Larry Seltzer

One of the famous arguments for open-source software, made in “The Cathedral and the Bazaar” by Eric S. Raymond, is, “Given enough eyeballs, all bugs are shallow.” The point is that open-source projects will have more people working on them and looking at the code, and therefore the chances that bugs will be recognized are […]

A series of recently announced security flaws open Linux and related technologies to attacks ranging from denials of service and local exploits to the potential for remote system compromise. Senior Linux developer Alan Cox announced a set of “race conditions” in the Linux kernel that were fixed in Version 2.6.9. The problems are in the […]

A security researcher has discovered a new exploit for Microsoft Corp.s Windows XP Service Pack 2 that allows programs to be planted and executed on fully-patched systems. The researcher, known as http-equiv and operator of the malware.com Web site, discovered a weakness in the local security zone of Internet Explorer which, through the use of […]

An anonymous researcher has reported through several sources that anti-virus products from six vendors fail to detect malware when it is contained in a corrupted Zip file. The modification to the Zip file prevents the anti-virus programs from detecting files in it, but it doesnt prevent users from accessing those files, according to an advisory […]

Searching a Windows system has always been harder than it should be. Windows has come with an indexing service for a while to facilitate searching, but it and the search are second-rate. Google must have thought it a natural to bring its highly regarded search technology to the desktop. The company also should have counted […]

I was actually unavailable Tuesday at 1:30 p.m. Eastern time, when Microsofts October patches began to release. It was a bad day to be out. The company set a new record with 10 advisories listing dozens of vulnerabilities. I looked them over to separate the ho-hum stuff from the real killers. The first advisory, MS04-029, […]

I sat up and took notice when Microsoft released not one, but two interim fixes to an announced flaw in ASP.Net, and released them fairly quickly. This is not SOP in Microsoft Land. The original report actually came out weeks ago and somehow flew under the radar until just the last few days. To be […]

In the beginning, there were pictures of women on the Internet, and they were without clothing. And the industry created content-filtering software to protect children from the images, and it was good. Not great, but pretty good. Youd think there would have been major technological advances in the content-filtering industry since its genesis back in […]

Next Generation Security Software has reported multiple vulnerabilities in IBM DB2 Universal Database. Twenty vulnerabilities were reported and designated as “critical” by Next Generation Security Software Ltd. Most are buffer overflows, which often can lead to the execution of attack code. But NGS is delaying release of details of the vulnerabilities until Jan. 5, to […]

RealNetworks Inc. has patched security vulnerabilities in several versions of the RealPlayer client software. According to an advisory on the companys Web site, the patches address three vulnerabilities in RealPlayer and the RealOne Player for Windows, Mac and Linux. RealNetworks recommends that users apply the updates through links on the advisory page. Real clients for […]