Lisa Vaas

What I particularly like about Oracle’s lawsuit against SAP, wherein Oracle charges its rival with “corporate theft on a grand scale,” is that it fits in so well with the current rash of news about hijacked accounts. Oracle filed suit on March 22, claiming its business software rival used customers’ online access codes to steal […]

Hijackers are getting access to Xbox Live gaming accounts, credit cards and PayPal accounts with repeated calls to support staff, who are easy prey for social engineering stunts. Going against Microsofts own privacy policy, Xbox Live telephone support personnel are giving away gamer tags based on made-up information. One gamer who requested anonymity shared with […]

A federal court judge on March 22 struck down the Child Online Protection Act (PDF), saying it violates the First and Fifth Amendments and is “impermissibly broad and over-vague.” U.S. District Judge Lowell Reed of Philadelphia wrote in his finding that he sympathizes with Congress and its desire to protect children from sexually explicit materials […]

Kevin Finisterre, one of many Xbox gamers who claim that they’ve recently been shut out of their accounts after hijackers have taken them over, says it’s Microsoft’s Xbox Live support staff who are giving the information away. “It’s because they outsource their support staff to Mexico or somewhere like that and the staff barely speaks […]

Romanian hackers, eat your hearts out: The United States has far and away the most malicious code, spam, phishing, attack and botnetwork activity on the planet, according to Symantecs most recent semi-annual Internet Security Threat Report. In this, its 11th edition of the report, Symantec has for the first time ranked countries as far as […]

ORLANDO, Fla.—Uh-oh, Sales has lost a laptop. The nightmare that ensues brings a host of uncertainties: Exactly what data was on that thing? How do you define nonpublic, private or confidential information? What constitutes a breach or a mass data compromise? What are your obligations to protect that data, and what are your organizations obligations […]

It turns out that, after years of engineering work and collaboration efforts with strategic partners such as IBM, Red Hat’s March 14 release of Red Hat Enterprise Linux 5 had the misfortune of coinciding with the company’s release of a whopping 11 security advisories. Three of the advisories are rated critical, but those three pertain […]

Cisco’s online help system could allow cross-site scripting and a subsequent system takeover due to a vulnerability in several products, the company reported on March 15. The XSS (cross-site scripting) flaw would allow an attacker to execute arbitrary scripting code if he or she were successful in luring a user to click on a specially […]

Security company Symantec says new research supports fears that Windows Vistas use of the IP tunneling protocol Teredo is potentially insecure. Microsoft is using Teredo to enable a transition from IPv4, which is the traditional version of the network layer protocol for packet-switched networks now used as the Internets background, to IPv6, an updated protocol […]

The open-source operating system OpenBSD has a critical remote kernel buffer overflow vulnerability in its IPv6 protocol stack that can allow for a remote attacker to take over the system with malformed e-mail, Core Security Technologies disclosed on March 13. CoreLabs, Core Security’s research arm, discovered the flaw, which bypasses all system security mechanisms. The […]