Larry Seltzer

It used to be exciting to read the new Web server share numbers from Netcraft every month. For a while there, Apache and Microsofts IIS (Internet Information Services) were really duking it out. But these days, the survey has a look of obsolescence. It looks like the market has hit an equilibrium, with Apache at […]

Symantec Corp.s Threat Analyst Team has discovered an exploit in the wild that utilizes the recently announced JPEG vulnerability in Microsoft Corp.s GDI+ library to install a new and sophisticated phishing system. eWEEK.com spoke with Oliver Friedrichs, senior manager of Symantec Security Response, who said the infected image is not able to attack a system […]

A new variant of the Bagle worm is showing more prevalence than usual, according to anti-virus companies. The new version is known by a variety of names: McAfee Inc. calls it Bagle.az, Trend Micro Inc. has dubbed it Bagle.AM and Symantec Corp. refers to it as Beagle.AR. All three companies have elevated the threat level […]

Just when mass-mailer worms are becoming an endemic but utterly preventable problem, a whole new wrinkle is developing. Mass-mailer worms based on the Microsoft GDI+ vulnerability will probably slip through most perimeter e-mail protection facilities. There is a client-side patch for Windows prior to XP Service Pack 2, which itself is not vulnerable, and there […]

Now that the Internet Engineering Task Forces MARID (MTA Authorization Records In DNS) standards process has collapsed—without even the hint of a consensus—its time to think about the future. Perhaps the best solution is to abandon the Tower of Babel that surrounds the current IP-based authentication systems and move straight to the next generation: a […]

Citing a lack of agreement on basic issues in the discussions of the working group, the IETF (Internet Engineering Task Force) has disbanded the MARID (MTA Authorization Records In DNS) working group. The group had been working to create a standard for mail authentication for the fight against spam, mail worms and other e-mail abuse. […]

Its easy to sympathize with the Federal Trade Commission on the spam issue. They have a tough job, and they have had the good sense to recognize that the infrastructure is not there for them to do everything Congress wants from them. But their recent call for bounties to be paid for informants against spammers […]

Microsoft has issued a formal fix for a problem in Windows XP Service Pack 2 that appeared almost immediately after the updates release. The problem, which affected many VPN users, causes errors when programs attempt to connect to loop-back addresses other than 127.0.0.1. Service Pack 2 blocks all such addresses; users receive an error message […]

A trio of security companies will announce a merger on Tuesday, forming Cybertrust, a new company that will offer security services worldwide. Cybertrust will be formed from risk management vendor TruSecure Corp., of Herndon, Va.; Betrusted Holdings Inc., a New York developer of identity management solutions; and Ubizen NV, a subsidiary of Betrusted based in […]

Microsofts efforts to jump on the SMTP authentication train have hit a new roadblock. The companys publication of a patent application has started a fresh controvery with the IETFs MARID working group, which is trying to formulate e-mail authentication standards. According to participants in the working group, the patent appears to cover technologies in the […]