In association with heise online

Top News

Symantec publishes pcAnywhere security recommendations

Symantec logo The security services provider recommends using the remote control software only if absolutely necessary more »

Top Feature

CSI:Internet - Open heart surgery

CSI:Internet The TDL4 rootkit is currently the most technically sophisticated piece of malware in existence. Our expert takes it apart piece by piece more »

IT security news and features

News & Features

27 January 2012
Alert!Cisco Security Appliances at risk from Telnet bug

Cisco logo Attackers can remotely execute code with system privileges as a result of a known bug in Telnet daemon telnetd more »

27 January 2012
FFmpeg 0.10 "Freedom" released

FFmpeg logo Version 0.10 of FFmpeg adds several new encoders and decoders, as well as new filters and tools. The latest stable release also closes 15 security holes more »

27 January 2012
Trojan downloader is a problem for virus scanners

Virus icon The Microsoft Malware Protection Center has discovered a trojan downloader that only downloads and executes malicious code in the RAM, making it difficult to detect more »

26 January 2012
Apache Shiro 1.2.0 enhances its password hashing

Shiro logo The Apache Shiro application security framework is updated to give better password hashing and storage, more control over sessions and filters, and Guice and OSGi support more »

26 January 2012
Hackers may have disrupted railway computers and schedules

A memo from the US TSA says that, in December 2011, hackers disrupted the railway schedules of one unnamed railway operator in the Northwest more »

25 January 2012
O2 sends users' phone numbers to web sites - Update 2

Mobile icon An O2 user found that the mobile carrier was adding his phone number to the headers of HTTP requests he made over the 3G network. The problem appears to affect all users of O2, GiffGaff and Tesco Mobile but it isn't a new issue more »

25 January 2012
Video conferencing systems as spying tools

Espionage icon Security expert HD Moore scanned around 3% of all publicly accessible IP addresses looking for video conferencing systems and managed to monitor corporate board rooms, inmate-lawyer consultation areas and research facilities more »

25 January 2012
Anonymous calls on Polish hactivists to stop DDoS

Anonymous icon In support of Polish NGOs fighting Poland's plan to sign up to the ACTA anti-counterfeiting agreement, Anonymous has called on hacktivists in Poland to stop denial of service attacks on government sites more »

25 January 2012
Alert!Critical flaw discovered in Symantec's pcAnywhere

Symantec logo Symantec has released fixes for a critical flaw in pcAnywhere that allows an attacker with access to a particular TCP port to remotely execute code on a system that has the remote login software installed more »

25 January 2012
Opera 11.61 fixes XSS vulnerability

Opera logo Version 11.61 of the web browser corrects several issues found in the existing builds and addresses two security vulnerabilities, including one "high" severity cross-site scripting problem more »

25 January 2012
Twitter acquires security services provider Dasient

Twitter logo Twitter has acquired California-based security services provider Dasient. The company will provide Twitter with malware protection expertise and technology more »

24 January 2012
Joomla! 2.5 adds new features, closes holes

Joomla logo Version 2.5 of the open source CMS is a major release that adds support for Microsoft SQL Server, improves advanced search, and provides better update notifications for administrators; four security holes found in previous builds have been closed more »

24 January 2012
Botnet operator used to work for anti-virus company

Botnet icon According to Microsoft, the alleged operator of the Kelihos botnet was employed by a firewall and anti-virus software company more »

24 January 2012
Alert!Chrome 16 update closes security holes

Google Chrome logo The Stable channel update addresses a total of four vulnerabilities, all of which are rated as "high severity". The developers also note that a critical hole was fixed in the previous release but was not documented more »

24 January 2012
Credit cards with EMV chips coming to the US

Credit card icon Visa and MasterCard hope to use the technology, already well established in Europe, to stem the tide of skimming incidents in the US more »

24 January 2012
Hacker targets Arab users' Facebook accounts

Facebook logo An apparently politically motivated hacker has published the access credentials of thousands of Arab Facebook users to the Pastebin anonymous text hosting service more »

23 January 2012
Hackers attack Polish government web sites

Network Globe icon Hackers had paralysed several Polish government web sites, apparently as a protest against the official position on the ACTA anti-piracy treaty; a Polish branch of Anonymous has already claimed responsibility more »

23 January 2012
Alert!Linux root exploit due to memory access - Update 2

Exploits for root access are in circulation for Linux 2.6.39 and later after a fix was released for bad permission checking when writing to memory dumps more »

23 January 2012
Alert!Critical hole in Apache Struts 2 closed

Apache logo A vulnerability in the Apache Struts 2 web framework for Java allows attackers to remotely execute commands; versions affected are from 2.0.0 to 2.3.1.1. A fix is now available. more »

23 January 2012
DreamHost warns of password hack

DreamHost logo The US-based web hosting services provider and domain name registrar has confirmed that it "detected some unauthorized activity" on its servers in which an unknown party or parties may have gained access to customer passwords more »

23 January 2012
Mozilla's BrowserID moves forward

BrowserID icon Mozilla's OpenID alternative, BrowserID, gets its first deployment on a number of Mozilla development sites and takes a "Rookie of the year" award more »

23 January 2012
Security experts put pressure on industrial control system makers

Factory icon A group of security specialists has published exploits for security vulnerabilities in components used by industrial control systems which could be used by an attacker to compromise or disrupt these systems more »

21 January 2012
The H Roundup for the week ending 21 January

The H Roundup logo In the last seven days: a security-enhanced version of Android from the NSA, developers fix a Linux network problem, OpenStreetMap vandalism, Android 4.0 for HP's TouchPad, extensions for GNOME 3 and the world of open source domotics more »

20 January 2012
Anonymous's new weapon

Anonymous logo Users clicking on a link sent over Twitter may find themselves unwittingly taking part in a DDoS attack on the US Department of Justice more »

20 January 2012
Windows Phone App Analyser released

Security Ninja logo A tool to help security researchers analyse Windows Phone 7 apps has been released by Security Ninja and is capable of decompiling the .dll files within the apps .xap files more »

Got news? Let us know!







The H open source

The H Security

The H Internet Toolkit