Lisa Vaas

Microsoft will send out six security bulletins, four of them for problems rated “critical,” the companys highest severity rating, on Patch Tuesday, June 12. All four of the most serious vulnerabilities, in Windows and in IE, can lead to systems getting hijacked. Three of the critical problems are in Windows; one is in Internet Explorer, […]

Anti-spam forces must have hit a nerve with their adversaries. As of the evening of June 7, anti-spam groups Spamhaus, SURBL (Spam URI Realtime Blocklists), URIBL (Realtime URI Blacklist) and others have been under a “pretty big” DDoS (distributed denial of service) attack, according to the ISC (Internet Storm Center), which is run by the […]

Security researchers, are you tired of handing your vulnerability discoveries over to your employer, as if that were what you’re paid to do? Helping vendors securing their products—for free—so that their users won’t be endangered by new vulnerabilities? Showing your hacking prowess off to your friends, groveling for security jobs or selling your raw discoveries […]

In surveying some 80 million domain names, Google has found that nearly half (49 percent) of the worlds malware is coming from only 23 percent of its servers—those being Microsofts IIS servers. In Googles security blog on June 5, an Anti-Malware Team member reported that IIS and Apache (also at 49 percent) evenly split up […]

WASHINGTON—When it comes to the new security functions in Windows Vista, User Account Control is the one people tend to scratch their heads over, Gartner Analyst Neil MacDonald said during his presentation on implementing Vista security at Gartners IT Security Summit here on June 4. “Its one that has plenty of people confused regarding what, […]

WASHINGTON—When the phone rings in the office of Gartner analyst Neil MacDonald, chances are good that if its a client calling with a question about Windows Vista security, it will be about BitLocker. BitLocker is an implementation of full-disk encryption designed to protect system files and data, and its easy to see why businesses are […]

WASHINGTON—Theres a bushel of security enhancements in Windows Vista—they comprise the most important aspect of the new operating system and the most compelling reason to upgrade, analysts say—but theyre not all perfect, nor are they silver bullets. Vistas BitLocker encryption, for example, is restricted from working alongside virtualization software, doesnt encrypt multiple disk volumes, and […]

Saying that an Internet Information Server exploit is due to a feature, not a flaw, Microsoft has published exploit code for the flaw but no workaround or patch. (Microsoft has removed the exploit code since this story first posted, saying that it was posted inadvertently.) The exploit, which was discovered on Dec. 15, 2006, and […]

The researcher, Michal Zalewski, on June 4 reported a JavaScript flaw in fully patched IE 6 and 7 that can allow an attacker to fiddle with a documents Document Object Model—a model for representing HTML or XML and related formats. The result can be cookie stealing or cookie resetting, browser crash, page hijacking, code injection […]

WASHINGTON—On Dec. 15, 2005, the New York Times broke the news that soon after the Sept. 11 attacks President Bush had secretly authorized the National Security Agency to eavesdrop on U.S. citizens and other persons within the country. A Federal judge has since ruled that the NSAs actions were both illegal and unconstitutional—a matter that […]