Dennis Fisher

Virus outbreaks are continuing to get worse even as network defenses continue to advance, according to a new survey released Monday. About 1.2 million virus incidents occurred during the 20-month survey period, and about 28 percent of all of the respondents had 25 or more servers or PCs infected at once, an event termed a […]

Bodacion Technologies is so confident that the cryptographic scheme in its Hydra Internet Server is unbreakable that it is offering $100,000 to anyone who can crack the system. The companys encryption output is based on an offshoot of chaos theory called biomorphic mathematics that is used to generate what Bodacion claims are truly random numbers, […]

The chairman of the Senate Commerce committee warned Thursday that the government would step in if the high-tech, movie and music industries cant reach an agreement soon on a standard way to deliver secure digital content over the Internet. Sen. Fritz Hollings (D-S.C.) told a hearing on digital content protection that, contrary to popular belief, […]

Security researchers have found seven separate vulnerabilities in several versions of the widely used PHP scripting language and warn that crackers are circulating exploit code for at least one of the flaws. The problem lies in the way that PHP handles multipart-data POST requests, through which users can upload files or other content to a […]

Sourcefire Inc. on Wednesday will announce the second product in its lineup of tools based on the open-source Snort intrusion-detection system. The OpenSnort Management Console appliance is designed to manage a network of Snort IDS sensors and was built with the needs of security administrators in mind, said Martin Roesch, president of Sourcefire, based in […]

A proposal for a new process for disclosing security vulnerabilities has reignited the old debate over how flaws should be published and whether theres any way to actually regulate the process. The document, titled “Responsible Disclosure Process,” outlines a detailed, step-by-step process for everyone involved in the discovery and reporting of vulnerabilities—including researchers, vendors and […]

Microsoft Corp. on Thursday released patches for three critical security vulnerabilities in three separate products, two of which could enable an attacker to read files on a users machine. The companys Commerce Server 2000 software has an unchecked buffer in the ISAPI filter installed by default with the server. AuthFilter, which is used to provide […]

SAN JOSE, Calif.—In an effort to speed interoperability among dispa-rate products, Microsoft Corp. an-nounced Wednesday that it will pub-lish a portion of the specifications of its Kerberos implementation in Win-dows 2000. The Redmond, Wash., company will grant a royalty-free license to the group membership PAC (privilege ac-cess certificate) data, but will not open up the […]

SAN JOSE, Calif.–Members of the Liberty Alliance Project plan to release by this summer the initial specification for their proposed Web identity technology, which will give users the ability to choose which Web sites they share their identity information with. Eric Dean, the chairman of the projects management board and CIO at United Airlines, said […]

SAN JOSE, Calif.–The vast majority of software vulnerabilities are caused by flaws in the programs design and could be prevented easily with better coding and quality-control procedures, according to new research released Tuesday by a security consulting firm. The research, conducted by @stake Inc., of Cambridge, Mass., also shows that 47 percent of those vulnerabilities […]