posted Wednesday afternoon by a member of the volunteer security team known as Gobbles Security. The message […]

Ntru Cryptosystems Inc. next week will roll out a new public-key toolkit designed specifically for wireless devices running Java applications. Known as Neo Java, the new product encrypts data during transfer and also provides user authentication. The application is less than five KB and is designed for constrained environments such as mobile phones and PDAs. […]

The long-running dispute over when to release vulnerability information is escalating into a bitter turf war among several security companies, all of which claim to have their customers best interests at heart. The flap began Monday when news of a serious vulnerability in the popular Apache open-source Web server software hit security mailing lists. Security […]

At a time when security options are becoming increasingly fragmented with many vendors concentrating their resources on specific, sometimes-arcane pieces of technology, Symantec Corp. is betting that the old concept of an all-in-one vendor has some life left in it. The company, best known for its Norton AntiVirus product, recently moved into other areas of […]

A buffer overrun vulnerability in the Apache HTTP server included with many popular Web servers enables an attacker to execute code on vulnerable machines. The flaw lies in the way that the server handles data transmissions of unknown size. Typically, these transmissions are broken into “chunks” for easier handling. But Apaches HTTP server misinterprets the […]

IBM on Monday announced an improved version of its wireless security monitoring tool, adding self-sensor and self-diagnosis capabilities. Known as the Distributed Wireless Security Auditor, the software runs on Linux-based desktops and laptops and as a thin client on personal digital assistants and other wireless devices. The software can locate rogue and misconfigured wireless LAN […]

All of the Korean-language versions of Microsoft Corp.s Visual Studio .Net developer tool shipped with a help file that is infected with the Nimda virus, company officials said Friday. However, the application doesnt use the infected file so the risk of infection for users is virtually nil, Microsoft said. And, even if a developer were […]

A Russian security researcher claims he has discovered a flaw in Microsoft Corp.s SQL Server 2000 which gives an attacker the ability to either crash the server or execute malicious code on the machine. Microsoft is aware of the advisory and is investigating the issue, the company said. The vulnerability is in the “pwdencrypt” hashing […]

Microsoft Corp. on Wednesday released patches for vulnerabilities in three separate products, including a new buffer overrun flaw in IIS that enables an attacker to run arbitrary code on a target machine. The vulnerability is in HTR, an old scripting language that is rarely used anymore. IIS 4.0 and 5.0 both include support for HTR […]