Dennis Fisher

After a week on the scene, the Fbound worm is continuing to infect machines across the Internet, but still hasnt made much progress in the U.S. The worm, first spotted March 13, apparently originated in Japan and has done most of its damage there and in other Asian countries. The virus is most prevalent in […]

ARLINGTON, Va.–A critical shortage of experienced security personnel—and not a lack of technological advancement—is hindering the effort to secure the nations public and private networks, government officials and security experts said Tuesday. Speaking to a room full of security officers, CIOs and CTOs at the Defending Against Information Warfare Conference here, a succession of high-profile […]

WASHINGTON–The governments second highest-ranking information security official said the nations critical network infrastructure is clearly vulnerable to a concerted attack, but legislation or other forms of government intervention are not the answer to the problem. Howard Schmidt, the vice chairman of the Critical Infrastructure Protection Board, said Monday that he believes a combination of public-private […]

There are two newly discovered flaws in widely deployed software products that present serious security problems for both users and network administrators. The more serious of the two vulnerabilities is a buffer overflow in the OpenSSH protocol that gives a user the ability to gain root privileges on a vulnerable machine. There is also a […]

A group that works to establish open interoperability standards on Thursday announced that it has formed a committee to define an XML schema for biometrics. The XML Common Biometric Format Technical Committee, under the aegis of OASIS (Organization for the Advancement of Structured Information Standards), will work to create a standard that can be used […]

Despite dire predictions from some anti-virus companies of widespread file deletions and other damage, the supposed activation of the payload carried by the Klez.E Internet worm turned into a major non-event Wednesday. The worm, discovered in January, is a typical mass mailer, and most anti-virus vendors have it listed as either a low or medium […]

There are two remotely exploitable security vulnerabilities in numerous implementations of the RADIUS protocol that enable attackers to launch denial-of-service attacks against both clients and servers. RADIUS (remote authentication dial-in user service) is used for authentication and authorization in many different network settings, including 802.11b wireless LANs. Affected versions include FreeRADIUS, Cistron RADIUS, GnuRADIUS and […]

A proposal for a new process for disclosing security vulnerabilities has reignited the old debate over how flaws should be published and whether theres any way to regulate the process. The document, titled “Responsible Disclosure Process,” outlines a detailed, step-by-step process for everyone involved in the discovery and reporting of vulnerabilities—including researchers, vendors and third-party […]

Security vendors are warning of a new Web site that contains a simple virus-generating kit that would enable even the most inexperienced computer user to create and release a virus. The site, titled “The Instant Macro-Virus Maker v1.2,” comprises a short Web form that asks the user to input the virus name, the authors name, […]

Anti-virus vendors are readying technologies that will speed updating and propagation processes in an effort to outpace the wave of infections during virus outbreaks. Sophos plc. and McAfee Security, a division of Network Associates Inc., are taking different approaches to the problem of signature propagation but have one similarity: hands-off automation for network operators. Sophos […]