Security Features
The TDL4 rootkit is currently the most technically sophisticated piece of malware in existence. Our expert takes it apart piece by piece
more »
An online banking trojan has penetrated the system deeply, but a memory analysis still finds it
more »
When the boss's computer opens confidential emails remotely as if haunted, it is time to call the ghost busters or, even better, a professional forensic IT investigator.
more »
osCommerce systems are currently being targeted by a mass hacking attack - online shop administrators need to act immediately. This article aims to help administrators to help themselves
more »
Many mobile apps transmit sensitive data in plain text leaving users' private information in the open. To keep this data secure, The H takes a look at some mobile VPN solutions for Apple's iPhone or Android-powered devices
more »
S02E01: If a commercial online RPG's forum is taken down, it should set alarm bells ringing. Once the server is back up and running, it's time to set about tracking down the perpetrators
more »
You can't turn your iPhone into a tamper-proof data vault, but the following measures will make life considerably more difficult for thieves
more »
The greatest current risk for iPhone owners is not viruses or malicious web pages, it is the danger that the phone might fall into someone else's hands. Although iPhones do offer elaborate security mechanisms, these mechanisms won't stand up to an imaginative hacker
more »
Given the right technique, administrators can store even weak passwords in such a way that attackers will fail even with the most modern cracking equipment
more »
Ivan Ristić developed the open source web application firewall ModSecurity and wrote the book on securing Apache servers. He's now surveying SSL and heading up IronBee, a new web app firewall project. The H talks to him about how these projects are progressing and his thoughts on other security issues
more »
The free tool Foca extracts the information that is hidden in document metadata from publicly available documents and images and it can be astonishing what is revealed
more »
Content Security Policies are designed to prevent cross-site scripting and other attack types. Firefox 4 is the first browser to support this new concept
more »
Heise's new Mac & i magazine recently interviewed Charlie Miller and Dino Dai Zovi, co-authors of “The Mac Hacker's Handbook”. Both are well known amongst hackers for their exploits against the Apple Mac software environment. The H presents that interview in full
more »
Anonymous has hacked a US security business which had threatened to pass the names of key members of the organisation to the FBI. The story contains many interesting angles
more »
If you're worried about the veracity of a website or file, services like VirusTotal can give you virus check results and analysis – with the right tools, even before any bad stuff finds its way onto your system
more »
The dream team of data execution prevention (DEP) and address space layout randomisation (ASLR) was long considered an almost insurmountable barrier for attackers. Then along came JIT spraying to move the goalposts and get attackers back in the game
more »
Some security tools offer real protection while others can safely be dispensed with. This guide offers tips on how to achieve optimum all-round protection that won't become unduly intrusive
more »
Microsoft's EMET tool activates extra protection mechanisms included in recent versions of Windows, which are able to frustrate many attacks which exploit security vulnerabilities in applications. As ever though, the devil is in the detail
more »
The free HAVP proxy, combined with free virus scanners for Linux, reduces the risk of falling prey to attacks when browsing the internet on a Windows PC. Its installation is anything but rocket science
more »
To find a real iPhone video instead of the one that turned out to be a trojan yesterday, I'm entering "new iPhone video" into Google. One of the top links promises an "exclusive preview"; it leads to a web page with a video - but what's going on there? This one isn't working, either!
more »
"Have you broken the computer again? It won't play this video of the new iPhone!" It's been a long day and I don't really feel like troubleshooting, but when she's in this sort of mood, the administrator had better jump to it. And at home, the administrator is me.
more »
Tom sends me something on 'NTFS internals' – technical details of the Windows file system implementation. How did he know this had been sitting on my to-do list for ages? Had I mentioned it at lunch? Curious, I open the attached PDF
more »
One morning when checking my emails, one subject line really drew my attention: "Air France Flight 447 (crash pictures)". The email claimed that images on the camera memory stick of a passenger on the crashed plane had been successfully reconstructed and could now be viewed in the attached PowerPoint presentation. When someone is trying that hard, my alarms go off
more »
As I'm selecting a pizza on the website of my favourite pizza service, my anti-virus scanner raises the alarm: It claims to have found and removed a "trojan.backdoor". Let's see what's going on here
more »
According to a Google security blog post by developer Michal Zalewski, Google's new, free Skipfish scanner is designed to be fast and easy to use while incorporating the latest in cutting-edge security logic. Felix 'FX' Lindner examines Skipfish to see how well it compares to other tools used to check web site integrity.
more »
