Sponsored White Papers, Webcasts, and Downloads
Additional Resources
- Lock IT Down: Check out new Microsoft security bulletins, including critical flaw in PPTP
- Flaws in Microsoft Windows VPN implementation are patchedWith more companies using the Internet as a backbone for building a virtual private network, any security holes in the underlying VPN software can be a major threat to vital services and to the network itself. A new Microsoft Security Bulletin, MS02-063, describes...
- Tags: VPNs, Network security, SECURITY, Operating systems, TELECOMMUNICATIONS, John McCormick, Microsoft IIS Server, Microsoft Windows, PPTP, VPN, flaw, Microsoft Corp.
- Technical articles 2002-11-18
- Flaw found in Office encryption
- Microsoft Word and Excel's data protection feature has a major flaw that could allow snoopers to decode password-protected files, according to cryptographer Hongjun Wu. Microsoft said that it will review Office's cryptographic code, and noted that the flaw appears similar to a previous flaw. Share your reaction to this reported...
- Tags: flaw, Microsoft Corp., Microsoft Office, Newsletter Editor, password, security
- Discussion threads 2005-01-21
- Flaw finders go their own way
- Flaw finders go their own wayarticle rootDebating "responsible" flaw disclosureThe software industry is pushing for "responsible" flaw disclosure, which calls on independent researchers to delay the announcement of security holes so that manufacturers have time to patch them. However, an increasing number of researchers feel that software companies have become...
- Tags: branch, conditional branch, manufacturer, Newsletter Editor, software
- Discussion threads 2005-01-26
- Script Engine flaw endangers all Windows systems
- Microsoft Security Bulletin MS03-008 reports that a heap overflow flaw in the Windows Script Engine for Jscript (specifically, Jscript.dll) can allow an attacker to run arbitrary code on a vulnerable system if the user visits a Web page containing the malicious code or opens an HTML e-mail. Jscript, the Microsoft...
- Tags: flaw, John McCormick, Microsoft Corp., Microsoft Internet Explorer, Microsoft Outlook, Microsoft Windows, patch
- Technical articles 2003-03-31
- Major flaws in Microsoft Office file encryption
- Major flaws in Microsoft Office file encryptionarticle rootnot dumping on developersI sincerely hope my comments aren't offensive to programmers - I know they aren't to those who really understand cryptography.Even the best programmer is simply working in a different discipline. It's not an insult to say they don't understand enough...
- Tags: cryptography, encryption, flaw, HIPAA, Microsoft Corp., Microsoft Office, programmer, security, Tech Locksmith
- Discussion threads 2005-01-28
- Alert: Critical WebDAV flaw exposes Win2K systems running IIS 5.0
- Microsoft and administrators alike are learning in the worst possible way about a newly discovered buffer overrun vulnerability in the World Wide Web Distributed Authoring and Versioning WebDAV protocol that sets a standard (RFC 2518) for Web-based editing and for file management. The vulnerability has exposed many Windows 2000 systems...
- Tags: John McCormick, Microsoft Corp., Microsoft IIS 5.0, Microsoft IIS Server, Microsoft Windows, Microsoft Windows 2000, vulnerability, WebDAV
- Technical articles 2003-03-19
- Microsoft may be Firefox's worst vulnerability
- What are you planning to do about the fact Microsoft has seen fit to install on your computer that egregious security vulnerability known as ".NET Framework Assistant" as a Firefox extension without telling you about it?I, for one, put a post-it note on the MS Windows test system here, with...
- Tags: Web browsers, apotheon, Microsoft Corp., Mozilla Firefox, open source, EULA
- Discussion threads 2009-06-02
- Look out for fraudulent Microsoft digital certificates
- The Microsoft digital certificates that VeriSign mistakenly issued to an imposter have been big news recently. In this Locksmith column, John McCormick shows you what to be aware of so you don't become a victim of this fraud.Did you recently get some authenticated code from Microsoft? A VeriSign-certified message from...
- Tags: ActiveX/COM/COM+/DCOM, Microsoft Windows, Microsoft Office, John McCormick, Microsoft Corp., security, ActiveX Control, VeriSign Inc.
- Technical articles 2001-04-09
- IFRAME flaw is critical
- IFRAME flaw is criticalarticle rootdid CERT announce too quickly?What's your opinion, do you agree with Microsoft that this was irresponsible to report a flaw before giving the Redmond giant an opportunity to fix it?I would ordinarily agree, but the proof of concept for this vulnerability was already widely known in...
- Tags: bad guy, CERT, flaw, IFRAME flaw, Microsoft Corp., networking, Tech Locksmith, vulnerability
- Discussion threads 2004-11-05
- Media bias rears its ugly head on IE7 'flaw'
- So tell me when the last time a level-2 of 5 flaw got so much bad press?So tell me when the last time a level-2 of 5 flaw got so much bad press?Not this time...Don't blame a this sofware bug on the media. A bug is a bug. ...
- Tags: dawgit, flaw, george ou, ie7, media, microsoft, Microsoft Corp., Microsoft Internet Explorer 7, software, stereotype, windows
- Discussion threads 2006-10-22
- Cursor flaw gives Vista security a black eye
- Will the cursor flaw bruise Vista's reputation?Microsoft breaks its patch cycle to release a fix for a "critical" flaw that has been used to attack Windows PCs, including those running Windows Vista. The vulnerability lies in the way Windows handles animated cursors. This release casts a shadow over the software...
- Tags: Microsoft Windows Vista (Longhorn), Sonja Thompson, Microsoft Windows Vista, Microsoft Corp., flaw, security
- Discussion threads 2007-04-04
- Is MS Office becoming a zero-day liability all year long?
- MS Office is nearly continuously vulnerable to zero-day attacks most months out of the yearA really critical vulnerability in Microsoft Word 2000, 2002, 2003, Mac 2004, and Viewer will not make Microsofts patch Tuesday this week and a newly found critical vulnerability in Windows Media Player playlists...
- Tags: attack, Desktop, Microsoft Corp., Microsoft Office, Security, Vista, vulnerability
- Blog posts 2006-12-11
- Microsoft to fix 'download warning' flaw
- Microsoft to fix 'download warning' flawarticle rootMicrosoft to fix 'download warning' flawMicrosoft says it will take "appropriate action" to fix a problem in Internet Explorer and Windows XP SP2 that allows a malicious Web site to bypass the browser's warnings when downloading potentially harmful content. A Microsoft representative said the...
- Tags: flaw, Microsoft Corp., Newsletter Editor, software, Starnes, Web browser
- Discussion threads 2004-11-23
- Secunia rates Word 2000 flaw extremely critical
- two questionsFirst, I'm curious, do you still use Word and OS W2000 in your shop?Second, have you ever considered, recommended, or actually selected any of the Microsoft Viewers in lieu of paying big bucks for Office on systems which seldom if ever do any creative work (such as executives who...
- Tags: security, viewer, word 2000, Project, Microsoft Word, Microsoft Corp., Tech Locksmith, hardware, Secunia, Microsoft Word 2000
- Discussion threads 2006-09-13
- Secunia rates Word 2000 flaw extremely critical
- Eight years after its release, Word 2000 is still extremely popular. In this edition of the IT Locksmith, John McCormick discusses an extremely critical Word 2000 flaw and how to protect yourself. Details Security firm Secunia reports that a recently disclosed vulnerability in Microsoft Word 2000, which...
- Tags: Microsoft Corp., Secunia, Microsoft Word 2000, John McCormick, Word Viewer 2003, Microsoft Word, Microsoft Office, Word processors, Patches, SECURITY, patch, vulnerability, IT Locksmith Newsletter, Flaw, Office Suites, Software
- Technical articles 2006-09-11
- Google: We've fixed desktop search tool flaw
- Google: We've fixed desktop search tool flawarticle rootGoogle fixes desktop search flawGoogle has issued a fix for a vulnerability that that could have allowed hackers to search the contents of PCs running Google's desktop search tool. The disclosure of this flaw comes just days after research company Gartner warned businesses...
- Tags: desktop, desktop search, desktop search tool, flaw, Google Inc., Newsletter Editor, tool
- Discussion threads 2004-12-21
- "Over-Draconian" browser security??
- "Over-Draconian" browser security??Jason actually said that Vista's IE7 security feautures might be "over-Draconian"! Aside from the amusing invention of a term, do you really think that it's possible Microsoft will ship something that's locked down too tight?I heard they DID find a way to secure IEFirst, they pulled it out...
- Tags: Microsoft Internet Explorer 7, Microsoft Windows, Web browser, ie, bill detwiler, vista, jason hiner, S.Howard-Sarin, off-topic, Microsoft Corp., Microsoft Internet Explorer, Microsoft Windows Vista
- Discussion threads 2006-04-25
- Word flaw hit with zero-day attack
- Trojan MDropper.Q exploitAn "extremely critical flaw" in Microsoft Word 2000, which has no released patch, could lead to the remote execution of code. The exploit, Trojan MDropper.Q, affects systems running Windows 2000 and occurs when processing malicious Word 2000 documents.How is your organization dealing with this Microsoft Office vulnerability?How do...
- Tags: e-mail, expolit, flaw, microsoft, Microsoft Word, news, office suite, OpenOffice, security, Sonja Thompson, trojan, vulnerability, word
- Discussion threads 2006-09-06
- Symantec Corp.'s AV software contains critical flaw
- eEye Digital Security Inc. has discovered a workable attack vector which can be used to penetrate systems using Symantec anti-virus software and take control of the computers. John McCormick talks about the issue here. There's a workable attack vector out there that can be used to penetrate systems using...
- Tags: Symantec Corp., John McCormick, Web browsers, security, software, IT Locksmith Newsletter, Antivirus, Flaw
- Technical articles 2006-06-02
- << Previous
- page 1 of 1
- Next >>
