Security

The University of California at Berkeley is in the midst of a crippling attack against its computer network. The flaw that attackers are exploiting is a recently discovered Microsoft Windows vulnerability - and even though a patch is available, it appears that many university computers are unpatched. Read on for a cautionary tale on keeping your security up to date.

Even the most safety-conscious of computer users often store sensitive data on Palm OS and Pocket PC devices that can be easily misused if those devices are lost or stolen. A recent report outlined just how insecure these devices can be.

Can revealing the nature of computer vulnerabilities help make the Internet more secure? Many security researchers believe so; they say that making vulnerabilities public can open the task of fixing those holes to the programming community at large, can help consumers decide which products are safest, and can force the hand of vendors who are dithering on a writing a patch. Many vendors, on the other hand, decry such moves as "information anarchy," and say that security researchers are looking for glory or profit when they release such information. The links here offer a high-level overview of this controversy, which is almost as old as the Internet itself.

The famed Internet security researcher known as Rain Forest Puppy has devised a sample policy for other researchers to use. It attempts to find a balance between researchers' desire to make information public and software vendors' desire to keep holes under wraps until a patch can be devised and distributed.

Microsoft believes that a regime of limited disclosure of security holes in its products bests serve the user community. Does this claim stand up to analysis? A trio of computer researchers take on the question. (Paper is in PDF format.)

Did premature disclosure of a hole in the Apache mail server cause unnecessary chaos last year? Read on to find out more about the thorny issues involved.

This rather exhaustive page represents one interested netizen's attempt to keep track of the controversy over the public disclosure of Internet vulnerabilities. It's updated regularly and contains links to views on all sides of the issue.

At the recent Black Hat Briefings security conference, the Organization for Internet Safety defended its proposed guidelines on disclosure, which urge security researchers to wait for a patch to be available for 30 days before revealing details of a vulnerability. Find out why this is causing industry controversy.

An upsurge of activity may be indicating that a massive wave of attacks against a known vulnerability in Windows may be on the immediate horizons. There's a patch available for the hole - and the U.S. government is urging everyone affected to apply it as soon as possible

In the wake of a massive attack in which hackers used Kentucky Department of Transportation computers to store pirated movies and music, the state is restructuring its IT security team. Read on to find out how one large organization is reacting in the wake of a major failure in IT security.

Microsoft Corp. has acknowledged that a recent security patch is causing problems on machines running the Windows NT 4.0 operating system. The patch, released July 23 and described in Microsoft Security Bulletin MS03-029, causes the Routing and Remote Access Service (RRAS) on NT 4.0 machines to fail, Microsoft said.