Problems Found in Graphics Library, Mozilla, and PDAs
Windows XP security best practices, better SAML administration
Already under the regulatory gun, attacks against the IT infrastructures of financial services firms have doubled in the last year
A new Internet Explorer security flaw; heading off phishing attacks
Active X Allows File Loading; Defining Spyware
New vulnerability erases hard drives; open source tool at risk; Oracle SQL exposure
While most companies don’t face worms designed to turn computers against them, denial-of-service attacks remain a problem. How can organizations stress test their network against such attacks? We turned to Alan Newman of Spirent Communications, which manufacturers network stress-testing appliances and simulation software, for some ideas.
DoS attacks possible on 802.11 devices, public access points particularly vulnerable; tricking Outlook 2003 to download and run files
Despite Arrest, Worm Exploits Continue; Microsoft Help Vulnerability Revealed; Symantec Firewall Management Improved
Global organizations go offline to prevent Sasser damage; Apple patches QuickTime, OS X to close buffer overflow vulnerability
Top vulnerabilities include a virus and a Hotmail hoax; FTC charges spammers; NOD32 antivirus software for consumers and the enterprise
TCP vulnerability exploit found in the wild; buffer overflow weakness uncovered in Microsoft PCT protocol
Security policies and education aren't enough
Cisco sign-on, IE cross-scripting lead vulnerabilities this week
Sneaking vulnerabilities into the enterprise through encrypted attachments pose new problems; ISPs will spend $245 million this year to combat problems, in large part because of home users.
New report charts security manager dissatisfaction
As popularity of Linux grows, company predicts increasing attempts to create malicious programs that will attack it
WholeSecurity gives businesses the ability to offer their customers an opt-in PC security sweep to quarantine malicious software
New warnings about Web hosting control panel protection, ISS server-response processing, and Symantec's security software