Larry Seltzer

Like a lot of you, friends and relatives are always asking me to fix something on their computers. Inevitably, when I get to the thing and start working on it, I do a little bit of cleaning up before I get to the actual problem. Windows is like this. If you dont make a point […]

Most security vulnerabilities are software bugs—in the strict sense of the word. And most of these bugs would be considered innocuous, perhaps in an environment where people arent trying to break the program. But then, we come to the Internet. The most famous class of such bugs is the buffer overflow, by now the kind […]

I must confess that for the most part I find mail worms boring. With few exceptions they all seem the same to me. Several worms and trojans and all that sort of attack are released every day, although you dont hear much about most of them. The news about the famous ones is usually so […]

Probably the single biggest news out of last weeks RSA conference was Microsofts announcement of its Caller ID for E-Mail standard. Caller ID may be the third of the three major proposals that have been announced, but now that Microsoft has put its cards on the table, a great experiment will begin. Over the next […]

The rapid spreading of several variations on recent mass-mailing worms that were released to the Internet over the weekend has caused security companies to raise their alert status levels. /zimages/1/28571.gifRead “Virus Outbreak: More E-Mail Worms Are Set Loose.” Five variations of the Bagle worm (also known as Beagle) are among them. Bagle.C arrived Friday night, […]

Security analysts on Friday reported that versions of the popular ZIP file management program WinZip have a serious security flaw. According to security intelligence firm iDefense Inc., an error in the parameter parsing code in these versions “allows remote attackers to execute arbitrary code.” The attacker would have to construct a specially designed MIME archive […]

A series of new worms spread on the Internet on Wednesday, spreading through conventional e-mail methods. The new versions have escalated their attacks and destructiveness. On the prowl is MyDoom.F worm, which began action on Monday. It is the latest version one of most successful worms on record; earlier MyDoom variants in January launched a […]

Microsoft Chairman Bill Gates on Tuesday announced a proposed open standard to deter e-mail spoofing, a k a caller ID for e-mail. Microsofts proposal pitched to the security experts at the RSA Conference falls right in line with the emerging industry consensus that changes must be made to the e-mail infrastructure in order to make […]

The usually simmering open source vs. closed source debate boiled over recently following the leak of Windows source code on the Internet. And it boiled over here too. Some 95 percent of the response to my column on the Windows source code leak and what it might indicate about the value of closed-source code as […]

Security vendor Zone Labs has disclosed that several versions of its personal-firewall products are vulnerable to a buffer-overflow attack that could compromise the system. ZoneAlarm, ZoneAlarm Plus and ZoneAlarm Pro 4.0.0 versions; ZoneAlarm Pro 4.5.0; as well as Zone Labs Integrity Client 4.0.0 are vulnerable, the company said. Versions earlier than 4.0.0 are not. ZoneAlarm […]