News & Features
Vodafone Spain sold a HTC Magic Android smartphone which had the Mariposa bot installed on its memory card
more »
Twitter has announced that it is launching a new service to protect its users against phishing and other attacks by attempting to detect, intercept and prevent "bad links" before a user has a chance to click on them
more »
Microsoft warns of an unpatched vulnerability in Internet Explorer 6 and 7, which is already being actively exploited in targeted attacks to infect Windows PCs with a Trojan
more »
The security specialist Objectif Sécurité has optimised its rainbow tables - a common tool used to crack password hashes - to make use of SSDs
more »
Microsoft has released two security updates to close one hole in Windows Movie Maker and seven holes in Excel
more »
At the RSA conference, two security specialists presented the results of an investigation into how easy it is to inject a malicious program into thousands of Android smartphones and jail-broken iPhones
more »
As well as a range of bug fixes, OpenSSH 5.4 includes a netcat mode which couples a local system's standard input to another computer's network port. There are also enhancements to the SFTP subsystem
more »
KillerBee is a collection of open source Linux tools for testing the security of ZigBee wireless networks
more »
Every five days, the average Windows user must install an update to close a potential security hole in a Windows application. A new version of the Personal Software Inspector is to automate this procedure
more »
Secunia and others say the problem can be exploited to execute arbitrary code on a vulnerable system. Opera remain unconvinced.
more »
Highlights for The H in this past week include CeBIT, a bid on Novell, the IIPA attacked countries over their open source policies and Ubuntu announcing a new look. A scrap developed over a defective patch for a PHP extension and Spanish police closed a major botnet operation
more »
Researchers have shown how, in one specific case, it is possible to calculate the private key from specific erroneous RSA signatures. Whether the attack has practical utility is questionable
more »
Vulnerabilities in Cisco's Unified Communications Manager and Digital Media Manager can be exploited to eavesdrop on and to disrupt, voice networks
more »
PHP 5.3.2 fixes more than 60 bugs, offers various updates and closes security holes
more »
Microsoft plans to release just two security updates to fix eight vulnerabilities in Windows and Office on its forthcoming patch day. Vulnerabilities in Internet Explorer will, however, remain unpatched
more »
The US government has published a document which allows some insight into the cyber security directive issued by George W. Bush in 2008 although parts of the directive remain under cover
more »
Security firm SMobile has examined the effectiveness of BlackBerry security functions and questions whether the information conveyed by BlackBerry warning messages allows users to make the right decisions
more »
Instead of complex mathematical problems, researchers at the Karlsruhe Institute of Technology are using errors in radio wave propagation to generate cryptographic keys
more »
Too small for news, too good to lose: In this edition, Mark Shuttleworth on Full Disclosure, a Waledac online test, an old bot with a new name, a data leak study, an alternative to shortening URLs and failing URL filters
more »
If you can extract NTLM or LM hashes from a system, you don't necessarily need to crack them to be able to make use of them. It is frequently possible to use the hashes directly
more »
Three Spaniards have reportedly been arrested in connection with "Mariposa", one of the largest botnets worldwide. The arrests took place over the past few weeks and the suspects stand accused of having taken control of more than 13 million computers and of operating the botnet since the end of 2008
more »
Window Snyder is joining Apple as senior security product manager. Her experience could help Apple deal with security problems on a range of fronts
more »
Microsoft is re-deploying patch MS10-015 as an automatic update. However, the patch won't install itself on systems where certain "abnormal conditions" exist
more »
PURE, the vendor's new product offers more functions than the conventional security suite and is specifically designed to meet the needs of multi-PC households
more »
A new study by the Cloud Security Alliance (CSA) commissioned by systems vendor Hewlett-Packard investigates the risks involved in cloud computing and offers protective strategies
more »