Larry Seltzer

I remember roughly when Windows 2000 “went gold”—when Microsoft finalized the shipping code for the product. It was mid-December 1999, and the product officially “shipped” in February 2000. I was writing part of a Windows 2000 book so I had early access. Five years ago is a long, long time in this day and age, […]

Malware authors on Christmas day left dubious “gift” packages in e-mailboxes across the Internet. Fresh attacks, which took advantage of old Internet Explorer bugs, as well as new versions of the Santy worm fouled the holidays for some Windows users and PHP server admins. A posting on the Full Disclosure mailing list described a new […]

Sometimes writing about security is just too easy. Making predictions about next year is like this in some ways. Lets pick some of the low-hanging fruit early. Even though most spam-tracking companies show that spam already comprises 75 percent or more of all e-mail, that proportion will go up in 2005. We are approaching the […]

Every now and then a real jewel comes out of the blogosphere. You hear about it when it happens, because everyone else links to it in their own blogs. I did this recently, linking to a blog entry by Peter Torr of Microsoft. Audacity sells, and Torr had the audacity to entitle his piece “How […]

Internet security research firm iDefense has announced a series of vulnerabilities and patches for a variety of Unix- and Linux-based products. A stack-based buffer overflow was revealed in version 3.00 of Xpdf, a popular viewer for reading PDF files, usually created by Adobe Acrobat. “Remote exploitation of a buffer overflow vulnerability in the xpdf PDF […]

It sure caught me by surprise. After Microsofts early warning indicated that the five vulnerability disclosures this week would be no more than “Important”—as opposed to “Critical”—I figured no biggie, I went out for the day. Well, if this is what Microsoft doesnt call “Critical” then their standards have changed. MS04-045—known far and wide as […]

Encryption has been an important feature of many Internet protocols for some time now. Transfers between mail servers havent historically been protected, but there is a protocol available to encrypt them, and everyone should now look to implement it. TLS (Transport Layer Security) is easy to use. Of course, how easy it is depends on […]

So Roger Thompson thinks that spyware is the next great menace to computer users? Not surprising since hes been in the business of fighting spyware for a while, much longer than most of the security software establishment. Thompson was vice president of product development at PestPatrol when CA bought that company just a few months […]

Microsoft Corp. has made available for download the first release candidate of a major security update to Windows Server 2003. The 316MB download contains many of the changes that Windows XP Service Pack 2 brought to that operating system against buffer overflows and other common attacks, including specific support for “no execute” processors. /zimages/3/28571.gifHow has […]

When I look back at all the major bad security news in 2004, I wonder how the worlds computing infrastructure still manages to get up in the morning. It looks a lot worse in retrospect than it felt while it was going on. Year of the worm The year began with several new and successful […]