Ryan Naraine

Worried that the credibility of the PHP scripting language is being hurt by high-profile security flaws in third-party applications, an international group of coding experts is taking matters into their own hands. The group, which includes Zend Engine developer Andi Gutmans, has formed the PHP Security Consortium with ambitious plans to promote secure programming practices […]

Microsoft Corp. on Monday confirmed it was investigating a claim by a Russian security researcher that two key security technologies built into Windows XP Service Pack 2 could be easily defeated. The weaknesses were highlighted in a research paper published by Alexander Anisimov of Positive Technologies and centers around XP SP2s heap protection and DEP […]

Last weeks sophisticated bot attack against Windows installations of the MySQL database engine has fizzled after DNS (Domain Name System) service authorities shut off access to IRC servers controlling the worm. The bot, which launched brute-force attacks on weak MySQL passwords, was infecting vulnerable systems at the rate of 100 per minute. At its peak, […]

Almost a year after the first Bagle worm started squirming through e-mail in-boxes, anti-virus vendors are reporting a new wave of attacks with new propagation techniques. Three new variants were detected over the past 24 hours, and because of the high rate of distribution, anti-virus firms have increased the threat level and have rushed out […]

America Online Inc.s Nullsoft unit has quietly rolled out a new version of the popular Winamp media player to plug multiple critical flaws that put users at risk of code execution attacks. The fixes were included in Winamp version 5.08c after a warning was issued last November by private research firm Security-Assessment.com. The bug was […]

Malicious hackers have launched a zero-day bot attack against default Windows installations of the MySQL database engine, infecting vulnerable systems at the rate of 100 per minute, security experts warned on Thursday. The bot takes advantage of the publicly released “MySQL UDF Dynamic Library Exploit” to break into the open-source MySQL package. Once a database […]

The nonprofit Internet Systems Consortium has rolled out fixes for a pair of denial-of-service flaws in its BIND (Berkeley Internet Name Domain) implementation of the Domain Name System protocols. The vulnerabilities were reported in BIND versions 8.4.4, 8.4.5 and 9.3.0 and carry a “moderately critical” rating from independent research firm Secunia. BIND is by far […]

Microsofts plans to clamp down on the way illegal copies of its flagship Windows operating system receive updates—including security patches—could have a major impact on the SOHO (small office, home office) market and increase the risk of malicious hacker attacks, experts warned Wednesday. The warning follows an announcement out of Redmond, Wash., that the “Windows […]

Switching and routing firm Cisco Systems Inc. has issued a fix for a denial-of-service vulnerability affecting versions of its flagship IOS (Internetwork Operating System) software. A security advisory from the San Jose, Calif.-based company said the flaw affects all Cisco devices that are configured for Cisco ITS (IOS Telephony Service), Cisco CME (CallManager Express) or […]

Electronic payment provider PayPal Inc. on Monday confirmed that a security breach at a partner site left an unknown number of e-mail addresses exposed on the Internet. The eBay-owned company, which has been a major target for phishing attacks, said the security breach occurred at Benchmark Portal, a third-party company that handles customer-survey e-mails and […]