Date: 05/12/05 (Open Source)    Keywords: security, linux, microsoft

Security may be one of the biggest challenges facing the open source enterprise.When I say enterprise, of course, I mean enterprise -- hundreds of servers, thousands of desktops, and truly heterogenous environments.Because of Microsoft's desktop dominance it has made important early moves. (And let's not get into how much more secure Linux is than Windows. Patches [...]

Source: http://blogs.zdnet.com/open-source/?p=269&part=rss&tag=feed&subj=zdblog

Date: 05/16/05 (Security)    Keywords: security

Security company faces a licensing pinch. Will a wave of new products catch customers' eyes?

Source: http://news.zdnet.com/Check+Point+on+the+defensive/2100-1009_22-5706855.html?part=rss&tag=feed&subj=zdnn

Date: 05/16/05 (Security)    Keywords: security

An attacker could take advantage of hyperthreading timing in the chip to sniff out passwords, a security researcher warns.

Source: http://news.zdnet.com/Pentium+4+loophole+could+let+in+hackers/2100-1009_22-5708868.html?part=rss&tag=feed&subj=zdnn

Date: 05/16/05 (Security)    Keywords: security

Legislation on Social Security numbers will likely be enacted this year due to string of security snafus.

Source: http://news.zdnet.com/Kiss+your+old+SSN+goodbye/2100-1009_22-5708776.html?part=rss&tag=feed&subj=zdnn

Date: 05/17/05 (Security)    Keywords: security

Congress may try to fix the turnover in cybersecurity leaders by giving the position more weight.

Source: http://news.zdnet.com/Feds+eye+new+cybersecurity+post/2100-1009_22-5709312.html?part=rss&tag=feed&subj=zdnn

Date: 05/17/05 (Asp Dot Net)    Keywords: asp, security

I have an encrypted token that I would like to send from one server to another.
I create the encrypted token, and when I try to pass it to another server, it says access denied. I have checked all security settings imaginable, added the aspnet account, gave it full control, etc.

I have this working for an asp project.
The only catch I can think of is on my receiveToken page, I am not using server-side code. I am decrypting the token with vbscript on the .aspx page, and do not even have a code-behind page specified. However it is failing before it runs any of my script so I doubt this would be affecting it... I am not sure.

Any suggestions on why I am not being granted access would be much appreciated.
Thanks.

Source: http://www.livejournal.com/community/aspdotnet/34238.html

Date: 05/18/05 (Open Source)    Keywords: security

Time for me to play devil's advocate again.The Schneier Wave graph to the right may be the most famous diagram in computer security. It's named for Bruce Schneier of Counterpane, a leading computer security expert. As Schneier explained back in 2001, vulnerability to a security bug is highest between the moment the problem is revealed [...]

Source: http://blogs.zdnet.com/open-source/?p=280&part=rss&tag=feed&subj=zdblog

Date: 05/19/05 (Security)    Keywords: software, security

Responding to an alert by a French security company about a Windows flaw, software giant says it already fixed the issue.

Source: http://news.zdnet.com/Microsoft+downplays+Windows+flaw+severity/2100-1009_22-5712820.html?part=rss&tag=feed&subj=zdnn

Date: 05/19/05 (Open Source)    Keywords: security, linux, microsoft

In his latest entry, Dana asks whether the Linux process is insecure, because it's not possible to warn the "vendor" before warning the general public about security flaws in Linux. He also notes that "Microsoft has theoretical control of this situation." There are several problems with this line of reasoning. I'm not [...]

Source: http://blogs.zdnet.com/open-source/?p=281&part=rss&tag=feed&subj=zdblog

Date: 05/20/05 (C Sharp)    Keywords: database, asp, security, web, microsoft

Hello All!
I need to have access to certificate services database from the c# web application. Approach described in msdn lib(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/viewing_the_certificate_services_database.asp) does not seem to work. Or maybe i can't understand what the realy mean...
certadm.dll doesn't provide class implementation for IEnumCERTVIEWROW, IEnumCERTVIEWATTRIBUTE and IEnumCERTVIEWEXTENTION. Interface is an abstract entity as far as i know. (Unfortunately i don't know much...) So, how can one (as "ICertView::OpenView creates a IEnumCERTVIEWROW object") create an instance of an interface object with no corresponding class?
One version of my code looks something like this:

CERTADMINLib.IEnumCERTVIEWROW cvr;
CERTADMINLib.IEnumCERTVIEWATTRIBUTE cva;
CERTADMINLib.CCertViewClass CertView = new CERTADMINLib.CCertViewClass();
CertView.OpenConnection("pcitis31.cert.cern\\CERTSubCA");
CertView.SetTable(0);
CertView.SetResultColumnCount(-2);
cvr = CertView.OpenView();
cva = cvr.EnumCertViewAttribute(0); //-here i get COMException with 0x8000ffff code (Catastrophic failure)

Am i missing something, or am i absolutely on the wrong way?

Examples shown in msdn are quite similar(but in vb):

ex.1
' Declare the IEnumCERTVIEWROW object variable.
Dim objRow As IEnumCERTVIEWROW

' Instantiate the row object.
Set objRow = objView.OpenView

' Use the object as needed.
' When done processing, free the object.
Set objRow = Nothing

ex.2
' Initialize an IEnumCERTVIEWCOLUMN object.
Dim objCol As IEnumCERTVIEWCOLUMN
Set objCol = objRow.EnumCertViewColumn()
' Use objCol as needed.
' ...
' Free objCol when done.
Set objCol = Nothing

Any help, ideas are very much appreciated!

Thanks in advance!

Source: http://www.livejournal.com/community/csharp/29256.html

Date: 05/20/05 (Security)    Keywords: security

Company is attempting to simplify security for small companies that lack IT resources or knowledge.

Source: http://news.zdnet.com/HP+muscles+in+on+small-business+security/2100-1009_22-5715043.html?part=rss&tag=feed&subj=zdnn

Date: 05/20/05 (Open Source)    Keywords: security, linux

Here is a question that lies beyond the normal Linux vs. Windows arguments we make here, but whose answer should concern even Linux users.Where should security live?The facile answer is everywhere. Professional network security managers tend to want to scan at the edges of their networks, and centralize patch management. We amateurs tend to leave [...]

Source: http://blogs.zdnet.com/open-source/?p=285&part=rss&tag=feed&subj=zdblog

Date: 05/21/05 (Security)    Keywords: security

Concerns about a potentially serious security issue in Tiger persist despite an OS update from Apple earlier this week.

Source: http://news.zdnet.com/Widget+security+worries+dog+Apple/2100-1009_22-5715752.html?part=rss&tag=feed&subj=zdnn

Date: 05/23/05 (Open Source)    Keywords: security, linux, microsoft

Everyone knows that Microsoft has a new anti-Linux strategy. Everyone knows it's based on promises of security. What everyone doesn't know is how well it's working. And it's working better than open source advocates want to admit. Munir Kotadia of ZDNet Australia recently used interviews to diss Microsoft's latest effort in this area, a Wipro-produced survey [...]

Source: http://blogs.zdnet.com/open-source/?p=289&part=rss&tag=feed&subj=zdblog

Date: 05/23/05 (Java Web)    Keywords: software, security, web

Offering Web Services is a potential path for solution providers away from dependence on commodity hardware and software products. With a loose definition of web services, solution providers surveyed said they felt that Web services are a major priority to businesses of all sizes. Only security edged out Web services for the No. 1 spot. The [...]

Source: http://blog.taragana.com/index.php/archive/web-services-offer-growing-profit-potential/

Date: 05/23/05 (Security)    Keywords: security

Jesper Johansson says the security industry has been giving out the wrong advice on passwords for 20 years.

Source: http://news.zdnet.com/Microsoft+security+guru%3A+Jot+down+your+passwords/2100-1009_22-5716590.html?part=rss&tag=feed&subj=zdnn

Date: 05/24/05 (Security)    Keywords: security, spyware

A Redmond security guru also says spyware could be responsible for up to one-third of all Windows crashes.

Source: http://news.zdnet.com/Microsoft%3A+SP2+makes+Windows+15+times+safer/2100-1009_22-5718630.html?part=rss&tag=feed&subj=zdnn

Date: 05/25/05 (Security)    Keywords: security

A security hole in Internet protocol affects a range of Cisco products, but the company says it has a patch.

Source: http://news.zdnet.com/Cisco+targets+Net+phone+software+flaw/2100-1009_22-5719098.html?part=rss&tag=feed&subj=zdnn

Date: 05/25/05 (Open Source)    Keywords: security, microsoft

If Microsoft pulls it off, they'll have set a new standard in the black art of succeeding through failure because, of course, those people wouldn't be needed if Microsoft built reasonable security into their systems

Source: http://blogs.zdnet.com/open-source/?p=293&part=rss&tag=feed&subj=zdblog

Date: 05/25/05 (Security)    Keywords: security

Companies that offer outsourced enterprise security are overcoming preconceptions and winning over some skeptics.

Source: http://news.zdnet.com/Doors+opening+for+outsourced+security/2100-1009_22-5719012.html?part=rss&tag=feed&subj=zdnn