In association with heise online

    Top News

    The H is closing down

    The H logo The H is closing its doors four and a half years after heise online UK was redesigned as a open source and security news and features web destination more »

    Top Feature

    The Final H Roundup

    The H logo After four and a half years, The H, the site for open source news, security stories and developer details has ceased publication, and as part of the closing down, we review the top ten stories of its almost-half decade more »

    Top Open News

    The H is closing down

    The H logo The H is closing its doors four and a half years after heise online UK was redesigned as a open source and security news and features web destination more »

    Top Open Feature

    Comment: +1 for rapid releases

    Comment: +1 for rapid releases Over the last two years, Firefox has demonstrated that releasing new versions at a rapid tempo offers many advantages and doesn't reduce quality. Its approach could offer a blueprint for other projects, such as KDE more »

    Top Security News

    The H is closing down

    The H logo The H is closing its doors four and a half years after heise online UK was redesigned as a open source and security news and features web destination more »

    Top Security Feature

    Content Security Policy halts XSS in its tracks

    Content Security Policy halts XSS in its tracks Cross-site scripting (XSS) is one of the biggest problems faced by webmasters. The new Content Security Policy standard should finally provide some relief more »

    Top Developer News

    The H is closing down

    The H logo The H is closing its doors four and a half years after heise online UK was redesigned as a open source and security news and features web destination more »

    Top Developer Feature

    Java EE 7 at a glance

    Java EE 7 The next step for Java EE 6 was planned to be cloud support but the collapse of ambitious developer plans has meant Java EE 7 arrived with few fundamentally new aspects, representing more a consistent effort to round off existing features more »

    Security news and features

    News & Features

    Tuesday, 16 Jul 2013

    Android and its password problems open doors for spies

    Android Wi-Fi icon Android's rudimentary backup feature saves Wi-Fi passwords in plain text on Google servers. This is not in itself news, but it takes on new significance in the light of PRISM more »

    Alert!Critical vulnerabilities in numerous ASUS routers

    Router logo Compromising ASUS routers on which the storage service AiCloud is activated is apparently a simple matter. Attackers can access private data and even navigate around the local network more »

    Monday, 15 Jul 2013

    NSS 3.15.1 brings TLS 1.2 support to Firefox

    Closed padlock Network Security Services (NSS), the collection of cryptographic libraries which is used, among others, by Mozilla's Firefox browser, now supports TLS 1.2. This enables the use of TLS with HMAC-SHA256 ciphers more »

    Second Android signature attack disclosed

    Android two holes A second hole in Android's signature validation has been disclosed, though there are greater limitations to the new technique. Google and CyanogenMod have patched the holes but how other vendors will handle it is to be seen more »

    Black Hat 2013: NSA director to speak at hacker conference

    Black Hat logo The organisers of the Black Hat conference have attracted the director of the American NSA, General Keith Alexander, as a keynote speaker. This has caused controversy more »

    Maintenance of Apache web server 2.0 discontinued

    Apache feather Version 2.0.65 will be the last update to Apache's HTTP Server 2.0. Those who still use it must act now: a security problem will remain unresolved more »

    Saturday, 13 Jul 2013

    The H Roundup - Hardware destruction and open source creations

    The H Roundup logo In the week ending 13 July - Hardware destruction, OS switcharound, Open Source laptops, Android code-signing holes, shiny new Chrome, vulnerability custody fights, language surveys and zombie backdoors more »

    Friday, 12 Jul 2013

    Microsoft gave NSA's PRISM access to Skype, and SkyDrive

    Microsoft security icon Microsoft is alleged to have taken steps to ensure that the NSA had continuous access to services such as Skype and Microsoft is adamant that it only cooperated with the authorities where legally required to do so more »

    Alert!New backdoor in HP server products

    HP logo HP has admitted that its StoreVirtual servers also contain an undocumented backdoor. The problem will be remedied by a soon-to-be-released patch more »

    Thursday, 11 Jul 2013

    DEF CON hacker conference says no feds, please

    DEF CON 21 logo DEF CON, the world's biggest hacker conference, is asking federal agents not to attend this year. The organiser says his request is a result of the current discussions about the NSA's eavesdropping operations more »

    Priyanka messes with WhatsApp

    WhatsApp logo Should your friends and acquaintances send you a contact file called "Priyanka" via WhatsApp, don't accept it, otherwise everyone in WhatsApp will become Priyanka more »

    Avira starts blocking some browsers and email clients - Update

    Avira logo Some Avira users are unable to use their web browsers without first disabling Web Protection. A reinstall helps users, but doesn't solve all their problems more »

    Wednesday, 10 Jul 2013

    Bluebox releases scanner for Android signing hole

    Android bot security icon Now users can check if their Android device is vulnerable to the signing flaw which has been called a "master key" to the mobile operating system by the authors of the scanner, who also reported the flaw to Google more »

    Chrome 28 with new Blink engine and Rich Notifications

    Google Chrome logo Google's Chrome 28 browser is the first to use the new Blink engine, which is designed to offer faster page loading. Also new is a notification feature that even informs users when Chrome isn't running more »

    Secunia vs VLC - Whose vulnerability is it anyway?

    VLC logo A dispute that has culminated in blog posts and messages on Reddit is raging between Secunia and VLC. The developers and the security firm have had differing views on an advisory since December 2012 more »

    Alert!Adobe fixes Flash Player, Shockwave and ColdFusion

    Adobe releases updates and two hotfixes to close various security holes in its products. All operating systems are affected more »

    Backdoor in US emergency alert systems

    Until recently, the emergency alert systems that enable the US president to broadcast via TV and radio stations in cases of emergency contained a hair-raising security hole more »

    Alert!July's Patch Tuesday fixes Windows privilege system

    Microsoft patch tuesday Microsoft releases seven patch packages to close a total of 34 holes in Windows, Internet Explorer, Office and other products. Among them is a patch to fix the privilege escalation hole in the Windows kernel that has been known about for over a month more »

    Tuesday, 09 Jul 2013

    US government agency destroys hardware to clear malware

    EDA logo In a perfect example of miscommunication of malware infecation and impossible demands for assurances, a US government department set about destroying all their hardware, only stopping when they ran out of budget more »

    Exploit for Android signing hole published

    Android alert An exploit is available for the Android signing hole which allows an attacker to manipulate the contents of an APK file without disturbing the signature of the archive more »

    Monday, 08 Jul 2013

    Bluebox's Android "masterkey" hole identified

    Android alert icon Fixes to the Android fork CyanogenMod cast light upon the "masterkey" flaw and revealed it to be a simple trick of putting two same-named files in an archive. The challenge for Google is how to mitigate any exploitation and get updates to users more »

    Lost+Found: Fake apps, keyjacking and traces of Tor

    Lost+Found icon Bad apps in sheep's clothing, keyjacking, a $20,000 Facebook hole, an exploit source, traces of Tor, and a birthday celebration more »

    Saturday, 06 Jul 2013

    The H Roundup - Linux 3.10, Fedora 19 and Mir raises eyebrows

    The H Roundup logo In the week ending 6 July - the 3.10 Linux kernel and Fedora 19 are released, Ubuntu's Mir plans raise eyebrows, the first Firefox OS phones arrive in the market, and German intelligence services are spying on the country's backbone more »

    Friday, 05 Jul 2013

    EU Parliament adopts stricter penalties for cyber-attacks

    EU stars By a large majority, the EU Parliament has adopted the EU Commission's draft directive on attacks against information systems more »

    Microsoft Patch Tuesday to close kernel hole

    Patch Tuesday Seven updates, six critical holes and one important privilege escalation mean next Tuesday is going to be busy for system administrators of Windows systems more »

    Got news? Let us know!

    • July's Community Calendar

    The H Open

    The H Security

    The H Developer

    The H Internet Toolkit