Lisa Vaas

Microsoft has retrofitted two things: its advanced notifications of security bulletins—formerly so devoid of detail that customers complained it was like knowing a hurricane was coming but not when—and a finicky IE patch that wouldnt start IE for some users. Responding to customer requests for more detail, the company will debut a new ANS (Advanced […]

You lucky duck—you scored a $20 copy of Norton AntiVirus. Not only is your PC now safe from the clutches of bad guys, but you also saved a pretty penny to boot. Or, then again, not. After Symantec announced on May 16 that it is filing suit against eight alleged software pirates, I got on […]

Seven security companies have teamed up to hammer out an open standard to get edge devices—such as laptops and printers—chirping to each other in the wireless world. The group, called the OpenSEA (Open Security Edge Access) Alliance, says that the open-source standards to build secure networking technologies are lacking on the client side. “Why this […]

A Web application developer has uncovered a two-step process (PDF) for exploiting Windows Vistas User Account Control, essentially by having a Trojan piggyback on what could be a legitimate download. Robert Paveza, a senior Web application developer with Terralever, a Web-based marketing company based in Tempe, Ariz., published details of the vulnerability in a paper […]

A security vendor is questioning whether the IOS FTP Server vulnerabilities Cisco reported on May 9 may constitute an intentionally planted backdoor, as opposed to a series of programming errors that inadvertently led to a backdoor. Chris Eng, director of security services at Veracode, is suggesting that possibility given that a remote attacker would need […]

The U.S. Computer Emergency Response Team is reporting a network evasion technique that uses full-width and half-width unicode characters to allow malware to evade detection by an IPS or firewall. The vulnerability affects virtually every major firewall and intrusion prevention system available, including products from Cisco Systems. Given Ciscos major share of the market, at […]

The American Federation of Government Employees is suing the Transportation Security Administration after the TSA lost a hard drive containing employment records for some 100,000 individuals. The union represents employees throughout the Department of Homeland Security, including the TSA. Its class action lawsuit, filed within a day of the TSA announcing the missing hard drive, […]

Microsoft once again invited hackers to its home and laid out its wares to be stomped on in its fifth Blue Hat security conference, which ran May 9-10. The Blue Hat conferences are meant to get Microsoft executives and engineers from across the company to sit down with the members of the security research community […]

More than a month after Microsoft patched the .ANI vulnerability, the geek favorite e-tailer Toms Hardware has found the W32.ani Trojan lurking in one of its banner ads. ScanSafe, a managed Web security services company, on May 8 noticed a spike in traffic blocks that had a common theme. The company found that Tomshardware.com was […]

Apple has updated its open-source Darwin Streaming Server to fix two critical security holes that can allow a remote attacker to hijack the server. Darwin is an open-source version of Apple’s QuickTime Streaming Server that enables users to send streaming media to clients across the Internet using the industry standard RTP and RTSP protocols. It’s […]