Larry Seltzer

On February 10, Microsoft disclosed a dangerous vulnerability in all modern versions of Windows, along with a patch to fix it. Nine days may not seem like a long time, but every day that goes by without a real exploit is great news. /zimages/3/28571.gifClick here for Microsofts advisory and links to the patches) At the […]

A frequent pitch of the open-source movement—bordering on a cliche—is that closed-source companies, most famously Microsoft, are wrong in thinking that the unavailability of their source code will enhance the security of the product. The open-source advocates belittle this attitude as “security through obscurity,” and insist that the holes in the products will come out […]

“May you live in interesting times” goes the old curse. Times are interesting indeed in the world of computer security, especially this week. Every day brings another major worm or attack, maybe two, and the outlook looks even worse. The last few days have shown remarkable fertility among computer worms, as new variants of MyDoom […]

When your team fumbles the opening kickoff its tough to be psyched about the game. Thats what our security team—the new National Cyber Alert System—did last week. You may recall that, with MyDoom.A at its peak, the Department of Homeland Security announced a new security alert system. The system includes four security notification services, including […]

If youre the PC guy in the family or some other group, youve probably been asked this question: “At night should I turn my computer off?” Ever since normal people have had computers, this question has made the rounds with a variety of “expert” answers. The early versions presented a trade-off between power consumption and […]

A patch Microsoft Corp. released on Monday for a dangerous Internet Explorer vulnerability that lets attackers trick Internet users into visiting malicious sites doesnt completely fix the problem. The cumulative patch addresses, among other problems, a display bug likely to be used by phishing attacks. If the attacker uses a particular malformed URL syntax, only […]

The rapid spread of MyDoom.A was a pretty scary thing to witness. I knew that I had immediately recognized it as a worm when it showed up here, but still its scary when so many people out there get infected. Then MyDoom.B came out and I really got concerned, partly because of its evil practice […]

This Sunday, as American football fans await the Super Bowl broadcast, a slow-motion, digital wave will be building on the Internet, a result of the recent MyDoom worm attack. Following the worms dissection by security analysts, the world knows a distributed denial-of-service attack is coming, but theres little that can be done to stop it. […]

Microsoft Corp. has announced in a support document that it will be releasing a software update to Internet Explorer and Windows Explorer to disable the use of certain syntax in HTTP URLs. The syntax, designed to allow a username and password to be passed to a password-protected page, has a history of abuse. The company […]

According to monitoring systems run by Bath, England-based security consulting firm Netcraft, The SCO Groups Web site had been inaccessible since late Wednesday. SCO said on Tuesday that it had been hit with distributed denial-of-service attack and offered a reward for the arrest and conviction of the worms author. Netcrafts data showed several short-lived outages […]