Security News


Microsoft Releases Patch for ASP.NET Flaw

Microsoft released an "important" patch to address an information disclosure security vulnerability associated with ASP.NET systems.

Microsoft To Release Out-of-Band Patch for ASP.NET Security Flaw

Microsoft plans to release a patch on Tuesday for a security issue associated with ASP.NET systems.

UPDATED: Security Hack Exposes Forms Authentication in ASP.NET

Flaw in AES encryption allows tool to crack Machine Key values used to encrypt cookies in 30 to 50 minutes. Microsoft offers guidance on limiting exposure.

HP To Acquire Fortify

Hewlett-Packard Co. today said it is acquiring security software vendor Fortify Software Inc. for an undisclosed amount.

Adobe Reader and Microsoft IE Top Web Security Concerns

The majority of Internet security threats come from unpatched vulnerabilities in Adobe Acrobat/Reader and Microsoft's Internet Explorer browser.

IE's Market Share Stabilizes in May

Microsoft's Internet Explorer browser showed a U.S. market share gain in May compared with competing browsers.

U.S. IT Pros Concerned About Cloud Security

Nearly half of U.S. IT professionals surveyed believe that the risks of cloud computing outweigh its benefits.

'Critical' Off-Cycle IE Patch Released

Microsoft today released its second "critical" off-cycle patch for Internet Explorer this year.

IE 8 Hacks Slowed by Windows Safeguards

Even a fire-proof safe needs additional protective measures, and Internet Explorer 8 on Windows 7 is no different.

Google Launches Free SkipFish Tool for Web App Security

Last week Google released SkipFish, a no-cost, open source "security reconnaissance tool" for Web-based applications.

Microsoft Issues Workaround for IE 6 and 7 Flaw

Microsoft published a workaround for an in-the-wild vulnerability in Internet Explorer 6 and 7, described last week.

Report: IE 8 Leads in Malware Protection

A Microsoft-funded report found that IE 8 outperformed four other browsers in protecting against socially engineered malware.

Cryptographers Warn About Security Dangers in the Cloud at RSA

Researcher says read the fine print before connecting to the cloud.

RSA Wrap-Up: Feds Push Greater Security Awareness

The heavyweight lineup of government representatives at last week's RSA Conference raised many questions -- but few answers -- about how best to fight cybercrime.

Cisco Announces 'Borderless' Security at RSA

Cisco announced its Secure Borderless Network architecture, which the company is positioning as a reconceptualization of enterprise security.

RSA: Report Reveals 7 Cloud Computing 'Sins'

The Cloud Security Alliance on Monday released the results of a security study identifying the "seven deadly sins" of cloud computing.

RSA Keynote: Cloud's Future Depends on Security

Cloud computing has the ability to transform IT , but its success depends on security, said Art Coviello on Tuesday in his opening keynote.

Feds, Cloud Security Take Center Stage at RSA 2010

The speaker lineup at this year's annual RSA Security Conference and Expo, underway this week in San Francisco, is packing some serious federal heat.

Microsoft Investigating Windows VBScript Security Hole

Microsoft described a zero-day vulnerability involving some older Windows versions and VBScript when used with Internet Explorer.

Report Profiles Top Software Security Coding Errors

A new study describes the top 25 programming errors that can open up security holes in software.