Lisa Vaas

Cisco yesterday posted two security advisories: one on certain Cisco Unified IP Conference Station and IP Phone devices that contain vulnerabilities that may allow unauthorized users to gain administrative access to vulnerable devices, and another about multiple vulnerabilities, including privilege escalations and information disclosure, in the 802.1X authentication standard. The IP phone and Conference Station […]

Websense Security Labs researchers have caught a somewhat rare insight into an interface used by an attacker to control infected systems in a bot network. Websense discovered the new malicious Web sites yesterday, using the company’s ThreatSeeker technology. The sites are designed to install Trojan horse bots that seek out banking credentials for more than […]

Whats in store for Black Hat Feb. 28-March 1? Weve got digital forensics—will Jim Christy, forensics expert to the DOD, challenge attendees to break the encryption of the hardware encryption chip used by Vista? Maybe—stay tuned, because he tells me theres definitely going to be some kind of challenge! Then weve got new and better […]

The open-source Snort intrusion detection and prevention system and Sourcefire Intrusion Sensor IDS/IPS are vulnerable to a stack-based buffer overflow, which can result in remote code execution, IBM’s Internet Security Systems division has advised. IBM ISS posted the flaw on Feb. 19 (link to IBM ISS’ advisory requires registration). Sourcefire has updates on hand to […]

Microsoft has another IE vulnerability on its hands. But is it a flaw, or is it a feature? IE’s been having a miserable time of late, starring in scads of headlines about security flaws. Most recently came last week’s monthly security bulletin, a package of fixes for 20 individual problems in Microsoft products. Included in […]

Websense Security Labs is reporting a Trojan packed into an e-mail that claims that Australia’s Prime Minister has suffered a heart attack. Websense says the Trojan monitors all of a user’s activity online, keeping track of Web sites visited and keylogging “everything you do,” according to Websense’s e-mail alert of Feb. 19. The Trojan includes […]

F5 Networks will release at the end of February an enhanced version of its FirePass Controller SSL VPN software—the first Secure Sockets Layer VPN to support Microsofts Windows Vista operating system, the company said. Given that business users are already using Vista on home machines regardless of whether they have their IT departments go-ahead, VPN […]

How embarrassing is this: a fix for a bug in Microsoft’s Malware Protection Engine, used by security products including Windows Defender, OneCare and Antigen in malware scanning, tucked into the 20-patch February security bulletin. Yes, they shipped a fix for the heart of Vista’s much-touted, much-more-secure Vista. Easy target, particularly since Microsoft actually quietly patched […]

Even before its bitter battle to take over PeopleSoft, Oracle had a reputation for ruthlessness, thanks to its notoriously heavy-handed sales force and penchant for devouring other companies. So its not surprising Oracles announcement that it will support Red Hat Enterprise Linux and distribute an Oracle-branded clone of RHEL triggered fears of Red Hats demise […]

IBM on Oct. 16 announced a new species of server: the IBM Information Server. The new server is all about grafting formally siloed information-handling products such as data cleansing and profiling platforms into one product with a common interface. IBM unveiled the Information Server at its first Information on Demand Global Conference in Anaheim, Calif. […]