• United States

Critical Netscape hole could be widespread

Aug 25, 20047 mins

Latest security news.

ISS: Critical Netscape hole could be widespread, 08/24/04

Internet Security Systems is warning its customers about a critical security hole in a commonly used technology from the Mozilla Foundation called the Netscape Network Security Services library that could make Web servers vulnerable to remote attack.

Colleges cram for test of new security plans, 08/23/04

Bushwhacked last fall by computer worms, network managers at U.S. colleges have taken steps to make sure it won’t happen again next month when the new academic year begins.

HP puts choke hold on virus throttling product, 08/24/04

After unveiling cutting-edge technology for choking off the spread of viruses in March, HP is quietly shelving the project, citing conflicts with Microsoft’s Windows operating system, a company executive said.

Deutsche Bank hit again by phishing attack, 08/25/04

Deutsche Bank AG late Tuesday was the target of a renewed phishing attack extending into Wednesday, after facing its first-ever reported assault last week, according to a bank spokesman.

Symantec offers patching help, 08/23/04

Symantec last week announced a patch management product that it says will let users more effectively stay on top of software vulnerabilities.

Opinion: Getting XP security updates without SP2, 08/23/04

Can we disable delivery of Windows XP Service Pack 2 through Automatic Updates and Windows Update without blocking the delivery of other critical security updates?

Review: Sourcefire’s RNA provides instant visibility into your network, 08/23/04

Sourcefire’s Real-time Network Awareness Sensor 2000 is like a magic eye that watches everything happening on your network.

Face-off: Companies should outsource their e-mail security, 08/23/04

Outsourced, or perimeter-based, message management services are designed to ensure the integrity and security of e-mail before it enters corporate network infrastructures, without scalability worries.

Face-off: Companies should not outsource their e-mail security, 08/23/04

Deciding to use a managed service rather than handling e-mail security in-house means leaving your organization vulnerable to threats that include policy violations, fraud, eavesdropping and intrusions.

Microsoft’s NAP partners eye first steps, 08/23/04

While there is much ballyhoo about the Microsoft initiative to protect networks from infected machines, customers looking to take advantage of the company’s Network Access Protection architecture will have to wait for its partners to step up before it becomes a broad security tool.

XP SP2 deployment is smooth – so far, 08/23/04

As Microsoft smooths out the ripples after last week’s big splash with Windows XP Service Pack 2, users say they found fewer problems than they expected, but some complain that late code changes and lingering compatibility issues will serve to refuel testing efforts and further delay full-scale deployments.

Anti-virus vendors adding spyware to target list, 08/23/04

Businesses that use anti-virus software to protect employee desktops now say they also want to eradicate spyware, a demand that’s prompting anti-virus vendors to plunge into spyware’s murky waters.

Weblog: Taking aim at spyware, 08/23/04

Businesses that rely on anti-virus software are also beginning to wonder if they should be buying anti-spyware software, too.

Proofpoint uses anti-spam product to find inside leaks, 08/23/04

Anti-spam vendor Proofpoint wants to take what it knows about keeping spam out of an organization and apply it to helping companies keep trade secrets, intellectual property and other sensitive information inside the corporate network.

Is security ripe for outsourcing? 08/23/04

Security demands for online applications such as e-commerce and Web services are prompting more corporate customers to hand off security functions – such as intrusion detection and firewalls – to outside service providers.

Oracle moves to monthly patching schedule, 08/20/04

Weeks after coming under criticism for sitting on patches for multiple holes in its database software, Oracle has announced that it is moving to a monthly patch release schedule.

New Download.Ject worm variant appears, 08/20/04

Users who have not yet installed the three out-of-cycle patches contained in Microsoft Corp.’s July 30 security bulletin MS04-25 now have another reason to do so immediately.

Newsletter: Juniper releases a light version of Instant Virtual Extranet, 08/19/04

Having made a run at the high-end user market, Secure Sockets Layer remote access vendor Juniper is making a play for the low-end.

Audio: Phishing attacks, 08/19/04

Phishing is its name and stealing your financial information is the game. The Anti-Phishing Working Group (APWG) hopes to squash the practice by educating the consumers and the companies targeted by phishers.

Weblog: Can you spot phish a mile away? 08/18/04

Prove it. Take MailFrontier’s phishing IQ test.

Newsletter: CIRT management: Tracking incidents, 08/19/04

In this installment of my continuing series on Computer Incident Response Team management, I’ll review a few principles and give some practical pointers for effective response to security breaches and other operational difficulties.  Today, I’ll focus on some of the advantages, requirements and tools for incident tracking.

Newsletter: Security suggestions, 08/19/04

While most security efforts focus on shoring up your company’s network perimeter to keep the bad guys out, strong policy also entails making sure your computing assets aren’t used to inflict harm on other companies or individuals.

HP moves network-scanning software into beta, 08/18/04

HP has moved its Active Counter Measures network security software into beta tests with a select group of European and North American customers in hopes of readying the product for a 2005 release, an HP executive said at the HP World conference here in Chicago Wednesday.

Researchers find holes in XP SP2, 08/18/04

Security researchers inspecting an update to Microsoft’s Windows XP found two software flaws that could allow virus writers and malicious hackers to sidestep new security features in the operating system.

SAP users warned of false support calls, 08/18/04

German business software vendor SAP issued a warning telling customers not to provide confidential information on the phone to people claiming to be company support staff.

Opinion: Microsoft: Cripple IE to protect your PC, 08/18/04

Microsoft is doing something unprecedented: It wants you to break one of Internet Explorer’s key features. Why? Because only by limiting the browser’s functionality can you be sure of stopping a sneaky – and dangerous – new breed of Internet virus.

Japanese bank taps RFID for document security, 08/18/04

NEC Tuesday said it has signed a contract with a Japanese bank for a radio frequency identification-based document management system.

Newsletter: Security-awareness programs can be imaginative and fun, 08/17/04

Keeping employees committed to information security is tough.  The fundamental problem is that the better our security, the less evidence we have to reinforce it.

BlackBerries vs. terrorism, 08/17/04

Long an indispensable gadget for businesspeople, the BlackBerry wireless handheld device from Research In Motion has been drafted into the United States’ war on terrorism.

Check Point blends VPN software with remote PC scanning tool, 08/17/04

Check Point is aiming to establish itself as the protector of the remote access PC with the integration of its SecureClient VPN software with the Integrity tool it acquired when it bought Zone Labs earlier this year.