Dennis Fisher

Microsoft Corp.s vulnerability-handling plan is a good start but may end up being insufficient as the specter of government regulation of Internet security looms, according to security experts. As IT security administrators and CIOs were absorbing the details of Microsofts plan last week (see “Cracking Down on Hackers”), the U.S. House Committee on Energy and […]

IBM on Monday announced a broad expansion of its security consulting practice, including a partnership with Kroll Inc. for physical security assessments and protection. Among the new offerings from IBM Global Services are enhanced intrusion detection and vulnerability assessments, security policy assessments, managed firewall services, and VPN and authentication services. IBM, of Armonk, N.Y., is […]

John Ryan, who resigned abruptly as CEO of Entrust Inc. earlier this year, took over the same post at ZixIt Corp. on Thursday. Ryan replaces David Cook, ZixIts founder and the former president and CEO of the Dallas company. Ryan will also assume the title of chairman, which was formerly held by Jeff Papows. Both […]

Security researchers have identified a serious vulnerability in the Common Desktop Environment GUI used by many Unix systems that could enable a remote attacker to gain root privileges on a target machine. The flaw is a buffer overflow in the subprocess control server, which is typically started by the Internet service daemon when the CDE […]

Palm Inc. on Monday announced that it has chosen RSA Security Inc. to provide the encryption and other security software for future versions of the Palm OS. Palm will use RSAs BSAFE encryption software to protect transactions made using Palm devices. The deal is an important one for RSA, of Bedford, Mass., which has fallen […]

MOUNTAIN VIEW, Calif.–Claiming that the wanton posting of security information online is empowering hackers and hurting consumers, Microsoft Corp. is crafting a plan that would restrict the number of people privy to security vulnerability data. Under the terms of the proposal circulated, which began as an online essay by Microsoft Security Response Center Manager Scott […]

A newly discovered flaw in the way that Internet Explorer handles Web site cookies could enable an attacker to view and edit a users personal data contained in the cookies. The vulnerability affects all versions of IE, but is mitigated by several factors, according to a bulletin released Thursday by Microsoft Corp. Under normal operation, […]

SAN FRANCISCO — A former government lawyer on Wednesday said some federal regulation of computer security is inevitable if vendors and security researchers dont do a better job of policing themselves. That prospect is a frightening one for vendors and security experts who remember the battles in the late 1980s and 1990s over governmental regulation […]

MOUNTAIN VIEW, Calif.–Microsoft Corp. on Tuesday outlined a broad framework for building trust in software that company officials hope will help improve the security and privacy of the worlds computer systems. The plan, a comprehensive initiative conceived by Microsoft as a way to assess the security and privacy features of computer systems, was unveiled by […]

Traditionally, managed security offerings have amounted to little more than a managed firewall or VPN. But as companies in all industries demand a wider variety of more useful and innovative services as a way to cut costs and improve security, outsourcers are beginning to respond. Vendors such as Foundstone Inc., Aventail Corp. and Ubizen Inc. […]