Security: Vulnerabilities


DNS Flaw Ignites Controversy

A security researcher's speculation about a DNS flaw ignites another firestorm for full and responsible disclosure

DNS Flaws Need Patching

Thanks to this month's DNS vulnerabilities, a lot of patching will be taking the time of DNS administrators. In fact, it might even seem like 2002 all over again.

Windows DNS Patch Strands ZoneAlarm Users

Microsoft officials warn of a problem that arises after users apply a DNS patch to Windows XP and 2000.

Firefox's Auto-Update is Model for Safer Browsing, Report Concludes

As attackers increasingly target browser flaws, the Firefox update scheme serves as a model for the industry

Attacks Target Firefox 3.0 Web Browser

Firefox 3.0 release highlights the perils of information technology celebrity

MX Logic Introduces Security Crystal Ball

A security researcher announces a new Threat Forecast service that aims to keep security chiefs at least one step ahead of the bad guys

Three Steps to Web Application Safety

With more than 100 million Web applications deployed in the world, perhaps fewer than 5 percent of are being tested for security vulnerabilities. We offer three simple steps to help you secure your Web applications.

Survey Says Insider Theft Tops CIO's Worry List

Why the threat of theft-from-within is keeping enterprise CIOs up at night

Security: Batten Down the (IM) Hatches

IM attacks are on the rise, in part because organizations are deploying unified communications platforms without first hardening them against attacks

Bugs Are Up, Microsoft Security Report Says

Report, covering late 2007, found a 300 percent increase in Trojan bugs.

Web Attacks on the Rise; E-mail Attacks Decline

During the first three months of 2008, security researcher Sophos identified about 15,000 freshly infected Web pages every day

Oracle, Apple Issue Security Fixes

Microsoft isn't the only vendor issuing security "<em>mea culpa</em>"s lately. Oracle and Apple got into the action last week, too.

Why IT Must Act Now to Meet New PCI Data Security Standards

A bevy of vendors -- including most prominent services providers -- have announced new payment card industry-oriented services.

Trusted Web Sites Attract Malicious Activity, Symantec Report Reveals

The Global Internet Security Threat Report shows that as networks are more strongly protected, attackers have shifted tactics and targets.

Windows XP SP3: T-Minus Four Weeks and Counting?

Industry watchers speculate that the third service pack for Windows XP -- complete with security-related features -- could appear soon

Report Urges IT: It’s Time to Guard against the "Millennial" Threat

New IT consumers are more comfortable with, and knowledgeable about, technology, and that’s a problem

Grocery Chain’s Data Breach Extends Security Debate

Over 1,800 known cases of fraud result from data breach

Web 2.0 Pushes Need for Defensive Application Development

The Web 2.0 paradigm shift is fraught with both promise and danger

Trustworthy Computing: Examining Trust

Microsoft’s Trustworthy Academic Advisory Board has been keeping tabs on security issues -- external as well as internal -- that continue to challenge Microsoft’s developers. We take a look at the board, which is now five years old.

Laptop Security: Hackers Attack Encrypted Data on Chips

Sleeping laptops may be the next way hackers steal encrypted information