Dennis Fisher

About

Dennis Fisher is a journalist with more than 13 years of experience covering information security.

Where is Apple’s Trustworthy Computing?

It’s been the better part of a decade now since Microsoft got religion about the security of its products, following the release of Bill Gates’s famous Trustworthy Computing memo. In that time, the reliability, security and resiliency of the company’s products has improved greatly, as has Microsoft’s standing in the security community.

HP unveils Flash vulnerability scanner

HP has released a free static-analysis tool designed to find vulnerabilities in applications developed on the Adobe Flash platform. But HP SWFScan is no security geek plaything.
It’s meant specifically for developers without much in the way of security training.

No more free bugs for software vendors

It appears that the free ride is over for software vendors.

For years, software makers have benefited from the work done by the community of security researchers who spend days or weeks looking for vulnerabilities and novel ways to break the vendors’ products. This work is virtually always done pro bono by researchers who either have day jobs and do their research as a sideline or by experts at security companies who do the work as a way to promote their research teams. Either way, until recently, most of these bug reports were given to the affected vendors for free.


 The Conficker worm has been wreaking havoc on the Internet for several months now, and despite the concerted efforts of dozens of security organizations around the world, it is showing no signs of fading. A new analysis of Conficker by SRI International shows that the worm’s authors have added further code obfuscation and other mechanisms to avoid analysis and removal.

By Elinor Mills, CNET

Presenters at the CanSecWest security conference detailed on Thursday how they can sniff data by analyzing keystroke vibrations using a laser trained on a shiny laptop or through electrical signals coming from a PC connected to a PS/2 keyboard and plugged into a socket.

The rumored acquisition of Sun Microsystems by IBM could have far-reaching consequences for the identity-management market. Both companies have long histories in the IAM market, but have taken different paths over the years, with Sun focusing on open-source development and IBM sticking with the commercial model. So integrating the two portfolios could prove to be a major challenge, writes Steve Coplan of The 451 Group.

At the Workshop on the Economics of Information Security at Dartmouth College, experts discussed the drivers of the underground cybercrime economy, how the security story has changed in the media in recent years and what can be done to address the malware pandemic.

Microsoft’s initial move into the security products market, the ISA Server, has evolved well beyond its firewall roots. Now known as the Threat Management Gateway, the product is being positioned as a comprehensive Web security gateway. But as Eric Ogren writes in his review of the Threat Management Gateway [SearchSecurity.com], the beta release offers enterprise IT shops some solid capabilities, but also has some considerable drawbacks.