Dennis Fisher

A security startup is taking a new approach to the problem of WLAN security by applying the concepts of intrusion detection and constant monitoring to Wi-Fi deployments. AirDefense Inc. will launch this week its wireless LAN security appliance, which includes vulnerability assessment and other features to provide the same level of security for wireless networks […]

Reflecting the industry trend toward advanced, hybrid intrusion detection systems, two vendors have unveiled IDS products that take different approaches to the challenge of identifying and halting attacks. Lancope Inc. last week introduced Version 2.0 of its StealthWatch product, which includes several new capabilities and gives administrators a more detailed picture of each host on […]

A high-stakes battle is brewing between software developers and security researchers over when to release discovered vulnerability data and patches, and customers are caught in the cross fire. The debate is about when researchers should alert the general public to the flaws they find. Industry protocol calls for discoveries to be kept quiet until a […]

Symantec Corp. on Monday announced a new software-licensing structure that will require large enterprises to estimate their software needs up front for the next two years. The overall plan is called the Symantec Security License Program, with separate structures for small and large businesses. The Symantec Elite Program gives large companies two licensing options. The […]

Security researchers have found a serious flaw in Macromedia Inc.s JRun Java application server that enables an attacker to gain complete control of a vulnerable machine. The buffer overrun vulnerability lies in the ISAPI filter/application that is used to handle requests for Java Server Pages resources. In order to exploit the flaw, an attacker would […]

Microsoft Corp. on Wednesday released a patch for a new denial-of-service vulnerability in Exchange 2000. The problem lies in the way the server handles malformed SMTP mail messages. When it receives such a message, Exchanges Store service uses all of the available CPU cycles in trying to process the message. There is no way for […]

A security researcher well-known for finding dozens of vulnerabilities in all manner of software products announced Monday that he will no longer automatically wait for a vendor to patch a flaw before he notifies the general public of the problem. Tired of software vendors lack of responsiveness to security problems, David Litchfield, co-founder of Next […]

While much of the attention surrounding Web services security has focused on standards efforts, software developers and users are realizing that standards alone wont solve the problem. As a result, developers such as RSA Security Inc., Oblix Inc. and even networking manufacturer Cisco Systems Inc. are starting to take a more holistic approach to security […]

Dont envy Scott Charney. He has one of the most difficult positions in the security industry: chief security strategist at Microsoft Corp. The Redmond, Wash., company and its ubiquitous software are the targets of choice for crackers and Internet delinquents of every stripe—so much so that Microsoft has kicked off a very public security-improvement initiative […]

Reeling from a year of slumping revenue, layoffs and a restructuring, RSA Security Inc. is pinning its comeback hopes on the emerging market for Web services security products. Demand for its core cryptographic solutions has dipped, and RSA managers said they believe that the companys future lies in selling authentication and authorization technologies. “Our revenue […]