Stories about: SecurityFocus

Windows Vista debuted to muffled applause, followed by lackluster sales. Up until June 30, cash-strapped businesses looking to avoid the cost of upgrading to new Vista-compatible hardware could still purchase trusty Windows XP. Now, however, Windows XP is available only as a costly "downgrade" from Windows Vista--if you buy a copy of Vista, you can install the 6-year-old XP operating system using the Vista license.

Two months after Adobe Systems patched a serious flaw in its Flash development software, there are still hundreds of thousands of Web pages serving up buggy Shockwave Flash (.swf) files that could be exploited by hackers, according to a Google researcher.

Security researchers have uncovered "critical" security flaws in a version of the Linux kernel used by a large number of popular distributions.

PHP developer Stefan Esser has said he will go ahead with plans to disclose dozens of security flaws in PHP in March, hitting back at criticism that the "Month of PHP bugs" project is nothing more than dangerous, self-serving publicity.

Attackers are no longer bothering to attack average Linux systems, because there's so much more money to be made from invading Windows, according to security researchers.

A collaborative project intended to give network managers a comprehensive, unbiased source of information on software vulnerabilities has gone live, delivering its entire library of flaws under an open-source licence.

The SendMail and Snort security bugs exposed recently brought front and center the unique challenges inherent in producing and applying patches to open source software.

As the dust begins to settle on Symantec Corp.'s eye-catching US$350 million cash purchase of three vastly different security vendors, big-name security players suddenly lodged squarely in Symantec's sights have no intention of sitting idly by and already are planning their next move.

Security vendor Symantec Corp. announced three high-profile acquisitions late Wednesday at the same time it reported its financial results for the second quarter 2002. Symantec will acquire SecurityFocus Inc., Riptech Inc. and Recourse Technologies Inc. for a total of about US$355 million in cash, the company said.

Recently, a number of pretty devastating security problems have been discovered. First, a bug in Apache was discovered that allows a remote attacker to run code of their choice as the Web server user. This means that, depending what you are running Apache as, the cracker could get on as 'web', 'www-data', 'nobody', etc...

If users have put off patching their Apache Web servers against the vulnerability discovered Monday, they should wait no longer, as an exploit to attack the security hole is now circulating on the Internet, according to Oliver Friedrichs, director of engineering at SecurityFocus Inc.