Application Flaws Features

ActiveX vulnerabilities have posed a security challenge for some time, and they're likely to be a challenge for quite some time to come. The automatic update features in many software applications are proving to be vulnerable to attack. Hackers are taking notice. You should, too. With flaws in many new products, vendors should listen a bit more to the research community perhaps Just a few years ago, Apple commanded only a small fraction of the computer market. The Web is a pretty nasty place, according to reverse engineer and privacy advocate Mike Perry -- and he should know. The rate and complexity at which exploits are being "weaponised" is rapidly increasing. A new industry alliance promises to pave the way for more secure software. Is SAFECode what we've been waiting for? Could firmware infections during the manufacturing process create backdoors in your network? Virtualisation is showing some extremely compelling ROI and transforming the way corporate IT provisions and administers not only the data center, but also the user desktop experience. The Qualys CEO firmly believes the internet has taken over from software -which is why Bill Gates is in trouble. Philippe Courtot, without any obvious irony, describes himself as a "child of the internet". Unusual for a chief executive but, as this interview progresses, it becomes clear that the 61-year-old sees himself as a most unusual CEO. He is referring to his time spent at the European Organisation for Nuclear Research, where he witnessed the birth of the web under the aegis of Tim Berners-Lee.
It's been some time in the making, but Microsoft soon will make its first service pack for Vista widely available. While the final version started shipping to manufacturers earlier this month, Microsoft says it's making some final tweaks to its distribution channels before general availability in a few weeks. So what can we expect? The easiest way into any system is likely to be the defaults, so make sure you don't leave an open door for criminals. You have probably heard by now that the root cause of most security vulnerabilities is in the software we run, and that these vulnerabilities are introduced into the software during the development process. That much has been well understood for several years. What hasn't been well understood is the solution to the problem. Encryption is pointless if not applied to an entire session. It only gives users a false sense of security. Software as a service may seem good news for users, but it could also be an open invitation for attackers. Karl Hart doesn't need to read articles or watch the evening news to know that financially motivated hackers nowadays are finding easy pickings at colleges and universities across the country. A new vulnerability, termed JavaScript hijacking, was recently identified that specifically affects the rich, interactive interfaces typically associated with Ajax and Web 2.0 applications. Buffer overflows have long been a primary vector of attack against computer systems — and the rise of local buffer overflow vulnerabilities and zero-day attacks makes it a problem that's likely to grow more troublesome. Hot: It's one of the primary methods that malicious hackers use to find new application and operating system vulnerabilities. The theme in the labs this month was policy, policy and more policy. Lab manager Mike Stephenson looked at email content filtering, which depends on policies for its success, while reviewer Justin Peltier evaluated policy management products. In these two areas, policy determines success, but the two views are quite different.