Application Flaws Features

A new industry alliance promises to pave the way for more secure software. Is SAFECode what we've been waiting for? Could firmware infections during the manufacturing process create backdoors in your network? Virtualisation is showing some extremely compelling ROI and transforming the way corporate IT provisions and administers not only the data center, but also the user desktop experience. The Qualys CEO firmly believes the internet has taken over from software -which is why Bill Gates is in trouble. Philippe Courtot, without any obvious irony, describes himself as a "child of the internet". Unusual for a chief executive but, as this interview progresses, it becomes clear that the 61-year-old sees himself as a most unusual CEO. He is referring to his time spent at the European Organisation for Nuclear Research, where he witnessed the birth of the web under the aegis of Tim Berners-Lee.
It's been some time in the making, but Microsoft soon will make its first service pack for Vista widely available. While the final version started shipping to manufacturers earlier this month, Microsoft says it's making some final tweaks to its distribution channels before general availability in a few weeks. So what can we expect? The easiest way into any system is likely to be the defaults, so make sure you don't leave an open door for criminals. You have probably heard by now that the root cause of most security vulnerabilities is in the software we run, and that these vulnerabilities are introduced into the software during the development process. That much has been well understood for several years. What hasn't been well understood is the solution to the problem. Encryption is pointless if not applied to an entire session. It only gives users a false sense of security. Software as a service may seem good news for users, but it could also be an open invitation for attackers. Karl Hart doesn't need to read articles or watch the evening news to know that financially motivated hackers nowadays are finding easy pickings at colleges and universities across the country. A new vulnerability, termed JavaScript hijacking, was recently identified that specifically affects the rich, interactive interfaces typically associated with Ajax and Web 2.0 applications. Buffer overflows have long been a primary vector of attack against computer systems — and the rise of local buffer overflow vulnerabilities and zero-day attacks makes it a problem that's likely to grow more troublesome. Hot: It's one of the primary methods that malicious hackers use to find new application and operating system vulnerabilities. The theme in the labs this month was policy, policy and more policy. Lab manager Mike Stephenson looked at email content filtering, which depends on policies for its success, while reviewer Justin Peltier evaluated policy management products. In these two areas, policy determines success, but the two views are quite different. P2P is here to stay, so shore up your defences and embrace the technology's potential for a distributed architecture. Seen as an end-user issue, cross-site scripting has been ignored for too long. Now attacks are on the rise. There's been plenty of talk about the security capabilities of Windows Vista, but what's at the heart of the security defenses within Microsoft's latest operating system? This article aims to take a close look at the technology that will make a difference.