Larry Seltzer

If youre a broadband user and you get a firewall, youll immediately notice that there are people probing your computers. Users on the really big broadband networks like Comcast are regularly scanned by hackers looking for low-hanging fruit, such as systems infected with NetBus or BackOrifice—and maybe even those of you violating your terms of […]

An analysis by security vulnerability research company NGS Software demonstrates that earlier reports and Microsofts Security Bulletin on what was apparently a vulnerability in IIS understated the depth of the problem. In fact, the problem is based in more fundamental functions of Windows 2000 and many other modes of attack, other than through WebDAV, are […]

Its been a heck of a week for security vulnerabilities. The most attention, deservedly so, went to another buffer overflow in Microsofts IIS Web server, but there were many more. The IIS hole was unusual in that, unlike most vulnerabilities, it appears to have been exploited before it was discovered and patched. Even worse, it […]

Microsoft has revised their security advisory about the vulnerability in IISs WebDAV function announced earlier this week. Some versions of Windows 2000 are incompatible with the patch, explaining reports of servers blue-screening in the field with a Stop 0x00000071. In the advisory expand the “Additional information about this patch” section for full details. SP2 systems […]

If you have a small network for your home or business it probably grew up from some small number of disconnected systems. You may have—and should have—security measures implemented at each client system and, I would hope, at any servers. But once you have a network connected to the Internet, its important to consider network-based […]

Very often well hear reports about a serious security vulnerability. We look into it, and theres a catch: In order to execute the attack, physical access to the computer is necessary. You can safely ignore these alleged vulnerabilities: Without physical security, no system is secure. If I can open the computer, I can remove the […]

Read carefully. As I say in my current column, just because a message appears superficially to come from a particular vendor or person doesnt mean it does in fact come from them. Thanks to the reader who send us an email that appeared to come from eBay customer service, announcing that (chuckle) “eBay & Hotmail […]

A new worm, distributed as a Windows .EXE file attachment to a mass email, is one of the first to involve Microsofts instant messenging programs in its exploit. Reports are somewhat in conflict on exactly what it does, but prevention and containment appear to be easy. The W32.Nicehello@mm worm shows up as a 99,328 byte […]

I recently designed, ran and wrote a review for PC Magazine of desktop antispam tools. I get a lot of spam and most of it is offensive in one way or another, but perhaps the most dangerous spam Ive seen over the last year is a wave of messages selling deep-discounted copies of Symantec utility […]

The Liberty Alliance Project announced that the Department of Defense and General Services Administration have joined as members of the project to develop standards for authentication and identity management. DoD and GSA are 2 of only a few government entities in the Liberty Project membership roster, but the value of authentication standards for governments are […]