Dennis Fisher

Just days after its release, users are reporting a raft of problems with Microsoft Corp.s new vulnerability scanning tool. Known as the Microsoft Baseline Security Analyzer, the tool scans various Microsoft products for known vulnerabilities and can also alert the user to missing or misapplied patches and hotfixes. However, some users say the tool is […]

A group of software and security vendors that is at work on a standard for disclosing security vulnerabilities hopes to have a completed document ready for public inspection within a month. The group, known as the Organization for Internet Safety, has been working on the proposal for several months and submitted a preliminary version of […]

In a move of virtually unprecedented scope, Microsoft Corp. on Wednesday released a bulletin warning of 10 new security vulnerabilities in several versions of its IIS Web server, several of which could give an attacker total control over a vulnerable system. The vulnerabilities affect Internet Information Server 4.0, 5.0 and 5.1 in varying degrees. A […]

Microsoft Corp. on Monday released a free tool designed to scan for vulnerabilities and missing patches in many of its most popular enterprise products, including Windows 2000 and Windows NT and Internet Information Services. Known as the Microsoft Baseline Security Analyzer, the tool, which can be downloaded at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/Tools/MBSAhome.asp, runs on Windows 2000 and XP […]

The cost of computer crime and vandalism is rising rapidly, as is the number of incidents occurring each year. Fully 85 percent of the respondents to the Computer Security Institutes annual Computer Crime and Security Survey reported detecting a security breach during 2001. And the cost to the respondents who could quantify their losses was […]

More than 15 percent of all of the SSL servers in the U.S. are using unnecessarily short RSA keys that are in danger of comprise, potentially threatening all of the data flowing to and from those servers, according to a new white paper due to be published next week. The paper, written by Nicko van […]

The Electronic Privacy Information Center earlier this week sued Tom Ridge and the Office of Homeland Security for access to documents related to the development of a national identification card program. The suit arose from a request that EPIC made under the Freedom of Information Act for copies of any material concerning the national ID […]

Sanctum Inc. this week unveiled the latest version of its AppShield application firewall, adding several new features, including a rapid-deployment tool and a set of templates with predetermined security settings. The new features in AppShield 4.0 are the result of feedback from customers who suggested ways that the company could improve the product, said Peggy […]

A well-known security researcher has released an advisory about–and exploit code for–two new unpatched flaws in portions of Microsoft Corp.s Office XP application suite. The two bugs are closely related and, if used in concert, could enable an attacker to gain complete control over a vulnerable machine. The first vulnerability is a problem with the […]

With last weeks acquisition of Digital Signature Trust Co. by Identrus LLC, the possibility of a standard, secure payment and authentication system for banking and financial services moved a big step closer to reality. DST, jointly owned by Zions Bancorporation and the American Bankers Association, operates a managed digital certificate service for secure online transactions […]