In association with heise online

Top News

The H Week - Freedom, Clouds, Malware, Clever Exploits and Ubuntu betas

The H Week Logo The H looked at freedom and the Cloud, how to track down malware, Munich's LiMux project, Microsoft and the W3C, Ubuntu 10.04's beta, Mac OS X and Virtual PC security and much more »

Top Feature

Tracking down malware

Malware on the couch Criminals use various methods to camouflage the traces of their malicious software on the internet. However, their paths can be retraced using special tools to identify the vulnerability the malware exploited to enter a system more »

IT security news and features

News & Features

20 March 2010
Exploit's new technology trick dodges memory protection

A hacker who goes by the name "JDuck" has discovered the first malicious PDF files which use Return Oriented Programming to bypass Data Execution Prevention (DEP) more »

19 March 2010
Alert!CA updates ARCserve Backup

CA Logo An outdated Java runtime environment leaves security holes in the backup software more »

19 March 2010
Exploit code with DNS tunnel

Network icon A hacker has written exploit code which can tunnel a shell connection through firewalls via DNS more »

18 March 2010
Alert!Security updates for Drupal modules

Drupal Logo Drupal's Email Input Filter, Keys and Tag Order modules contain security vulnerabilities, and should be updated to resolve this issue. The first at least is critical, as it can be exploited to penetrate a server more »

18 March 2010
Mac OS X: "safer, but less secure" - Update

Apple Logo 20 security holes in Apple software are about to be disclosed: Charlie Miller intends to present details of the vulnerabilities at the CanSecWest conference next week. The expert talked with heise Security about the security of Mac OS X beforehand more »

18 March 2010
Dispute about Virtual PC security holes

MSFT Does a software flaw which allows security safeguards to be bypassed count as a security hole in itself? Microsoft takes care to point out that it doesn't consider a recently published problem in Virtual PC a "vulnerability per se" more »

17 March 2010
Mozilla officially drops support for SeaMonkey 1.x

SeaMonkey Logo Mozilla has announced that it is officially discontinuing support for the 1.x branch of its SeaMonkey "all-in-one internet application suite", the successor to the old Netscape Communicator and Mozilla Application suites more »

17 March 2010
Alert!Security vulnerability in SpamAssassin filter module

SpamAssassin logo Attackers are attempting to take control of mail servers, in particular those running Postfix and SpamAssassin, by exploiting a security vulnerability in the SpamAssassin Milter plug-in more »

17 March 2010
Firefox 3.0 approaches end-of-life

Firefox logo Mozilla has confirmed that, following the release of version 3.0.19 of its popular open source Firefox web browser, there will be no more updates to the 3.0.x branch more »

17 March 2010
Botnet with integrated copy protection

Virus Teaser The current version of the commercial ZeuS botnet server software uses a licence management system to prevent pirate copying more »

15 March 2010
Simple workarounds for latest IE security vulnerability

Microsoft Logo Two fix-it tools from Microsoft help users set-up workarounds which prevent exploitation of a critical security vulnerability in Internet Explorer more »

13 March 2010
The H Week - Faster password cracking and Linux 2.6.34 in testing

The H Week logo On The H this week; FOSS at CeBIT, Linux 2.6.34 in testing, new faces at the W3C and OSI, SCO vs. Linux continues, ZigBee hacking, SSD accelerated password cracking, smartphone malware and Mandriva's health checked more »

12 March 2010
Alert!Safari 4.0.5 patches 16 holes

Safari logo Apple has released Safari 4.0.5, an update which addresses sixteen vulnerabilities in the browser, along with a number of stability and performance improvements more »

12 March 2010
Google Chrome to do away with unique IDs

Google Chrome logo From version 4.1, Chrome will delete the ID token immediately after it is run for the first time – a symbolic step which takes the wind out of critics' sails more »

12 March 2010
ICANN boss creates a stir with DNS security warning

Global networking icon By warning of acute danger to the domain name system, ICANN boss Rod Beckstrom has incurred the displeasure of domain operators. They are concerned that governments could get the wrong end of the stick more »

12 March 2010
SecurityFocus to partially shut down

SecurityFocus Logo Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online more »

11 March 2010
Alert!Exploit for new IE hole

Microsoft logo A public exploit for the new hole in Internet Explorer 6 and 7 has become available. This will probably force Microsoft to release an out-of-cycle patch more »

10 March 2010
Vodafone sold an Android smartphone infected with Mariposa

Android Logo Vodafone Spain sold a HTC Magic Android smartphone which had the Mariposa bot installed on its memory card more »

10 March 2010
Twitter to detect, intercept and prevent bad links

Twitter Logo Twitter has announced that it is launching a new service to protect its users against phishing and other attacks by attempting to detect, intercept and prevent "bad links" before a user has a chance to click on them more »

10 March 2010
Alert!Attacks on newly discovered vulnerability in IE 6 and 7

Microsoft Logo Microsoft warns of an unpatched vulnerability in Internet Explorer 6 and 7, which is already being actively exploited in targeted attacks to infect Windows PCs with a Trojan more »

10 March 2010
Password cracker 100 times faster with an SSD

Padlock Broken Teaser The security specialist Objectif Sécurité has optimised its rainbow tables - a common tool used to crack password hashes - to make use of SSDs more »

10 March 2010
Alert!Microsoft closes seven holes in Excel

Microsoft Logo Microsoft has released two security updates to close one hole in Windows Movie Maker and seven holes in Excel more »

9 March 2010
Researchers show infecting smartphones with malware is relatively easy

Mobile At the RSA conference, two security specialists presented the results of an investigation into how easy it is to inject a malicious program into thousands of Android smartphones and jail-broken iPhones more »

9 March 2010
OpenSSH 5.4 couples standard local input with server ports

OpenSSH Logo As well as a range of bug fixes, OpenSSH 5.4 includes a netcat mode which couples a local system's standard input to another computer's network port. There are also enhancements to the SFTP subsystem more »

9 March 2010
Alert!Update for Apache 2.2 web server closes various security holes

Apache Feather Version 2.2.15 fixes numerous bugs and closes three security holes. One of the holes is rated critical but only affects the Windows version of Apache more »

Got news? Let us know!





The H open source

The H Security

The H Internet Toolkit