News & Features
Saturday, 18 May 2013
In the week ending 18 May Microsoft is reading what you type in Skype's chat, an exploit for the Linux kernel is discovered, Google unveils its new IDE for developing Android applications, and the International Space Station is using more Linux
more »
Friday, 17 May 2013
On The H's radar over the last seven days: Samsung's Smart TV software, phone scammers with their own hotline, tricking malware with Vaccination, Qualcomm is pre-installing Kaspersky on Android phones and Twitter account security
more »
A newly found item of Mac malware appears to have been signed by its creator but is apparently unable to deliver its cache of screenshots to the two command and control servers it is meant to connect to
more »
The ownCloud developers have released versions 5.0.6, 4.0.15, and 4.5.11 to fix a number of serious vulnerabilities in their software including SQL injection, code execution and privilege escalation problems
more »
Thursday, 16 May 2013
Four hackers from the infamous group LulzSec were sentenced in the UK today. Three of them are facing prison, while the fourth got a suspended sentence
more »
What is someone scanning the internet for easily accessible industrial plants actually up to? The SCADA honeypot Conpot can help supply answers to that question
more »
The zPanel server is unavailable at the moment, most likely as a result of a hacker attack brought on by a member of the support team who swore at a forum user
more »
At the meeting of the RIPE IP address registry, discussions revolved around how to get black sheep to implement overdue security measures
more »
To avoid the need to develop new fuzz testing tools, researchers at Fraunhofer FOKUS institute have created the Fuzzino open source fuzzing library that can be used to add fuzzing features to existing test tools
more »
Wednesday, 15 May 2013
A bug that was fixed in the development branch of the kernel back in April was not identified as being security relevant and can therefore still be exploited on many systems
more »
The magazine's anonymous drop site is based on DeadDrop, developed by the late Aaron Swartz. Anonymity is in part ensured by only accepting connections via the Tor project's network
more »
Critical holes are also closed in Mozilla's Firefox ESR, Thunderbird and Thunderbird ESR, along with fixes for high severity issues; one of the high severity issues is a local privilege escalation through Mozilla's Maintenance Service
more »
With an increase in security updates and a need to schedule non-security changes predictably, Oracle has decided to rework how Java updates get a version number
more »
Adobe's May Patch Tuesday brings a flurry of security updates that close various critical security holes. Administrators who manage ColdFusion servers should act immediately; the remaining updates should also be installed as soon as possible
more »
Tuesday, 14 May 2013
If you thought Skype messaging was private, think again. The H's associates at heise Security have discovered that Skype/Microsoft analyses all data sent using the service
more »
Associated Press has accused the US government of secretly and illegally obtaining phone records for 20 of the news agency's phone lines
more »
The Developer Garden Code Analyzer enables developers to find security vulnerabilities in their web applications and mobile apps. It supports many different languages and is available in three pricing tiers
more »
Monday, 13 May 2013
Unknown intruders gained access to the registrar's customer database, including customers' credit card details. Name.com is thought to manage around 500,000 domains
more »
Browsers are being hijacked by extensions delivered with trojan droppers that are using victim's Facebook accounts to like and comment on behalf of criminals with
more »
Saturday, 11 May 2013
In the week ending 11 May Your next programming language, Debian Wheezy is released, Blender now renders models in cartoon style, hackers gain access to all .edu domains, and Linux is the "benchmark of quality"
more »
Friday, 10 May 2013
An attacker could manipulate a CSRF hole in the OpenVPN Access Server to take control of the administration interface. An updated version of the software is now available to close the hole
more »
On The H's radar over the last seven days: Cain & Abel on Windows 8, Google hacked, failed extortionists, untangling the web, OAuth security issues, and vulnerabilities in NetApp and SAP ERP.
more »
Microsoft announces ten security bulletins for next Tuesday to close critical holes in Internet Explorer. Adobe is to update its Reader, Acrobat and ColdFusion products on the same day
more »
A global-scale fraud ring is thought to have stolen a total of $45 million. Now, the police have busted the ring's New York cell
more »
Thursday, 09 May 2013
Details of how recent hijackings of high-profile news site Twitter accounts were carried out have been scarce, but The Onion, itself a victim, has now detailed the timeline of phishing and hijacking that took place when it lost control of its tweets
more »