Larry Seltzer

One of the problems I hear about all the time, from analysts and vendors alike, is that of rogue mobile clients. Youve got perimeter defenses on your corporate network worthy of the Maginot Line, but mobile users can still travel, connect to the Internet on the road, pick up a germ on their notebook and […]

In the wake of Microsofts release last week of a series of “cumulative” patches to address a large number of serious security issues, the security community is debating the merits of Microsofts approach. One patch, for example, coded MS04-011 by Microsoft, was rated “critical” by the company. Like all of the patches released the same […]

If you look carefully at messages containing spam and e-mail worms, you see some things that arent right. In almost every case, the addressing information that accompanies any such e-mail message is fraudulent. (For more information see “Heading Off Spam”.) This is an important characteristic of these messages—and a big part of what allows them […]

An unconfirmed report from the Internet Storm Center at The SANS Institute indicates the possibility of exploits circulating that target the vulnerabilities patched just last week by Microsoft Corp. The report, titled “Possible combined exploits of MS vulnerabilities,” says that there is no general outbreak but that the group is hearing rumors of “super” exploits […]

In a recent column, I looked at the proposed SPYBLOCK (Software Principles Yielding Better Levels of Consumer Knowledge) act in Congress and concluded that the initial drafting of the bill does a poor job of defining the activities it bans. I dont want to defend a bad definition of spyware, but in all fairness, I […]

Ive been a fan of shared hosting as a cost-efficient solution for most Web sites, but you pay a price for saving that money. Im not as much of a fan as I used to be. In a way, its like taking a bath with strangers. You probably save a lot of water, but you […]

Some time ago I observed that the volume of downloads for updating Windows was large and impractical for any dial-up user. Microsoft should, I suggested, issue a CD with the updates, or put ISO images on their site for others to download and burn. You all agreed. Not too long thereafter, Microsoft announced that it […]

An Israeli security researcher claims to have found security holes in the free online scanners of three major anti-virus companies. Rafel Ivgi, also known as “The Insider,” in posts to several security mailing lists, claims that Panda ActiveScan, McAfee FreeScan, and Symantec Virus Detection all suffer from buffer overflows that could allow an attacker to […]

RealNetworks Inc. has announced that a flaw in a component of many of its client systems could allow a remote attacker to execute arbitrary code on the users system. According to RealNetworks, this issue affects “RealPlayer 8, RealOne Player, RealOne Player v2 for Windows only (all languages), RealPlayer 10 Beta (English only) and ReaPlayer Enterprise […]

A new variant of the Sober worm, Sober.F, is spreading in Europe, and some anti-virus companies are raising their threat levels for the worm due to its success. Sober.F arrives in an e-mail sent by the worms own SMTP engine. According to F-Secures description of the worm, the incoming message can have any of a […]