News & Features
Apple has released Safari 4.0.5, an update which addresses sixteen vulnerabilities in the browser, along with a number of stability and performance improvements
more »
From version 4.1, Chrome will delete the ID token immediately after it is run for the first time – a symbolic step which takes the wind out of critics' sails
more »
By warning of acute danger to the domain name system, ICANN boss Rod Beckstrom has incurred the displeasure of domain operators. They are concerned that governments could get the wrong end of the stick
more »
Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online
more »
A public exploit for the new hole in Internet Explorer 6 and 7 has become available. This will probably force Microsoft to release an out-of-cycle patch
more »
Vodafone Spain sold a HTC Magic Android smartphone which had the Mariposa bot installed on its memory card
more »
Twitter has announced that it is launching a new service to protect its users against phishing and other attacks by attempting to detect, intercept and prevent "bad links" before a user has a chance to click on them
more »
Microsoft warns of an unpatched vulnerability in Internet Explorer 6 and 7, which is already being actively exploited in targeted attacks to infect Windows PCs with a Trojan
more »
The security specialist Objectif Sécurité has optimised its rainbow tables - a common tool used to crack password hashes - to make use of SSDs
more »
Microsoft has released two security updates to close one hole in Windows Movie Maker and seven holes in Excel
more »
At the RSA conference, two security specialists presented the results of an investigation into how easy it is to inject a malicious program into thousands of Android smartphones and jail-broken iPhones
more »
As well as a range of bug fixes, OpenSSH 5.4 includes a netcat mode which couples a local system's standard input to another computer's network port. There are also enhancements to the SFTP subsystem
more »
Version 2.2.15 fixes numerous bugs and closes three security holes. One of the holes is rated critical but only affects the Windows version of Apache
more »
KillerBee is a collection of open source Linux tools for testing the security of ZigBee wireless networks
more »
Every five days, the average Windows user must install an update to close a potential security hole in a Windows application. A new version of the Personal Software Inspector is to automate this procedure
more »
Secunia and others say the problem can be exploited to execute arbitrary code on a vulnerable system. Opera remain unconvinced.
more »
Highlights for The H in this past week include CeBIT, a bid on Novell, the IIPA attacked countries over their open source policies and Ubuntu announcing a new look. A scrap developed over a defective patch for a PHP extension and Spanish police closed a major botnet operation
more »
Researchers have shown how, in one specific case, it is possible to calculate the private key from specific erroneous RSA signatures. Whether the attack has practical utility is questionable
more »
Vulnerabilities in Cisco's Unified Communications Manager and Digital Media Manager can be exploited to eavesdrop on and to disrupt, voice networks
more »
PHP 5.3.2 fixes more than 60 bugs, offers various updates and closes security holes
more »
Microsoft plans to release just two security updates to fix eight vulnerabilities in Windows and Office on its forthcoming patch day. Vulnerabilities in Internet Explorer will, however, remain unpatched
more »
The US government has published a document which allows some insight into the cyber security directive issued by George W. Bush in 2008 although parts of the directive remain under cover
more »
Security firm SMobile has examined the effectiveness of BlackBerry security functions and questions whether the information conveyed by BlackBerry warning messages allows users to make the right decisions
more »
Instead of complex mathematical problems, researchers at the Karlsruhe Institute of Technology are using errors in radio wave propagation to generate cryptographic keys
more »
Too small for news, too good to lose: In this edition, Mark Shuttleworth on Full Disclosure, a Waledac online test, an old bot with a new name, a data leak study, an alternative to shortening URLs and failing URL filters
more »