Date: 08/27/07 (Security)    Keywords: browser, security

A study by the non-profit Honeynet Project has come up with a strange answer to the Firefox versus Internet Explorer security question.During the experiment, conducted in May 2007, the group compared three browsers -- Internet Explorer 6 SP2, Firefox 1.5.0 and Opera 8.0.0 -- to determine whether using an alternative...

Source: http://blogs.zdnet.com/security/?p=474

Date: 08/30/07 (Java Web)    Keywords: security, microsoft

Vista Service Pack 1 is likely to be released to manufacturing in the first quarter of 2008, will not be as significant a feature release as Windows XP Service Pack 2. It will roll up many of the incremental performance and security updates Microsoft has been making since last November. “SP1 will contain changes focused on [...]

Source: http://blog.taragana.com/index.php/archive/windows-vista-service-pack-1-in-q1-2008/

Date: 08/31/07 (Security)    Keywords: security

In one form or another I have heard this question posed hundreds of times. It is always an expression of frustration on the part of some IT security practitioner. This time the question was posed to an IDC analyst at an event I attended this week in Zurich. The...

Source: http://blogs.zdnet.com/threatchaos/?p=471

Date: 09/04/07 (Security)    Keywords: browser, security, web

Mozilla has not quite fixed the security hiccups with URI protocol handling in Firefox. According to Billy Rios and Nate McFeters, the two security researchers behind the exposure of protocol abuse in popular Web browsers, Firefox is still vulnerable to a remote command injection flaw that...

Source: http://blogs.zdnet.com/security/?p=489

Date: 09/06/07 (Security)    Keywords: software, security

Apple today shipped an iTunes software refresh to add support for all its shiny new toys but, unless you're following security announcements closely, you'd never know that iTunes 7.4 contains a fix for a pretty nasty code execution vulnerability. Here's what Mac users see: ...

Source: http://blogs.zdnet.com/security/?p=496

Date: 09/06/07 (Security)    Keywords: software, security

RSA president says his division of data storage giant is working on products for virtualization software of recent IPO standout. EMC is working on security products that would work with VMware software, EMC Executive Vice President Arthur Coviello said Thursday. Coviello, who is president of EMC's RSA security business, said...

Source: http://news.zdnet.com/2110-1009_22-6206454.html

Date: 09/07/07 (Security)    Keywords: security

Congress recently revised the USA Patriot Act to allow the FBI to use "national security letters" to compel companies - including Internet service providers and telecom companies - to produce customer records -- and forbid them from telling customers or anyone else about it. The law also severely limited the...

Source: http://government.zdnet.com/?p=3389

Date: 09/06/07 (Security)    Keywords: software, security

RSA president says his division of data storage giant is working on products for virtualization software of recent IPO standout. EMC is working on security products that would work with VMware software, EMC Executive Vice President Arthur Coviello said Thursday. Coviello, who is president of EMC's RSA security business, said...

Source: http://news.zdnet.com/2100-1009_22-6206454.html

Date: 09/09/07 (Java Web)    Keywords: php, security, linux

I was looking for the wiki of a popular Linux based firewall site. The main url was 404, so I went up one level hoping to find a new url. Suddenly I had a directory listing with interesting files and a link to phpMyAdmin. Wondering how a firewall site maintains its own security, I clicked [...]

Source: http://blog.taragana.com/index.php/archive/firewall-site-exposes-sensitive-data-through-phpmyadmin/

Date: 09/13/07 (Security)    Keywords: security, microsoft

Microsoft instant-messaging users who aren't yet running version 8.1 (or higher) of Windows Live Messenger, take note: Your days are numbered. As reported by LiveSide.net, some time in the next few weeks, Microsoft is going to require all Messenger users to upgrade, in the name of security....

Source: http://blogs.zdnet.com/microsoft/?p=714

Date: 09/14/07 (Security)    Keywords: software, security, virus, antivirus

Customers are getting more demanding, while security market is seeing a gradual consolidation around fewer players. Spending on security software across Europe is expected to top 2.4 billion euros ($3.3 billion) this year, with antivirus software continuing to form the largest slice of the pie. Antivirus software will account...

Source: http://news.zdnet.com/2100-1009_22-6207989.html

Date: 09/17/07 (Security)    Keywords: software, security

Company has started sharing some APIs with security vendors, in a bid to create better ways of securing virtual machines. Virtualization vendor VMware has quietly begun sharing some of its software secrets with the IT security industry under an unannounced plan to create better ways of securing virtual machines. ...

Source: http://news.zdnet.com/2100-3513_22-6208354.html

Date: 09/18/07 (Security)    Keywords: software, security, google

Google's security team has released a fuzz testing tool that was used internally to find multiple vulnerabilities in Internet-critical software products. The fuzzer, called Flayer, is an analysis and flow alteration tool that has been used to find errors in real software. In the past...

Source: http://blogs.zdnet.com/security/?p=517

Date: 09/18/07 (Security)    Keywords: technology, security

The eHealth Vulnerability study released today sounds self-serving, but does make clear that health IT is something of a technology backwater where security and patching has yet to catch up with supply or demand. The group represents existing players in health care, security and IT, rather than the groups...

Source: http://healthcare.zdnet.com/?p=272

Date: 09/18/07 (Security)    Keywords: technology, security

A pair of security surveys were released Tuesday and the findings aren't pretty. First up, the Computing Technology Industry Association (CompTIA) released a survey on information security breaches. Among the findings: Among companies that reported a security breach in the last year, the...

Source: http://blogs.zdnet.com/BTL/?p=6300

Date: 09/20/07 (Security)    Keywords: software, security

Virtualization software specialist VMware has shipped a batch of "critical" security updates to cover gaping holes in a wide range of its server and workstation products. An advisory from VMware lists a total of 20 different vulnerabilities affecting all supported versions of VMware ESX Server, VMware Server,...

Source: http://blogs.zdnet.com/security/?p=526

Date: 09/21/07 (Security)    Keywords: software, security, microsoft

The Fall edition of Microsoft's Blue Hat hacker summit will kick off next week with a heavy focus on piercing the security veil of virtualization and process isolation. At Blue Hat v6, scheduled for September 27-28 in Redmond, external security researchers and internal Microsoft software engineers...

Source: http://blogs.zdnet.com/security/?p=532

Date: 09/21/07 (Security)    Keywords: technology, security

Executive offers advice on how to combat growing security threats linked to use of Bluetooth-equipped devices. With Bluetooth wireless features fast becoming commonplace on mobile devices, users need to be aware of the security vulnerabilities linked to the technology, said a Symantec executive. A study by research...

Source: http://news.zdnet.com/2100-1009_22-6209361.html

Date: 09/21/07 (Security)    Keywords: technology, security

Technology to help tackle problem of data loss from corporate mobile devices, but the tools won't exist until 2012, Gartner says. LONDON--Virtualization will be a key technology to help companies beef up security on corporate mobile devices, Gartner says. The technology is predicted to be used to...

Source: http://news.zdnet.com/2100-1009_22-6209332.html

Date: 09/24/07 (Security)    Keywords: security, web

Unisys is under fire over data breaches at the Department of Homeland Security. Unisys maintains that it did nothing wrong. On Monday, the Washington Post reported that the FBI is investigating Unisys after it allegedly failed to detect data breaches linked to a Chinese-language Web site. To make...

Source: http://blogs.zdnet.com/BTL/?p=6360