• United States

Microsoft wraps up Windows XP Service Pack 2

Aug 11, 20048 mins

Latest security news.

Microsoft wraps up Windows XP Service Pack 2, 08/06/04

Microsoft has finished work on Service Pack 2 (SP2) for Windows XP, the company said Friday. The software maker now begins the process of delivering the large, security-focused update to users.

IBM tells employees not to install Windows XP update, 08/09/04

While developers at Microsoft may be celebrating that they finished work on Service Pack 2 for Windows XP, IT departments around the world now face the question of whether they should update their systems, or not.

Fed up hospitals defy patching rules, 08/09/04

Amid growing worries that Windows-based medical systems will endanger patients if Microsoft-issued security patches are not applied, hospitals are rebelling against restrictions from device manufacturers that have delayed or prevented such updates.

Weblog: Trying to patch up an argument, 08/09/04

In a world where clinical patient-care systems are more and more integrated into high-speed networks – not unlike enterprise-resource planning systems, for instance – there is growing alarm among IT administrators about the delay in assuring medical devices receive security patches.

AOL IM ‘Away’ message flaw deemed critical, 08/09/04

Computer security companies are warning users of AOL’s Instant Messenger software that a serious security hole in the product could allow remote attackers to execute malicious code on computers that run the popular IM software.

Trojan hits Windows PDAs for first time, 08/09/04

After finding the third malicious program targeting wireless devices in fewer than 60 days, security specialists are warning that it’s only a matter of time before attackers launch a serious attack against mobile phones and PDAs.

Hack . . . hack back . . . repeat, 08/09/04

At DefCon, a game of virtual capture the flag keeps eight teams at the keyboard for 36 hours.

No Zero Day this July, 08/09/04

For no apparently technical reason, July has traditionally been a bad month for the security world. But July 2004 was relatively quiet, security-speaking.

New Bagle version spreading, 08/09/04

Anti-virus and computer security companies warned Internet users about a new version of the Bagle e-mail worm that was spreading quickly on the Internet Monday.

Weblog: Hacking RFID, 08/10/04

RFDump is a Java tool for reading data off RFID chips (when connected to an RFID reader device).

Digging into Microsoft’s search efforts, 08/09/04

Microsoft’s developing desktop search technology will have to be complemented by a well-defined security framework, or it will become a nightmare when integrated into a corporate collaboration environment, experts say.

Review: CoreStreet scales digital certificates, 08/09/04

What’s the point of deploying a digital certificate infrastructure if you can’t readily check the status of certificates? That’s where CoreStreet’s Real Time Credentials comes in.

Fitting OCSP into your Certificate Infrastructure, 08/09/04

X.509 Digital certificates are used in a variety of security protocols to provide identity management.

Feature: Word up, 08/09/04

How do you set your spam filters to block key words when the Viagra mail has to get through?

Opinion: Controlling access to the network, 08/09/04

Understanding that there is no way we can be totally safe, what kind of options should we look at to make sure that only those who should be on our network are able to get on?

Opinion: Divergent views of e-voting, 08/09/04

Electronic voting machines scare the bejesus out of IT security experts, while the general populace finds them no more threatening than an automated teller machine.

Oracle lax in response to security flaws, 08/09/04

Oracle has acknowledged the existence of security holes in its database software and said it plans to issue a security alert soon. The U.K. security expert who found the holes criticized Oracle’s conduct, saying the company has sat on patches for about two months that would fix the holes.

Vendors shore up ID management tools, 08/09/04

Two single sign-on vendors are upgrading their products in an effort to meet the needs of corporate users warming up to identity management.

McAfee updates E-Business Server, 08/09/04

McAfee Monday said that it is releasing a new version of its E-Business Server data encryption software that it claims will make it easier for companies to encrypt data sent outside their networks, to business partners or remote offices.

Opinion: Our tax dollars, almost at work, 08/09/04

About a year and a half ago the U.S. government released the National Strategy to Protect Cyberspace. This report was mostly to get the Department of Homeland Security to organize, support and communicate responses to and protection from attacks on the U.S. cybertechnology infrastructure. Now the DHS Office of Inspector General has issued a report card on how DHS is doing that paints a mixed, but on the whole not very good, picture.

Check Point faces up to challenges, 08/09/04

You’d think Check Point might be hitting its peak given that network security has become the top priority for so many IT shops. But the firewall/VPN company actually is facing some of its stiffest challenges.

Weblog: User to Microsoft: No thanks, 08/06/04

Edward Mitchell reads a story in which Microsoft asks everybody to turn on Windows XP automatic updating for the upcoming…

Corporate America slow to adopt biometric technologies, 08/06/04

Biometric authentication technologies, which were expected to be widely adopted soon after the Sept.11 terrorist attacks in 2001, are still struggling to gain broad acceptance in corporate America.

Small security firm puts spotlight on big vendor bugs, 08/06/04

News earlier this week that Oracle was sitting on patches for 34 undisclosed vulnerabilities in its database software may have come as a surprise to some, but not to David Litchfield, the researcher who discovered the holes.

Newsletter: Data Encryption Standard no longer up for the job, 08/05/04

It’s the end of an era for one form of VPN encryption: the federal government says that simple Data Encryption Standard can no longer stand up against brute-force attacks.

Newsletter: Book details security analysis, 08/05/04

One of the textbooks I chose for Seminar 5 of Norwich University’s graduate program in information assurance is “Performing Security Analyses of Information Systems” by Charles L. Smith Sr.

Weblog: Know your enemy, 08/05/04

Read up on a plan for bypassing all those pesky firewalls, proxies and content filters you’re so busy running.

Security expert Q&A: The virus writers are winning, 08/04/04

Mikko Hyppönen has made a name for himself as a computer security expert in directing anti-virus research at Finland’s F-Secure, a $45 million company that regularly issues alerts warning of network threats. He spoke recently with Network World News Editor Bob Brown and Features Editor Neal Weinberg about the latest viruses and what enterprise network executives are up against.

Microsoft issues alert on CRM suite, 08/04/04

Microsoft has issued an alert about incompatibility issues in its customer relationship management suite caused by installing the Windows XP Service Pack 2.

Newsletter: How secure are your management systems?, 08/04/04

Most management systems today rely on agent technology that interacts with software on servers. So what would happen if malicious hackers targeted the agent or server software to gain access to the management system? Would they be able to do anything? See anything?

Newsletter: Linux systems are sealed tight, among Linux software developers anyway, 08/04/04

A recent survey of developers who use Linux-based machines found that viruses and hack attacks are very rare occurrences for this subset of the IT world.

Newsletter: CIRT Management: Beyond technical expertise, 08/03/04

In this installment of my continuing series on Computer Incident Response Team management, I’ll address the expertise needed for various functions in the CIRT and the attitude CIRT members should adopt when working with users.