Exploit posted for Microsoft JPEG flaw

Latest security news.

Exploit posted for Microsoft JPEG flaw, 09/21/04

Computer code that takes advantage of a flaw in the way many Microsoft applications process JPEG images has been published on the Internet and could be a precursor to actual attacks on vulnerable PCs, experts said.


Ireland blocks calls to 13 countries to thwart 'Net scam, 09/22/04

Ireland's telecom regulator said this week that is taking "extraordinary" measures to protect Internet users from rogue autodialer programs that hijack their modems and run up long-distance phone charges by suspending direct dialing to 13 countries, most of which are South Pacific islands.


AOL, RSA, VeriSign push authentication services, 09/21/04

Responding to a scourge of online fraud and identity theft that threatens to undermine public confidence in Internet commerce, major companies are rolling out new services to encourage the adoption of better technology to identify customers, business partners and employees online.


Review: Endpoint security products aid in client defense, 09/20/04

We test enterprise endpoint security products from nine vendors: eEye Digital Security, Finjan Software, F-Secure. InfoExpress, SecureWave, Sygate Technologies, Symantec, WholeSecurity and Zone Labs.


Review: Testing Windows XP SP2's role in client security, 09/20/04

We also reviewed Microsoft's recently introduced Windows XP Service Pack 2, which is intended to make the operating system more secure.


Review: Attacking client security: Our strategy, 09/20/04

In order to exercise the endpoint security capabilities of these products, we focused on launching attacks that could occur if the basic network and machine defenses all have failed.


Review: Taking the application approach to client security, 09/20/04

Application control endpoint security products can limit the programs that can run on distributed client systems. The three products we tested in this category each attempt to solve the problem differently.


Feds eyeing one access model for all, 09/20/04

A mandate from President Bush has required the entire federal government to adopt common technology to be used to identify employees and contractors accessing federally controlled networks and buildings.


Weblog: A presidential order on secure identification, 09/20/04

Little noticed in this mud-slinging frenzy of an election season is that President Bush late last month signed a presidential directive with important technology implications.


Technology Update: Virtual directories solve identity crises, 09/20/04

One challenge network administrators face in implementing portals or other enterprise applications is that user identity is fractured, residing in multiple directories tied to individual applications throughout an organization. As a result, it is difficult to provide enterprise applications with the comprehensive view of users they require to deliver their full value.


TruSecure merges with Betrusted, 09/20/04

Information security services companies TruSecure and Betrusted plan to announce on Tuesday that they have merged, forming a new company called Cybertrust.


Gartner analysts point out the security you don't need, 09/20/04

The plethora of security technologies on the market are enough to overwhelm even the most knowledgeable IT managers, but in sorting through all of the options, it may be helpful to look at what is not needed, according to Gartner research detailed Monday in London at its IT Security Summit conference.


Liquid Machines to acquire e-mail company, 09/20/04

In a sign of continued consolidation among security firms, Lexington, Mass., Liquid Machines Monday plans to announce the acquisition of San Francisco's Omniva.


Microsoft provides Office source code to governments, 09/20/04

Facing growing competition from open source software providers, Microsoft has decided to allow governments and international organizations access to source code for its Office 2003 productivity suite.


Novell set to advance identity mgmt. package, 09/20/04

Forthcoming enhancements to Novell's identity management wares could help users get a better handle on who is on the network and what they are doing.


Management Strategies: Security certification staples, 09/20/04

Digest what some of the most popular IT credentials bring to the table.


Opinion: Controlling the access point signal, 09/20/04

How accurately can the radio signal from an access point (which supports attenuation by varying the power output, such as some Buffalo access points) be attenuated, contained or controlled?


Opinion: Protecting a wireless net with RADIUS, 09/20/04

We are getting ready to double our use of wireless networking at our company. In doing some research, we have found mentions of using RADIUS.  Is that something we should look at?


Conference focuses on challenges of fighting cybercrime, 09/17/04

Preserving the digital crime scene poses one of the biggest challenges in the global fight against cybercrime, said participants this week at a major international conference on fighting Internet-based crime.


Arrest made in Cisco source code theft, 09/17/04

Police in the U.K. have arrested a man in connection with the theft of source code from networking equipment maker Cisco in May, a Scotland Yard spokeswoman confirmed Friday.


Microsoft trials piracy lock on Download Center, 09/17/04

As part of its efforts to combat software piracy, Microsoft is testing a new feature on its Download Center Web site that can lock out pirated copies of Windows.


Weblog: Some new intrusion-detection resources, 09/17/04

We've added several new tools to the Intrusion detection downloads page, including rootkit detectors and forensics tools.


Audio: Sendmail on e-mail authentication, 09/16/04

E-mail authentication, in one form or another, is coming to an inbox near you. Dave Anderson, CEO of Sendmail, joins the program to discuss the various authentication proposals - SenderID, DomainKeys and Sender Policy Framework - and how his company is planning to implement them in both its commercial and open source products.


Netilla SSL device guards one application at a time, 09/16/04

Netilla is introducing a line of Secure Sockets Layer gear that protects only one application at a time as remote users access servers across the Internet.


Symantec to acquire security consultants @Stake, 09/16/04

Symantec has agreed to acquire @Stake, a Cambridge, Mass.-based provider of IT security consulting services.


NEC extends quantum cryptography range and speed, 09/16/04

NEC researchers have developed a quantum cryptography system with sufficient speed and range to make it commercially viable. It could go on sale in the second half of 2005, the researchers said Thursday.


AOL backs away from Microsoft anti-spam plan, 09/16/04

America Online has decided not to fully support Microsoft's Sender ID spam-fighting plan after the IETF and the open- source community expressed intellectual property concerns.


IBM fits PCs with new hardware-based security chip, 09/16/04

IBM has begun using new security hardware from National Semiconductor in its desktop PCs in an effort to fend off viruses and hackers.


Newsletter: Digital forensics, Part 1, 09/14/04

A journalist from South Africa recently wrote to me with a series of interesting questions about forensics and I had such fun answering that I got his permission to post his questions and my answers in this column and the next.


Newsletter: Digital forensics, Part 2, 09/16/04

A journalist from South Africa recently wrote to me with a series of interesting questions about forensics and I had such fun answering that I got his permission to post his questions and my answers in the last column and this one.


Newsletter: Fortinet aims latest VPN boxes at the carrier market, 09/16/04

Fortinet is heading into the service provider market with the release of two hardware platforms that support network-based VPN services as well as provide firewalling and virus protection.


German IT agency sets record straight on IE, 09/16/04

In response to the growing number of viruses infecting computers, a spokesman for Germany's Federal Office for Information Security (BSI) has suggested that users consider alternatives to Microsoft's Internet Explorer Web browser. But the agency did not recommend that users steer clear of Microsoft products, the spokesman said, refuting a press release issued Tuesday by browser developer Opera Software ASA.


Weblog: VoIP security, 09/15/04

A new guide from NIST discusses the unique issues involved in securing VoIP systems.


Newsletter: VoIP and security, Part 2, 09/15/04

The same areas that are security problems for network security can also be problems for VoIP security.


Newsletter: Cisco adds upgrade feature to IPSec VPN software client, 09/14/04

Cisco is updating the software client for its IPSec VPN gear, adding features that make it easier to distribute future upgrades and to tie the clients to other applications.


Weblog: Network Intelligence unveils secure array, 09/14/04

Network Intelligence last week announced a secure software appliance for companies that need to comply with government regulations.


IETF deals Microsoft's e-mail proposal a setback, 09/14/04

A proposed technology for identifying the source of e-mail messages suffered a blow last week when a group within the IETF established to study the proposal sent it back for more work, citing concerns over vague intellectual property claims made by Microsoft covering some of the technology.


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2004 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)