Ryan Naraine

The Department of Homeland Security plans to spend $1.24 million over three years to fund an ambitious software auditing project aimed at beefing up the security and reliability of several widely deployed open-source products. The grant, called the Vulnerability Discovery and Remediation, Open Source Hardening Project, is part of a broad federal initiative to perform […]

Microsoft Corp. has shipped the first critical security update for Windows Vista, the next version of its flagship operating system. Over the weekend, the company released patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a […]

Symantec Corp. has admitted to using a rootkit-type feature in Norton SystemWorks that could provide the perfect hiding place for attackers to place malicious files on computers. The anti-virus vendor acknowledged that it was hiding a directory from Windows APIs as a feature to stop customers from accidentally deleting files but, prompted by warnings from […]

The U.S. governments Department of Homeland Security plans to spend $1.24 million over three years to fund an ambitious software auditing project aimed at beefing up the security and reliability of several widely deployed open-source products. The grant, called the “Vulnerability Discovery and Remediation Open Source Hardening Project,” is part of a broad federal initiative […]

Anti-virus security vendor McAfee Inc. announced Tuesday the sudden departure of its president, Gene Hodges. Hodges, an 11-year McAfee veteran who was responsible for the companys technology development, strategy and execution worldwide, has resigned to take the reins of access control vendor Websense Inc. McAfee did not identify a replacement for Hodges. In a brief […]

Apple Computer Inc.s flagship QuickTime media player has received a security-centric makeover to plug several code execution vulnerabilities. The release of QuickTime 7.0.4 comes months after researchers warned that attackers could rig QuickTime files to execute arbitrary code on Windows and Mac machines. In all, the update provides patches for five different buffer overflow vulnerabilities […]

Microsoft Corp. on Tuesday released two security bulletins to fix “critical” flaws in several widely deployed products, including one that presents a remote unauthenticated attack vector that could leave corporate e-mail servers open to a destructive network worm attack. A company spokesperson flagged MS06-003 as the most serious issue, warning that a bug in the […]

Microsoft Corp. on Tuesday announced a slight tweak to its software support life cycle to give customers an extra few weeks to get security patches that may be in the pipeline. The change applies to all Microsoft products—enterprise and consumer—and immediately affects users of Microsoft Exchange Server 5.5. /zimages/3/28571.gifClick here to read about Microsofts emergency […]

Microsoft Corp.s Windows image rendering nightmare just wont go away. Just days after rushing out an emergency fix to counter a spate of zero-day attacks, security researchers claim there are at least two new flaws in the way the Windows graphics rendering engine handles WMF (Windows Metafile) images. The latest warning was posted to the […]

Communications equipment vendor Avaya Inc. on Monday warned that several products that run on top of Microsoft Corp.s Windows 2000 operating system are vulnerable to the code execution bug in WMF (Windows Metafile). In a public alert, Avaya, based in Basking Ridge, N.J., said the bug affects users of three enterprise-facing system products. The company […]