Ryan Naraine

The open-source PHP Group has shipped a new version of the general-purpose scripting language to fix several potentially serious security vulnerabilities. The flaws addressed in the PHP 4.4.1 update are rated “moderately critical” by security alerts aggregator Secunia Inc. In a notice to users, the PHP Development Team said the patch corrects seven flaws and […]

Apple Computer Inc. late Monday shipped a security update to patch five Mac OS X security flaws and warned that the most dangerous bug could be exploited to bypass security restrictions. In an advisory, Apple urged users to upgrade to Mac OS X 10.4.3 (client and server) to protect against security bypass and system exposure […]

The sudden appearance of a rootkit file in a spyware-laden IM worm attack has set off new fears that malicious hackers are sophisticated enough to launch a fully automated worm attack against instant messaging networks. In the most recent attack aimed at users of America Online Inc.s AIM network, the “lockx.exe” rootkit file was bundled […]

Its being called the “story of a dumb patch.” A private security research firm has published an advisory with details on a fundamental mistake made by Microsoft Corp. that caused a security patch to ship without an adequate fix for the flaw it was meant to address. Cesar Cerrudo, founder and CEO of Argeniss Information […]

Anti-virus vendor McAfee Inc. on Wednesday clinched a deal with PC maker Gateway Inc. to preinstall its Internet Security Suite on all Gateway and eMachines computers. The exclusive two-year agreement gives the Santa Clara, Calif.-based McAfee a key outlet to sell its anti-virus, anti-spyware and anti-phishing software and a key ally to help stave off […]

Multiple security flaws in the popular Skype voice chat application could put millions of users at risk of computer takeover attacks, the company acknowledged Tuesday. Skype Technologies S.A., which is being acquired by eBay Inc., warned in two separate advisories that the vulnerabilities could lead of system access or denial-of-service attacks. The Skype program, which […]

Microsoft Corp. plans to roll out a minor refresh of its Windows OneCare PC security bundle to add new features for file scanning and data backup. In a note to beta testers, Microsoft said the refresh will be shipped automatically Tuesday as part of a plan to push out continuous feature updates to keep PCs […]

Microsoft Corp. plans to bundle anti-spyware protection into Windows Vista, a move that is sure to raise eyebrows among the companys security competitors, many of which are also its partners. The Windows AntiSpyware product, which currently ships to consumers as a free stand-alone application, will be integrated into Vista, as is indicated in the latest […]

Microsofts patch for a worm-vulnerable security flaw in Windows 2000 is causing problems for some users. Microsoft recently confirmed several “isolated deployment issues” with the MS05-051 update but insisted that the problems should not stop anyone from applying the critical patch. Word of problems comes at the worst possible time for the Microsoft Security Response […]

Microsoft plans to discontinue the use of the SSLv2 (Secure Socket Layer) protocol in the coming Internet Explorer browser refresh. In its place, he company will fit the stronger TLSv1 (Transport Layer Security) protocol into IE 7 as part of an overall plan to improve the security and user experience for HTTPS connections. Microsoft Corp. […]