Security News


Microsoft Warns of New DNS Attacks

Security advisory issued yesteday describes DNS vulnerability in Windows server operating systems.

New Word, Windows Vulnerabilities Surface

Bugs deteted in Word 2007 have yet to be confirmed by Redmond.

Microsoft Issues ASP.NET Glitch Fix

Patch will fix compilation problems that occur after "massive file changes," such as antivirus time-stamp modifications.

Microsoft Virtualization Products Face Delays

Redmond takes aim at performance and scalability goals in holding back Virtual Server 2005 upgrade.

User Management Program Adds Security Upgrades

Beefed-up Windows management app from Lieberman Software helps IT administrators better handle password security.

Microsoft Patches Four Critical Windows Vulnerabilities

The patches released today aim to avoid Remote Code execution attacks in Windows-based systems.

Management and Governance Key to SOA, Report Finds

A survey of companies developing service-oriented architecture solutions found that it hasn't been easy to do, although most 'best-in-class' companies have realized returns on investment from SOA infrastructure.

Microsoft Plans Five Patches for Tuesday

On top of this week's major update to Microsoft's Windows GDI implementation, Redmond next week plans to issue no less than four Windows security bulletins, including at least one "critical" update.

JavaScript 'Hijacking' Vulnerability Not Expected To Dampen Enthusiasm for AJAX

A JavaScript-related problem has been found in AJAX-style applications, but it can be secured at the server side.

Securent Teams With OASIS on Open Source Access Control

Securent has decided to implement XACML 2.0 in its Entitlement Management Solution as part of OASIS' standardization efforts.

No Microsoft Security Patches Expected This Month

Get ready for an anti-climactic Patch Tuesday. Following on the heels of last month’s gonzo Patch Tuesday event -- wherein Microsoft Corp. released 12 new patches -- Redmond this month doesn’t plan to patch any security-related flaws.

SPI's DevInspect Tools Secure Microsoft AJAX

SPI Dynamics is collaborating with Microsoft to provide security tools for applications built using ASP.NET AJAX (code-named "Atlas"). When it is released on December 1, DevInspect 3.0 will become one of the first dev tools to analyze and remediate vulnerabilities in Atlas-based applications.

November Patch Tuesday To Come with 6 Fixes

Advanced security bulletin refers to an XML flaw and five other Windows flaws deemed "critical"; unknown whether security rollup addresses recent Visual Studio flaw.

Microsoft Adding Code 'Obfuscation' to Orcas

Microsoft announced this week it is adding an enhanced version of Dotfuscator Community Edition (CE) to the next major release of Microsoft Visual Studio, code-named "Orcas."

Survey Shows Gap Between Developers, Corporate Security Priorities

A recent survey of 400 U.S.-based application developers and programmers showed that while those who build Web applications are more concerned about security than ever before, corporate resources and processes that increase application security aren’t as forthcoming.

SOA drives need for XML security

Deliberate attacks on Web services is one obvious risk enterprises take when building such apps, and sloppy data can wreak just as much havoc. But one expert says XML security is where it’s at for adopters of service-oriented architectures (SOA).

Security and SOX: Are CIOs Missing the Boat?

Many CIOs arrived late to Sarbanes-Oxley efforts

New Yahoo Shield May Dry Up the Phishing Well

Phishing is one of the fastest growing security threats today but one search engine is developing a solution that lets users secure their info by customizing their login pages.

New Software to Secure SOA-driven Apps

Security remains a key reason why some developers continue to shy away from service-oriented architectures (SOA) but as awareness grows, so are solutions. And IBM announced plans to release new System z mainframe integration software that will help secure SOA-based apps.

Ruby on Rails Hits the Skids With Serious Flaw

The Ruby on Rails management team has released fixes for a serious security vulnerability in several versions of its development tool that could allow an attacker to take down a Rails process.