Microsoft Corp. in May plans to show early prototypes of computers using its Next-Generation Secure Computing Base (NGSCB) technology, a combination of new hardware and software that Microsoft says will boost PC security but that critics fear could be a scourge for user freedom. At its Windows Hardware Engineering Conference (WinHEC) in New Orleans, Microsoft also plans to share more technical details of the nascent NGSCB technology, formerly known by its Palladium code name. Further details and demonstrations of the security technology are planned for October, at the Microsoft Professional Developers Conference (PDC) in Los Angeles.

WLANs a top priority

Enterprise efforts to secure Web services and WLAN implementations will be among the top security initiatives for companies in 2003, according to recent Gartner Inc. research. Although security remains a critical priority for most enterprises, previously over-hyped security technologies have led companies to be more cautious about future implementations, according to Victor Wheatman, vice-president and research area director at Gartner, based in Stamford, Conn. Intrusion detection is one of those over-hyped technologies, Wheatman said. “It sounds like a good idea, but alerts you only that something is going on. It is not always so effective to just see the alarms going off,” he said.

A lot at stake

Security specialist @Stake Inc. has said that a module that ships with Sun Microsystems Inc.’s One Application Server has a flaw which could be exploited by outside attackers and which could give them control of the running Web server. The flaw is in the Connector Module, a Netscape Server Application Programming Interface (NSAPI) plug-in that integrates the Sun One Web Server with the Application Server. An overly long URI (Uniform Resource Indicator) in an incoming HTTP request handled by the module could cause a stack buffer overflow, @Stake said in an advisory. A patch is available for Sun One Application Server 6.5 at