FOUR MORE critical bugs have been found in three of Symantec’s security products.
The four vulnerabilities affect Norton Internet Security 2004, Norton Internet Security 2004 Professional, and Norton Personal Firewall 2004.
Security firm eEye Digital Security spotted the flaws but is refusing to issue too many details until Symantec gets around to issuing patches.
Three faults were remotely-exploitable vulnerabilities that allowed attackers to compromise default installations of the affected software and gain access of the host machine.
Each week vnunet.com asks a different expert to give their views on recent virus and security issues, with advice, warnings and information on the latest threats.
This week Ray Stanton, director of UK security practices at Unisys, argues the case for the management of users and greater security over user data as the best way to control business threats.
IT managers are ignoring a fundamental part of their IT security by blindly installing the latest systems in the belief that such technology will protect their business.
Major companies and government agencies are scrambling to ensure they are not vulnerable to an Internet flaw that would allow attacks that could disrupt all communication.
The Department of Homeland Security issued a Technical Cyber Security Alert Tuesday, warning that "sustained attacks" on routers between networks could lead to a "denial-of-service condition that could affect a large segment of the Internet community."
However, the alert also said that normal operations would likely resume shortly after the end of the attack, according to the agency.
Any time you work with HTTP, you're esssentially working with a stateless protocol. You send in a request, you get back a response. The server doesn't know if a particular request is the first, twentieth, or five millionth request you've made. It certainly doesn't know if a particular request is somewhere in the middle of a long series of requests, all of which need to be handled in order. WS-Resource Framework proposes a different approach to modeling and managing state in open standards based grids.
For the first learning session on Help Net Security, we've got Caleb Sima, SPI Dynamics CTO and co-founder, discussing session hijacking attacks. While session hijacking can be applied to a lot of areas, this learning session is concentrated to the attacks on web applications.
In this eleven minute audio, Mr. Sima traverses through all the important characteristics of session hijacking and presents a number of practical examples of these attacks on online e-commerce sites.