In association with heise online

Top News

Microsoft confirms critical vulnerability in Internet Explorer

IE logo Internet Explorer 6 and 7 running under all versions of Windows are affected. Microsoft is working on a security update and in the meantime is advising users to set their security level to high, or to activate data execution prevention more…

Top Feature

Inside the Security Operations Center

In its Security Operations Center (SOC), Symantec remotely monitors its clients' networks for signs of hacking and suspicious activity. We've taken a look inside the SOC more…

IT security news and features

News & Features

25 November 2009
Security feature of Internet Explorer 8 unsafe

IE8 logo The cross-site scripting filter of Microsoft's browser reportedly contains vulnerabilities that allow the very cross-site scripting attacks it is meant to prevent more…

25 November 2009
Security update for BIND name server

ISC logo Due to a DNSSEC-related error, attackers can inject faked entries into a name server's cache. As a result the server resolves specific domains to incorrect IP addresses more…

24 November 2009
User-generated PDF documents disclose private information - Update

IE8 logo User-generated PDF documents can potentially disclose information the author might not wish to reveal. The leak is caused by a flaw in Internet Explorer more…

24 November 2009
Numerous vulnerabilities in VMware products

VMware logo VMware has advised of a total of 93 vulnerabilities in several of its products, including ESX Server, Server, VirtualCenter and vCenter. more…

23 November 2009
Alert!Opera 10.10 closes "extremely severe" hole

Opera logo The previous version of Opera was affected by a flaw that can be exploited to compromise systems and that has been known for six months. The KDE libraries are also said to be vulnerable more…

23 November 2009
New iPhone password: "ohshit"

A new version of the worm infecting insecure jailbroken iPhones resets the password more…

23 November 2009
Alert!New critical vulnerability in Internet Explorer

Windows flag logo A few lines of HTML code, posted anonymously under the heading "IE7" on a security list, turn out to be a previously unknown security problem in the Microsoft browser more…

20 November 2009
Security vulnerabilities in add-ons imperil Firefox users

Firefox logo Security experts have found security problems in several popular Firefox extensions. They warn that using add-ons can impact the security of the entire system more…

20 November 2009
Cisco releases free iPhone security app

Cisco logo Cisco has released a free iPhone application that allows users to receive customised alerts on real-time security threats, new signatures and other information more…

20 November 2009
PHP 5.3.1 released

PHP logo The PHP developers have released the first maintenance update to the 5.3 branch of their programming language, which now includes anti DoS measures and sanity checks on EXIF more…

19 November 2009
Alert!Security holes in Serv-U FTP server closed

Serv-U logo The 9.1.0.0 version of the Serv-U FTP Server for Windows closes two critical vulnerabilities which allow an attacker's code to infiltrate the system or restart it more…

19 November 2009
NSA helps Apple, Sun and Red Hat harden their systems

NSA seal The American National Security Agency also helped configure the system security of Windows 7 during the operating system's development more…

19 November 2009
lost+found: Android, botnets, Top 10, CryptoMan

Spyware for Android, understanding botnet protocols, Top 10 vulnerabilities in web applications, Bruce Schneier action figure more…

19 November 2009
Fedora 12 allows users install privilege - Update 2

Fedora logo Fedora 12 has changed its security policy to allow unprivileged users to install software without requiring the root password more…

18 November 2009
Thousands of web pages manipulated in large-scale scareware attack

Google's search engine reportedly plays an important role in the attack, pointing users to compromised web pages when certain search terms are entered. More than 200,000 web pages appear to have been affected more…

18 November 2009
Firefox 3.6 locks down component directory - Update

Firefox logo Extensions to the browser will no longer be able to silently install themselves in Firefox 3.6's component directory. The Mozilla developers say the directory lock down will increase the browser's stability more…

18 November 2009
RE-Google aids code analysis

RE-Google logo A plug-in for disassembler IDA Pro uses Google searches to make machine code functions comprehensible to the uninitiated. It can save time for security specialists analysing malware code more…

18 November 2009
Metasploit 3.3 released

Metasploit logo Nearly one year after the release of Metasploit 3.2, the Metasploit Project developers have announced the availability of version 3.3 of the Metasploit Framework more…

17 November 2009
Few security products gain certification at the first attempt

Only four per cent of the security products tested by independent tester ICSA Labs are certified the first time out. Many products even fail to fulfil their core functionality more…

17 November 2009
Vulnerability in Wikipedia Toolbar for Firefox

Firefox logo Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system more…

16 November 2009
Password theft via vulnerability in SSL/TLS protocol

The vulnerability in the design of the SSL/TLS protocol revealed earlier this month can apparently be used for practical attacks after all, such as stealing Twitter login data more…

16 November 2009
Microsoft investigates vulnerability in Windows 7 and Server 2008 R2

Microsoft is investigating a DoS vulnerability that can be exploited to cripple systems running Windows 7 or Windows Server 2008 R2. According to the vendor, however, no active attacks have been registered so far more…

13 November 2009
WordPress 2.8.6 prevents malicious code from being uploaded

A hole in the upload routine for blog post attachments allows PHP files to be disguised, for example, as images. Attackers can exploit the hole to execute arbitrary code. However, not all server configurations are affected more…

12 November 2009
Vulnerability in the GIMP image editing tool

GIMP logo A vulnerability in the free image editing tool GIMP (GNU Image Manipulation Program) can reportedly be exploited to compromise a users system more…

12 November 2009
New Microsoft patent may put Linux security components at risk

Microsoft has been granted a patent on a privilege escalation system which appears to cover the functionality of PolicyKit, used for fine grain authorisation on Ubuntu, Fedora, openSUSE and other Linux systems more…

Got news? Let us know!




The H open source

The H Security

The H Internet Toolkit