Dennis Fisher

A group of software and security vendors that is developing a standard for disclosing security vulnerabilities said it hopes to have a completed document ready for public inspection within a month. The Organization for Internet Safety, or OIS, which has been working on the standard for several months, submitted a preliminary version of the proposal […]

ORLANDO, Fla. — Computer Associates International Inc. on Monday unveiled a new product that company executives believe will bridge the gap between the electronic and physical security measures deployed in enterprises. The product, called eTrust 20/20, is a visual tool that gives systems administrators a detailed picture of their companys physical and network environments and […]

ORLANDO, Fla. — As part of his continuing effort to reshape the company, Sanjay Kumar, president and CEO of Computer Associates International Inc., on Sunday announced that he has reshuffled CAs marketing, support and product-management organizations. Each of the companys six brand units is now aligned vertically, with the development, marketing, support, quality assurance and […]

Problems with Microsoft Corp.s Windows Update are causing the automated scanning service to mismanage patches, leaving IT managers to wonder whether the systems they thought were safely patched are actually vulnerable. WU, which was originally meant for consumers but is used widely in the enterprise as well, checks a customers PC for needed product updates […]

Microsoft Corp. has issued a patch for a buffer overrun vulnerability in some versions of its SQL Server database software that could enable an attacker to execute code on a vulnerable machine. The flaw, which affects SQL Server 7.0 and 2000, occurs when extended stored procedures validate input to the database. The procedures are external […]

A new variant of the Klez worm is making the rounds on the Internet, spreading rapidly in Asia and parts of Europe. Klez.H is a mass-mailing worm that is little different from its older siblings in that it spreads by mailing itself to all of the addresses in the infected machines Microsoft Corp. Outlook address […]

There is a security vulnerability in several Microsoft Corp. products that run on the Macintosh platform that researchers say could be fertile ground for the development of a worm. The flaw is a buffer overflow associated with the way that the applications handle a lengthy subdirectory in a particular file. It affects Internet Explorer 5.1 […]

More than 15 percent of the SSL servers in the United States are using short RSA keys that are in danger of being compromised, potentially threatening the data flowing to and from those servers, according to a white paper published last week. The paper, written by Nicko van Someren, chief technology officer of Ncipher Corp. […]

Enterprise IT managers and CIOs, growing impatient with security vulnerabilities, are fighting back with language in contracts that holds software companies liable for breaches and attacks that exploit their products. This trend illustrates a shift of responsibility for attacks and virus outbreaks from users and IT staffs to vendors, which many customers feel have been […]

Reports of problems with Microsoft Corp.s vulnerability-scanning tool continued to mount Monday as more and more users say the free program finds phantom vulnerabilities and misses patches that have been applied. The problems do not seem to be isolated to any one version of Windows or any particular brand of computer. Known as the Microsoft […]