Larry Seltzer

Microsoft has issued a patch for a flaw in ISA (Internet Security and Acceleration) Server 2000 and Proxy Server 2.0. According to the advisory on the bug, it could allow an attacker to spoof trusted Internet content. Microsoft Small Business Server 2000 and 2003, both of which include ISA Server, are also affected. If a […]

One year after a vulnerability in the Wi-Fi Protected Access encryption algorithm was reported, a proof-of-concept program for the attack has been released. The attack affects only Wi-Fi networks using WPA in pre-shared key mode. It is a dictionary attack, meaning that it cycles through a list of words and combinations of words attempting to […]

A new phishing attack is utilizing a vulnerability in Internet Explorer, patched early this year, to hide its true source. /zimages/2/28571.gifA serious hole in IE opens PCs up for attacks. Click here to read more. The attack, called Citifraud.A by Panda Software, takes the form of a Web page or HTML e-mail. It has no […]

Many assume that malware programmers are good programmers, and this isnt hard to understand. Its sort of like being impressed with a magician who does something that shouldnt be possible. But its also like assuming that bullies must be good fighters. Closer analysis shows that many of them dont—or perhaps cant—do their job well. Malware […]

In its first use of a new policy on security-update disclosure, Microsoft on Wednesday announced that next weeks scheduled security updates for the month of November will consist of a single fix for ISA Server. The new Microsoft Security Bulletin Advance Notification is the first example of a new monthly practice the company announced Thursday. […]

Its easy for administrators and computing professionals to get frustrated with users for all kinds of reasons, but security has to be one of the biggest reasons these days. Lets consider the recent release of a malicious script for Mac OS X. This script itself is not really much of a threat because it has […]

A series of HTML-based exploits allow a malicious HTML programmer to direct a user to a different Web site than the one indicated in the users browser status line. Two separate but similar issues affect Internet Explorer. The first, reported by Benjamin Franz of Germany on the Bugtraq mailing list, involves an improper mixture of […]

Its only a little over a month since the collapse of the MARID working group and the apparent death of the Sender ID specification on which it had focused. But now, from the secret workings of Microsoft and Meng Wong (playing here the role of Victor von Frankenstein), a stitched-up version of the spec has […]

America Online Inc. will support a new, modified version of the Sender ID e-mail authentication specification that is being submitted to the IETF for consideration Monday. The Sender ID specification had been in limbo since the collapse of the MARID working group in September. A new version of Sender ID, modified to address concerned such […]

How long and complex should a password be? At what point is it effectively uncrackable? Time out: Look at that opening paragraph. Its 87 characters long, but it could be your password to your Windows system. Yes, even with the spaces in it. Technically, this has become known as a “passphrase.” Robert Hensing, a member […]