UrlScan 3.0, a security add-on to Microsoft's IIS Web server, is now available in its Release-to-Web version.
A study describes best practices for keeping down security costs and woes.
The new tool is designed to help managers assess code quality before it's shipped.
Simplifying identity with Microsoft's 'Zermatt' class libraries.
Updates to the company's ESX 3.5 and ESXi 3.5 virtualization products caused licenses to expire, and other problems.
MessageLabs reports that the number of SQL injection attacks spiked sharply last month.
Microsoft issued a fix yesterday via Microsoft Update for a patch blocking problem that affected System Center users.
Remote code execution and information disclosure risk are the main problems addressed with this patch cycle.
One fun thing about the interactive world of Web 2.0 is the online applications you can take advantage of, such as Google Gadgets.
Microsoft's Patch Tuesday security rollout next week will be expected to have 12 total fixes, with seven deemed "critical."
We dodged a bullet last month -- the discovery of a fundamental flaw in the Domain Name System, Dan Kaminsky told a standing-room only (and some sitting on the floor) crowd at the Black Hat Briefings Wednesday.
A cache of stolen data gathered from a botnet that has been quietly sweeping up information for years contained the user names and passwords for 8,485 bank accounts.
The Black Hat Briefings return to Caesars Palace this week with a new batch of hands-on security research for a crowd of 4,000 IT administrators, hackers, industry experts and government officials.
A study finds most software vulnerabilities are reported by IBM, Microsoft and Apple, and Web apps are a leading point of attack.
Next week at the Black Hat conference in Las Vegas, security researcher Joanna Rutkowska promises to demonstrate how a malicious attacker, working remotely, could take control of the open-source Xen virtualization software.
The company issued patches for its OS and server products to address Domain Name Server vulnerabilities.
Reports are coming in that an AT&T Domain Name System (DNS) server may have been compromised with malicious code that exploits a vulnerability reported earlier this month. This apparently is the first instance of the exploit in the wild.
A recently uncovered flaw with the Oracle WebLogic server allows users to gain entry to the software's server without a user name or password.
The company issued a reminder to patch a Domain Name System flaw affecting some Windows products.
Sites such as Facebook, LinkedIn and Blogspot.com represent vectors for attack.