Brian Prince

Apple has addressed a heap corruption vulnerability in its popular QuickTime media player. The flaw can be exploited remotely, and allows an attacker to execute arbitrary commands as the current user. Security researchers at VeriSigns iDefense Labs confirmed the vulnerability exists in version 7.1.3 of QuickTime on Windows, and previous versions are suspected to be […]

An old worm made headlines again this week when it infected servers at the Turner Broadcasting Systems network, highlighting the need for IT professionals to ensure their security features are current. The worm, known as W32/Delbot-N or W32.Rinbot.L, takes advantage of a vulnerability in Symantec software that was previously addressed by the company in May […]

Security expert Stefan Esser has declared war on vulnerabilities in the PHP core with the “Month of PHP Bugs.” PHP is an open-source HTML embedded scripting language used to create dynamic Web pages. The month-long effort is an attempt to improve the security of PHP, Esser said in a post on his Web site. It […]

March Madness may be a great time for college basketball fans, but it can be a nightmare for enterprises when it comes to network security. Earlier in 2007, Super Bowl fans logging on to the Dolphins Stadium site faced an unwelcome surprise—malicious code embedded in the header on the front page that when downloaded initiated […]

Data infrastructure management company dbaDIRECT has added MySQL to the list of platforms it supports as a strategic sourcing partner for enterprises. As global enterprises seek to aggressively manage the cost of data infrastructure, reliable options for low-cost database servers are becoming more available and mainstream, according to dbaDIRECT Chief Technical Officer Mark Vorholt. Vorholt […]

Sun Microsystems has issued an inoculation script for a worm exploiting a recently patched vulnerability in its Solaris 10 operating system. The worm exploits a flaw in Suns Telnet service that was uncovered earlier in February. The bug gives an attacker unauthorized remote access to the system by circumventing the log-in process. /zimages/4/28571.gifSuns CEO says […]

Exeros announced Feb. 27 that a new version of its automated data discovery solution, aimed at cutting the time and cost of finding and organizing business data, is slated for a formal release in March. DataMapper 3.0 automates the discovery of forgotten business rules and data lineage, hidden sensitive data, and unknown data inconsistencies so […]

Oracle announced Feb. 26 the general availability of Oracle Information Lifecycle Management Assistant, a free tool company officials contend will help users of Oracle Database 10g store and manage data in a more cost-efficient manner. “The reality is today organizations can no longer afford to use high-end storage for all the data in storage,” said […]

Trend Micro is looking to make life more difficult for spammers with a new version of its messaging security products and a new hosted service for enterprise customers. With InterScan Messaging Security Suite and InterScan Messaging Security Appliance, Tokyo-based Trend Micro is offering customers a tougher defense against spam by blocking spam at the network […]

IBM has patched some serious flaws affecting users of DB2 Universal Database version 9.1 that could be exploited locally by attackers. A vulnerability in several set-uid DB2 binaries allows a user to write to any file on the system through the use of symbolic links. In addition, local exploitation of another flaw could allow an […]