Chips to ease Microsoft's big security nightmare

Newscientest.com

Chip makers are planning a new generation of microprocessors that should plug the gaps that led Microsoft to issue a "critical security alert" last week.

The alert was sparked by the discovery that a raft of Microsoft programs were vulnerable to a problem called "buffer overflow", which hackers can exploit to extract private information from a PC. And the risk of such attacks only worsened when, two days after the alert was issued, critical Windows "source code" was leaked on to the internet letting hackers see how it works. More....

U.S. info-sharing program draws fire

By Kevin Poulsen, SecurityFocus Feb 20 2004 6:08PM

long-anticipated program meant to encourage companies to provide the federal government with confidential information about vulnerabilities in critical systems took effect Friday, but critics worry that it may do more harm than good.

The so-called Protected Critical Infrastructure Information (PCII) program allows corporations who run key elements of U.S. infrastructure -- energy firms, telecommunications carriers, financial institutions, etc. -- to submit details about their physical and cyber vulnerabilities to a newly-formed office within the Department of Homeland Security, with legally-binding assurances that the information will not be used against them or released to the public. More.... 

OASIS SAML Interoperability Event Demonstrates Single Sign-On at RSA Conference.

OASIS has announced that several vendors will team with the U.S. General Service Administration E-Gov E-Authentication Initiative at the RSA Conference 2004 to demonstrate interoperability of the Security Assertion Markup Language (SAML). Vendor participants include Computer Associates, DataPower Technology, Entrust, Hewlett-Packard, Oblix, OpenNetwork, RSA Security, Sun Microsystems, and others.

SAML Version 1.1 is an OASIS authentication and authorization standard based upon an XML framework for exchanging security information. "This security information is expressed in the form of assertions about subjects, where a subject is an entity (either human or computer) that has an identity in some security domain. A typical example of a subject is a person, identified by his or her email address in a particular Internet DNS domain. One major design goal for SAML is Single Sign-On (SSO), the ability of a user to authenticate in one domain and use resources in other domains without re-authenticating." More.... 

Source code opens window to old IE flaw

The vulnerability, which affects only Internet Explorer 5.01, could allow attackers to set up faux Web servers or send malicious e-mails that would compromise people's PCs when they click on a URL (uniform resource locator), security researchers revealed last weekend. Microsoft confirmed the issue and said it's investigating the problem. More....

Vulnerabilities

Advisories