Larry Seltzer

At first glance, Microsofts August vulnerability and patch set seemed like a real killer set of vulnerabilities. One of them in particular, MS05-039 (Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege), caught attention as a “wormable” hole. Network-wormable vulnerabilities are the worst kind. They allow an attack to take […]

Thanks, Wolf. Theres nothing to raise awareness of a computer threat quite like a news flash on CNN. Heres the follow-up story: CNN Network Admins Betray Incompetence At Security. Deadlines! If only my column were due on Wednesday rather than Tuesday I might have written a different one than the yesterdays, where I dismiss Microsofts […]

The first one I noticed was AOL which began offering McAfee-based security products to its users. Ive always had the impression that most ISPs just try to get along doing as little as possible for the money you spend on them, but AOL really does a lot of work trying to secure its heavily attacked […]

A ruling against Fortinet by the US International Trade Commission has triggered a silent crisis in the network anti-virus market. The number of products that potentially infringe in the same way as Fortinet is very large. The ruling finds that Fortinets products violate a Trend Micro patent and may not be imported to the United […]

Businesses, or at least the larger ones, have an easy time spending the time and money to implement some sort disaster recovery scheme. Consumers are a completely different matter. So what is a disaster? It could be a fire, it could be a hard disk crash, the computer could fall off the table, or it […]

Theres general agreement among security researchers that disclosure of security vulnerabilities is a good thing. There isnt, however, agreement in the industry as to what full disclosure is and what the best practices are. Some say that immediate and complete disclosure of all details, including exploit code, is the best thing. I hope most people […]

For several years, especially since Windows XP Service Pack 2, Microsoft has been tightening security in Windows and Internet Explorer. Its hard to see at times, but I do think they have been making progress. Nevertheless, with a completely new version of Windows, Microsoft has the opportunity to do some radical things that should help […]

A mysterious security research group is reporting that they have found several serious vulnerabilities in the ClamAV open source antivirus program. According to the advisory, the vulnerabilities are heap overflows in the processing of certain file formats, specifically TNEF, CHM and FSG. Because of the nature of the server, which is typically used to scan […]

I was a little surprised when Microsoft started reclassifying adware programs in its anti-spyware software to less severe levels. But I was downright curious when Sunbelt Software started to do the same. A controversy erupted over the weekend when Sunbelt reclassified some programs from notorious adware vendor WhenU to a less severe rating of “low” […]

It doesnt seem right to say that the entry of Microsoft should bring respectability to an eminently respectable market like managed secure e-mail hosting, but a lot of people are arguing that Microsofts planned acquisition of FrontBridge will do just that. Ive always been a fan of the hosted mail-security model, and plenty of respectable […]