dcsimg

More articles by Ryan Naraine

Microsoft's Biz IM Server Goes Gold

Redmond's enterprise IM product left beta this week, but full-fledged interoperability with AOL and Yahoo hasn't yet arrived.

Web Servers, BIND Top 2004 Vulnerabilities List

The SANS Institute released its annual list of the top 20 Internet security vulnerabilities, pinpointing Web servers and services (Windows) and BIND (Unix) as containing the most dangerous security holes.

Apple Issues Mega Security Update

Apple Wednesday released patches for more than a dozen flaws in the Jaguar and Panther versions of the Mac operating system.

Apple Plugs OS X Vulnerabilities

Apple Computer Tuesday rolled out a major security update to fix several vulnerabilities in its flagship Mac OS X Panther client platform.

MS Exchange 5.5 Spoofing Flaw Fixed

Microsoft Tuesday warned of a moderately critical vulnerability that puts users at risk for cross-site scripting and spoofing attacks.

Windows 2000 Exploit Code Released

Exploit code for a known security flaw in Windows 2000 has been posted online, putting millions of users at risk of a PC hijack. MS04-019 and MS04-022 security patches are available to fix the problem.

Apache Buffer Overflow Flaw Patched

A bug in the open source server puts some users at risk for arbitrary code execution.

Buffer Overflows Found in DHCP

Earlier this week, a pair of security flaws were found in the Internet Systems Consortium's implementation of the DHCP that could leave users at risk for denial-of-service or code execution attacks.

Apple Issues Mac OS X Patch

Apple Tuesday rolled out a patch to protect Mac OS X users from several vulnerabilities that left them at risk for system hijack, security bypass, DoS attacks, and other threats.

Macromedia Patches ColdFusion MX DoS Vulnerability

Macromedia Monday rolled out a patch to fix a denial-of-service vulnerability found in its ColdFusion MX 6.1 product suite.

Macromedia Patches MX 2004 Security Flaws

Macromedia has released a series of patches to plug security holes in its flagship Macromedia MX 2004 products.

Linux Privilege Escalation Hole Detected

A security flaw in the Linux kernel carries a 'critical' rating and could be exploited to give an attacker full super-user privileges.

HP Plugs 'Critical' Tru64 UNIX Flaws

HP issued a security patch Friday to plug 'highly critical' holes in its HP Tru64 Unix operating system. It warned that a successful exploit could lead to system takeover.

Buffer Overflows Patched in Oracle 9i Database

Oracle issued a fix for multiple vulnerabilities in its database server software.

Buffer Overflow Plugged in Sun ONE Web Server

Sun Microsystems earlier this week warned of a buffer overflow vulnerability in its Sun ONE/iPlanet Web Server product.

'Apache Geronimo' Looks to J2EE Implementation

The Apache Foundation has started development of an open source, Apache-licensed implementation of the J2EE specification.

Microsoft Patches 'Critical' Windows 2000 Flaw

An exploit for the security vulnerability is already publicly available, increasing the urgency for the application of the patch.

Problematic Windows NT Patch Pulled

At a time when sysadmins are being scolded for not patching their systems, Microsoft pulls a security patch for NT 4.0 systems, admitting it introduces an error that may cause systems to crash.

CERT Warns of SSH Vulnerabilities

CERT issued an advisory late Monday warning that in severe cases remote attackers could execute arbitrary code with the privileges of the Secure Shell process.

Cobalt RaQ 4 Security Flaw Detected

CERT Thursday warned of a remotely exploitable security hole in Sun Microsystems' Cobalt RaQ 4 server appliances. Exploitation of this hole could lead to code execution with superuser privileges.

CERT Warns of Solaris Font Flaw

Sun Wednesday confirmed the security flaw in its X Window Font System and offered a workaround until a comprehensive patch can be issued.

Apache HTTP Server Project Warns of Apache Flaws Being Exploited

The Apache HTTP Server Project warned Thursday that several security holes in the Apache source code are being actively exploited on the Internet. It is urging IT managers to urgently upgrade to version 1.3.27 or 2.0.43 or higher.

Serious BIND Server Flaws Detected

Internet Security Systems issued a security alert Tuesday warning of serious security flaws found in versions 4 and 8 of BIND that affect nearly all currently deployed recursive DNS servers on the Internet. IIS recommends immediately upgrading to BIND version 9.2.1.

DoS Bug Found in Oracle9i App Server

Security consulting firm @stake Tuesday discovered a vulnerability in the Oracle9i Application Server that could lead to denial of service scenarios.

IBM Rolls Out WebSphere Telco App

IBM lifted the wraps off of version 1.2 of its WebSphere Telecom Application Server software, which lets telecommunications service providers create and deliver tools.