Stories about: X-Force

Apple has taken the place of Microsoft for disclosing more vulnerabilities than any other vendor, according to an IBM security report.

A botnet is now using a SQL-injection attack tool designed to hack legitimate Web sites, a move meant to add more hijacked PCs to its collection, according to a security researcher.

Hackers now mask virtually every Web browser exploit as part of their normal procedure to evade detection by security software, said IBM's X-Force research team Tuesday.

More than 3600 vulnerabilities discovered last year remain un-patched, according to a study.

A look at the all time greatest controversies in the history of the networking industry.

Microsoft this week released six security bulletins that patched nine vulnerabilities in Windows, Internet Explorer (IE), Microsoft Word, Outlook Express and SharePoint. But for the second time in two months, it yanked an update at the last minute.

The man who launched both of the security industry's major bug bounty programs Thursday defended the idea of paying for vulnerabilities, but also said he has responded to critics by putting a tighter lid on bug details to make sure they don't fall into the wrong hands.

Microsoft Tuesday issued six security updates for Windows, Office and the .Net Framework, patching a total of 11 vulnerabilities -- five of them rated critical.

At IBM Internet Security System's, the company's primary security research organization is called X-Force. Kris Lamb, director of X-Force, says his group is charged with knowing where potential threats will arise and deliver product, services and education to customers about how to stay ahead of the risk. Recently Lamb discussed with Network World Senior Editor Denise Dubie what he sees as the most critical challenges and opportunities facing enterprise IT security managers today.

Like many just-launched e-commerce sites in the world, this unnamed Web site has a fairly functional, if somewhat rudimentary, home page. A list of options at top of the home page allows visitors to transact business in Russian or in English, offers an FAQ section, spells out the terms and conditions for software use and provides details on payment forms that are supported.

The number of new software security vulnerabilities identified by security experts, hackers and others during the first eight months of this year has already exceeded the total recorded for all of 2005, according to Internet Security Systems.