In association with heise online

Top News

Critical PHP vulnerability being fixed - Update

PHP logo The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known more »

Top Feature

CSI:Internet - Open heart surgery

CSI:Internet The TDL4 rootkit is currently the most technically sophisticated piece of malware in existence. Our expert takes it apart piece by piece more »

IT security news and features

News & Features

6 February 2012
Joomla! updates close information disclosure holes

Joomla logo Versions 1.7.5 and 2.5.1 of the open source content management system close two information disclosure vulnerabilities; the update to Joomla! 2.5.x also fixes 30 bugs found in the prevoius release more »

6 February 2012
Backdoor in TRENDnet IP cameras

Trendnet logo Some TRENDnet IP cameras permit anyone to view the rooms being monitored by the camera, whether or not an access password has been created. Lists of openly accessible camera streams are circulating more »

6 February 2012
German government makes recommendations for secure Windows PCs

BSI logo Anti-virus software, backups, updates, an alternative browser and a healthy level of mistrust are the main components of the German Federal Office of Information Security's (BSI's) PC security concept more »

4 February 2012
The H Roundup for the week ending 4 February

The H Roundup In the last seven days: a critical hole in PHP was closed, Ubuntu 12.04 Alpha 2 arrived and there was controversy around a Busybox alternative. Also Debian 7.0 will use the 3.2 kernel, VLC 2.0 gets ready to bloom and Wayland 1.0 approaches more »

3 February 2012
Google's Bouncer scans the Android Market for Malware

Android security icon Google has disclosed that it has, for the last year, been using a system called Bouncer to scan the Android Market for malware and says there was a 40% decline in downloads of malicious software in 2011 more »

3 February 2012
MSUpdate trojan attacked companies in the defence sector

Trojan icon The lure was a well-made invitation to a prestigious conference which then injected spyware into employee's computers more »

2 February 2012
Alert!Break-ins at domain registrar VeriSign in 2010

Verisign logo In late 2011, the US corporation notified the authorities of several intrusions into its IT systems in 2010. However, no important information is believed to have been stolen more »

2 February 2012
Report: Kelihos botnet making a comeback - Update

Botnet icon Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques more »

2 February 2012
HTC Android phones expose Wi-Fi passwords to apps

HTC logo Android applications running on some HTC smartphones can access the passwords of the Wi-Fi networks they are connected to and potentially send that information to third parties. HTC has release updates for the affected devices more »

2 February 2012
Apple releases Mac OS X 10.7.3

Mac OS X Lion logo The company has released Mac OS X 10.7.3 and, for users who have yet to upgrade from 10.6.8 to Lion, Security Update 2012-001. The updates address more than 50 security vulnerabilities that could be exploited to, for example, remotely execute arbitrary code more »

1 February 2012
Alert!Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey

Firefox security icon Mozilla has detailed the security fixes included in the recent updates to its Firefox web browser, Thunderbird email client and SeaMonkey suite. Version 10.0 of Firefox, for example, closes 8 holes, 5 of which are rated as critical more »

1 February 2012
Hacker extracts RFID credit card details

Credit Card icon At a conference, Kristin Paget demonstrated how easily RFID-enabled credit cards can be used to make a payment without requiring any card owner interaction more »

31 January 2012
US legislation to strengthen mobile data protection proposed

Mobile icon Post the Carrier IQ controversy, a legislative initiative aims to give US mobile phone users more control over their data. In future, users would have to explicitly consent to the installation of information-collecting software more »

31 January 2012
Alert!Security hole in Sudo's debug option closed

Sudo logo The addition of a debug option to the widely used sudo command introduced a flaw which could allow an attacker to gain root privileges by using a symbolic link to change the name of the command more »

30 January 2012
Symantec's trojan warning criticised as scaremongering

Android icon What Symantec calls malware is really applications participating in an aggressive ad network says Lookout security more »

30 January 2012
Git 1.7.9 offers more secure modification requests

Git logo The new technology for signing Git pull requests is an indirect consequence of the break-in at kernel.org. more »

30 January 2012
Rootkit has rhythm

Music Malware icon MIDI music on web pages is providing the soundtrack to malware exploiting a vulnerability in Windows multimedia to install a rootkit more »

30 January 2012
Alert!Samba update closes DoS hole

Samba logo A small memory leak on every connection to the Samba file sharing daemon could be exploited to create a denial of service. A patch and an update have been released more »

30 January 2012
Android games contain malware

Android Security icon Symantec warns that 13 Android apps are infected with malware that accesses data on smartphones and tablets and changes the start page in the browser more »

28 January 2012
The H Roundup for the week ending 28 January

The H Roundup In the last seven days: Linux 3.3 goes into testing, Ubuntu 12.04 gets a new HUD and a Linux root exploit surfaced. Also KDE 4.8 and a stable release of Cinnamon arrived, jSlate was open sourced and the 6502 microprocessor relaunched more »

27 January 2012
Alert!Cisco Security Appliances at risk from Telnet bug

Cisco logo Attackers can remotely execute code with system privileges as a result of a known bug in Telnet daemon telnetd more »

27 January 2012
FFmpeg 0.10 "Freedom" released - Update

FFmpeg logo Version 0.10 of FFmpeg adds several new encoders and decoders, as well as new filters and tools. The latest stable release also closes 15 security holes more »

27 January 2012
Trojan downloader is a problem for virus scanners

Virus icon The Microsoft Malware Protection Center has discovered a trojan downloader that only downloads and executes malicious code in the RAM, making it difficult to detect more »

27 January 2012
Symantec publishes pcAnywhere security recommendations

Symantec logo The security services provider recommends using the remote control software only if absolutely necessary more »

26 January 2012
Apache Shiro 1.2.0 enhances its password hashing

Shiro logo The Apache Shiro application security framework is updated to give better password hashing and storage, more control over sessions and filters, and Guice and OSGi support more »

Got news? Let us know!







The H open source

The H Security

The H Internet Toolkit