Dennis Fisher

Microsoft Corp. is forging ahead with a corporate directive to improve security and privacy, instituting a companywide development policy and naming a new chief security strategist. The moves come just weeks after Microsoft Chairman and Chief Software Architect Bill Gates sent a memo to all employees exhorting them to adopt Trustworthy Computing, Microsoft lingo for […]

PKI products have a reputation for being expensive, tortuous to implement and lacking in applications. But an Ottawa developer is hoping to change that with a public-key infrastructure plug-in for Microsoft Corp.s Outlook mail client. Kyberpass Corp. next week at the RSA Conference in San Jose, Calif., will unveil Secure E-mail TrustPlatform, a package comprising […]

NEEDHAM, Mass.–In an attempt to resurrect itself after a disastrous 2001, security developer Baltimore Technologies plc. is orchestrating a massive reorganization. At the heart of its reorganization is a shift of focus from PKI (public-key infrastructure) technology development to providing professional services and repeatable security solutions, according to Bijan Khezri, Baltimores new CEO, in an […]

A well-known problem in the way that Internet Explorer handles user cookies can be exploited to allow an attacker to hijack MSN Messenger sessions, according to a bulletin published by a U.K. security researcher. The vulnerability, which another researcher brought to the attention of Microsoft Corp. late last year, is in the document.open command and […]

There is a buffer overflow vulnerability in the Telnet service in Windows 2000 that could enable an attacker to execute arbitrary code on a vulnerable machine. Microsoft Corp. has developed a patch for the flaw, which also affects the Telnet daemon in Microsoft Interix 2.2, the companys environment for running Unix applications on Windows machines. […]

Irish security vendor Accelerated Encryption Processing Ltd. on Monday will unveil two additions to its line of SSL accelerators, including a chip that can handle as many as 10,000 transactions per second. The AEP10K is the first release under the companys new Scaleable Public Key Architecture, a design that will eventually support ASICs (application specific […]

Information security research and education efforts would get a huge financial boost under a bill passed Thursday by the U.S. House of Representatives. The House voted 400-12 to approve $880 million for the National Institution of Standards and Technology and the National Science Foundation to fund security research and provide incentives for universities to establish […]

The New York state attorney general on Thursday sued security vendor Network Associates Inc. for violating free speech laws with a clause in its user agreement that prohibits users from criticizing the companys products. The suit charges that the clauses are illegal and harm the public by preventing discussion of problems and defects in the […]

As promised, a security researcher on Wednesday revealed several security vulnerabilities in Oracle Corp.s 9i database software, some of which enable an attacker to run arbitrary code on the affected machine or access the database server without a password. Patches or workarounds are available for all of the vulnerabilities. The advisories come at a particularly […]

Funding for information security projects within the federal government would increase by more than 50 percent in 2003 under the budget proposed by President Bush. Spending on security-related technology would jump to $4.2 billion from $2.7 billion this year. That increase is part of an overall hike in federal IT spending. Under Bushs budget plan, […]