Timothy Dyck

Technology enabling Java application developers to connect to database data has taken a step forward with the publication of the Java Database Connectivity 3.0 standard in February. Longtime database driver manufacturer DataDirect Technologies Inc. (formerly Merant plc.) is the first out of the gate with its set of JDBC 3.0-compliant database drivers for all the […]

Speaking to eWeeks Corporate Partner advisory board in New York in late March, WebSphere Platform Chief Architect and IBM Fellow Donald Ferguson described an all-encompassing role for Web services in the WebSphere product line. “Our model is that Web services are a universal mechanism for program-to-program interaction,” said Ferguson, describing how IBM was enabling decidedly […]

Microsoft customer, this is the latest version of security update, the 9 mar 2002 cumulative Patch update. … ” So begins the text of W32.Gibe@mm, which first appeared early last month and has been spreading rapidly since then. This worm, spreading through e-mail and shared network drives and installing a back door listening on port […]

The future of Microsoft Corp.’s .Net Framework development platform is still unclear, but one thing we can safely predict is that solid Unix support will be critical to the platform’s ultimate success. That’s why organizations testing .Net code should be keeping an eye on Mono, an open-source implementation of the .Net Framework. Mono (at www.go-mono.com) […]

Two weeks ago, I documented an incompatibility between how Microsoft implements digest authentication (RFC 2617, which can be seen at http://kaizi.viagenie.qc.ca/ietf/rfc/rfc2617.txt, a secure log-in standard for Web sites) and how Apache, Mozilla and others implement it. (See “IE, Apache Clash on Web Standard.”) As part of my March 18 story, I recommended the combination of […]

Anything that accepts input from a caller and then retrieves and returns business-critical data to the caller on the basis of that input should set off mental alarm bells. And that goes double for Web services, which need to be approached as warily as you would any dangerous beast. Generally speaking, eWeek Labs advises that […]

Integrity Stops Security Leaks Imagine how hard it would be to defend a hockey net if it were moving randomly around the ice surface while slap shots were coming from every direction. Thats what its like trying to keep secure a corporate network perimeter that includes laptop-equipped mobile workers. Mobile laptops get connected to all […]

Tightening Security Screws Zone Labs Inc.s ZoneAlarm Pro originally set the bar for Windows client firewalls because it could define on a program-by-program basis which applications could send network traffic. ZoneAlarm Pro 3.0 goes further to block malicious program network activity by adding program integrity and component DLL checks. It also adds a variety of […]

eWEEK Labs has discovered that Microsoft Corp.s Internet Explorer Version 5.0 and higher—as well as the companys IIS Web server—has a significant security incompatibility with other major Web browsers and with the Apache Software Foundations Apache HTTP Web server. The incompatibility lies in how Microsoft has implemented digest access authentication, a World Wide Web Consortium […]

As weve seen in our OpenHack online security tests, Web application security is the most difficult part of online security to do right. Its well-understood how to use firewalls, transport-layer encryption and OS hardening to protect network infrastructure. Whats not well-understood is how an organizations custom applications can be made equally secure. For example, has […]