Security Features
To find a real iPhone video instead of the one that turned out to be a trojan yesterday, I'm entering "new iphone video" into Google. One of the top links promises an "exclusive preview"; it leads to a web page with a video - but what's going on there? This one isn't working, either!
more »
"Have you broken the computer again? It won't play this video of the new iPhone!" It's been a long day and I don't really feel like troubleshooting, but when she's in this sort of mood, the administrator had better jump to it. And at home, the administrator is me.
more »
Tom sends me something on 'NTFS internals' – technical details of the Windows file system implementation. How did he know this had been sitting on my to-do list for ages? Had I mentioned it at lunch? Curious, I open the attached PDF
more »
One morning when checking my emails, one subject line really drew my attention: "Air France Flight 447 (crash pictures)". The email claimed that images on the camera memory stick of a passenger on the crashed plane had been successfully reconstructed and could now be viewed in the attached PowerPoint presentation. When someone is trying that hard, my alarms go off
more »
As I'm selecting a pizza on the website of my favourite pizza service, my anti-virus scanner raises the alarm: It claims to have found and removed a "trojan.backdoor". Let's see what's going on here
more »
According to a Google security blog post by developer Michal Zalewski, Google's new, free Skipfish scanner is designed to be fast and easy to use while incorporating the latest in cutting-edge security logic. Felix 'FX' Lindner examines Skipfish to see how well it compares to other tools used to check web site integrity.
more »
Criminals use various methods to camouflage the traces of their malicious software on the internet. However, their paths can be retraced using special tools to identify the vulnerability the malware exploited to enter a system
more »
When people click on short URLs from services like bit.ly or tr.im, they don't always know where they'll land until they've actually arrived. The next generation of short URLs even go one step further
more »
Israeli vendor StartSSL offers free SSL server certificates that are valid for a year. This article explains how to apply for a certificate for a domain and install it on the server
more »
In its Security Operations Center (SOC), Symantec remotely monitors its clients' networks for signs of hacking and suspicious activity. We've taken a look inside the SOC
more »
It can be very useful to be able to talk directly with your SMTP or IMAP server for diagnostic purposes. Things get a bit more complicated when encryption rears its ugly head, but with the right tools, it doesn't have to be a black art
more »
The hackers' summer camp has ended without any major events or serious injuries. Inspired by the event the activists have dispersed back into society. Whether these people are really at the centre of the political fight for freedom remains to be seen
more »
Wendy Grossman reports on the proceedings at the Black Hat security conference 2009
more »
Using just open source tools and a few tweaks, it is possible to detect and block suspicious login attempts
more »
Piotr Bania has presented a concept which allows evasive measures used by packed malware to be circumvented
more »
Why does Windows tell me about Internet Explorer 8, but not about the new version of Adobe Reader, which fixes a critical security vulnerability that is already being actively exploited?
more »
Having examined some low cost USB crypto hard disks and found them disappointing we take a look at a more up-market product from Lenovo
more »
Web applications are always threatened by attacks that try to exploit programming weaknesses. The PHP-based, open source PHPIDS solution detects attempted intrusions and raises the alarm in case of a threat. The H offers some practical installation tips
more »
The H Security information page on Conficker is where you can find the latest stand-alone removal tools, news, scanners and tips about the Conficker worm.
more »
SRI International's Malware Threat Center has published a detailed examination of the new mechanisms within the Conficker-C worm
more »
The distribution of hand held, one-time-key 'card readers' led one research team to reverse engineer the underlying protocol and find a number of vulnerabilities
more »
Mozilla has changed the way Firefox 3 handles certificates, but not always for the better. A few modifications will sort things out - and give you more security
more »
Uploading images is a standard requirement for any Web 2.0 application, but some features of Internet Explorer need to be carefully handled, otherwise a hole can open up and facilitate cross-site scripting attacks on site visitors
more »
PayPal have recently introduced some new security options and say they are committed to helping their customers develop a more secure relationship to on-line transactions
more »
heise Security UK talk to Alex Eckleberry, CEO of Sunbelt about their its newest weapon in the battle against malware and what Windows 7 and Morro mean to anti-Malware vendors
more »
