News & Features
A hacker who goes by the name "JDuck" has discovered the first malicious PDF files which use Return Oriented Programming to bypass Data Execution Prevention (DEP)
more »
An outdated Java runtime environment leaves security holes in the backup software
more »
A hacker has written exploit code which can tunnel a shell connection through firewalls via DNS
more »
Drupal's Email Input Filter, Keys and Tag Order modules contain security vulnerabilities, and should be updated to resolve this issue. The first at least is critical, as it can be exploited to penetrate a server
more »
20 security holes in Apple software are about to be disclosed: Charlie Miller intends to present details of the vulnerabilities at the CanSecWest conference next week. The expert talked with heise Security about the security of Mac OS X beforehand
more »
Does a software flaw which allows security safeguards to be bypassed count as a security hole in itself? Microsoft takes care to point out that it doesn't consider a recently published problem in Virtual PC a "vulnerability per se"
more »
Mozilla has announced that it is officially discontinuing support for the 1.x branch of its SeaMonkey "all-in-one internet application suite", the successor to the old Netscape Communicator and Mozilla Application suites
more »
Attackers are attempting to take control of mail servers, in particular those running Postfix and SpamAssassin, by exploiting a security vulnerability in the SpamAssassin Milter plug-in
more »
Mozilla has confirmed that, following the release of version 3.0.19 of its popular open source Firefox web browser, there will be no more updates to the 3.0.x branch
more »
The current version of the commercial ZeuS botnet server software uses a licence management system to prevent pirate copying
more »
Two fix-it tools from Microsoft help users set-up workarounds which prevent exploitation of a critical security vulnerability in Internet Explorer
more »
On The H this week; FOSS at CeBIT, Linux 2.6.34 in testing, new faces at the W3C and OSI, SCO vs. Linux continues, ZigBee hacking, SSD accelerated password cracking, smartphone malware and Mandriva's health checked
more »
Apple has released Safari 4.0.5, an update which addresses sixteen vulnerabilities in the browser, along with a number of stability and performance improvements
more »
From version 4.1, Chrome will delete the ID token immediately after it is run for the first time – a symbolic step which takes the wind out of critics' sails
more »
By warning of acute danger to the domain name system, ICANN boss Rod Beckstrom has incurred the displeasure of domain operators. They are concerned that governments could get the wrong end of the stick
more »
Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online
more »
A public exploit for the new hole in Internet Explorer 6 and 7 has become available. This will probably force Microsoft to release an out-of-cycle patch
more »
Vodafone Spain sold a HTC Magic Android smartphone which had the Mariposa bot installed on its memory card
more »
Twitter has announced that it is launching a new service to protect its users against phishing and other attacks by attempting to detect, intercept and prevent "bad links" before a user has a chance to click on them
more »
Microsoft warns of an unpatched vulnerability in Internet Explorer 6 and 7, which is already being actively exploited in targeted attacks to infect Windows PCs with a Trojan
more »
The security specialist Objectif Sécurité has optimised its rainbow tables - a common tool used to crack password hashes - to make use of SSDs
more »
Microsoft has released two security updates to close one hole in Windows Movie Maker and seven holes in Excel
more »
At the RSA conference, two security specialists presented the results of an investigation into how easy it is to inject a malicious program into thousands of Android smartphones and jail-broken iPhones
more »
As well as a range of bug fixes, OpenSSH 5.4 includes a netcat mode which couples a local system's standard input to another computer's network port. There are also enhancements to the SFTP subsystem
more »
Version 2.2.15 fixes numerous bugs and closes three security holes. One of the holes is rated critical but only affects the Windows version of Apache
more »
CA updates ARCserve Backup
