In association with heise online

Top News

Vulnerability in Samba provides access to files

Samba Logo A vulnerability in the creation of symbolic links can be exploited to get access to files outside of allowed paths. The hole can, however, only be exploited if the attacker has write access on a share more »

Top Feature

Shortened-breaks

Network Teaser Logo When people click on short URLs from services like bit.ly or tr.im, they don't always know where they'll land until they've actually arrived. The next generation of short URLs even go one step further more »

IT security news and features

News & Features

9 February 2010
Security update for LANDesk Management Gateway

LANDesk logo An error in the web interface of the LANDesk Management Gateway can be used by an attacker to create their own commands and pass them to the shell of the underlying system to be run with root privileges more »

9 February 2010
Adobe apologises for unpatched Flash vulnerability

Adobe Logo Adobe has taken the bull by the horns and officially apologised for not fixing a flaw in the Flash plug-in which has been known since 2008. The delay was said to be caused by internal procedural problems more »

9 February 2010
Alert!Critical vulnerability in Novell's NetStorage

Novell Logo Novell is reporting a critical security vulnerability in NetStorage which can be exploited by a remote attacker to compromise a system. A patch is available to fix the vulnerability more »

9 February 2010
EU security agency advises caution when using social networks

ENISA Logo The European Network and Information Security Agency has published a report that warns of the risks and threats of using mobile social networking services and also provides a list of "17 golden rules for mobile social networks" more »

8 February 2010
China shuts down cracker website

Padlock icon The Chinese authorities have shut down what they describe as the biggest training website for hackers in China. Members are reported to have used their skills to obtain private access data for games and other entertainment website more »

8 February 2010
Infected add-ons found on Mozilla download site

Firefox logo Two malware infected 'experimental' add-ons have been available on the Mozilla download site for a prolonged period more »

7 February 2010
Alert!Unscheduled patch from Oracle

A critical vulnerability in the WebLogic Server Node Manager has forced Oracle to release an unscheduled update outside of its normal quarterly patch cycle. more »

6 February 2010
The H Week - Browser de-anonymisation, FreeBSD, Linux updates and H.264

The H Week Logo This week, The H had the latest news on how, even without cookies, web browsers and users can be identified, the latest Linux kernel developments with the Kernel Log, yet another vulnerability in Microsoft's Internet Explorer web browser and more »

5 February 2010
Password breaker for iPhone backups

Elcomsoft's iPhone Password Breaker promises to recover the passwords of protected iPhone backups. This is said to allow access to stored data such as addresses, SMS archives, apps, calendar items and photos more »

5 February 2010
Vulnerability in Oracle 11gR2 allows system privileges for all - Update

Oracle Logo A bug in Oracle's Java implementation allows users of database version 11gR2 to obtain arbitrary privileges more »

5 February 2010
Microsoft to fix 26 vulnerabilities on patch day

Microsoft generic icon The newly revealed vulnerability in Internet Explorer is not one of them, but the company will be fixing the recently discovered 17-year old privilege escalation vulnerability in its Virtual DOS Machine more »

4 February 2010
Lost+Found: worms, lists, rootkits, passwords, fish

Lost+Found icon Too short for news, too good to lose; Lost+Found is a round up of useful security information: Analysis of an iPhone worm, threat lists, Windows rootkits, password japes and fish on bank websites more »

4 February 2010
Report: Google to work with NSA over cyberattacks

Google Logo Google will reportedly be working with the United States National Security Agency (NSA) to investigate and to fight against future incidents, following the recent massive cyber attacks originating in China more »

4 February 2010
Alert!Microsoft confirms new vulnerability in Internet Explorer

IE logo The vulnerability allows a crafted website to access and read the content of arbitrary files on a PC more »

4 February 2010
SDL for dummies

Microsoft Teaser Microsoft has released a new document designed to convince the global developer community that the Secure Development Lifecycle (SDL) also makes sense for small software forges more »

3 February 2010
Twitter resets user passwords

Twitter Logo The microblogging company suspects Twitter accounts have been misused as a result of password stealing on other websites more »

3 February 2010
Apache HTTP Server 1.3's final update released

Apache logo Apache HTTP Server 1.3.42 has been released and is the last full update of the Apache 1.3 series of web servers. Users are recommended to look at upgrading to Apache 2.2 more »

3 February 2010
Hackers paralyse emissions trading scheme

Phishing Germany's emissions trading body and Federal Criminal Police Office have confirmed that hackers have used phishing emails to gain access to databases containing official information on individual companies' emissions permits. According to the Financial Times, the perpetrators transferred emissions rights to other accounts and then sold them on more »

3 February 2010
Blizzard warns of account theft in World of Warcraft

WoW Logo A new official web page created by the role-playing game operator alerts users to security holes and warns of gold sellers and levelling services more »

3 February 2010
Alert!iPhone OS 3.1.3 fixes vulnerabilities

iPhone Teaser Apple has released version 3.1.3 of its iPhone mobile operating system for all iPhone and iPod Touch devices to address a total of five vulnerabilities more »

2 February 2010
Spat over test for mobile encryption

Generic mobile icon German vendor Securstar has been accused of having had a hand in supposedly independent tests of encryption solutions for mobile devices in which its product was one of the few to be classed as secure more »

2 February 2010
PGP buys TC TrustCenter

PGP Logo By taking over Hamburg-based company TC TrustCenter GmbH, PGP acquires the certification technology required for identification and authentication applications more »

2 February 2010
Conficker cause of Greater Manchester Police disconnection

Virus logo The Greater Manchester Police have disconnected themselves from the Police National Computer after an outbreak of the Conficker worm more »

2 February 2010
Squid update fixes DoS vulnerability

Squid Logo Specially crafted DNS packets can compromise the popular Squid web proxy/cache in such a way that it briefly fails to respond more »

2 February 2010
Security hole in MoinMoin wiki system

MoinMoin logo The developers have announced an unspecified vulnerability in versions from 1.5.0 up to and including 1.9.1. A workaround solves the problem more »

Got news? Let us know!




The H open source

The H Security

The H Internet Toolkit