In association with heise online

Security Features

15 March 2010
Tracking down malware

Malware on the couch Criminals use various methods to camouflage the traces of their malicious software on the internet. However, their paths can be retraced using special tools to identify the vulnerability the malware exploited to enter a system more »

25 January 2010
Shortened-breaks

Network Teaser Logo When people click on short URLs from services like bit.ly or tr.im, they don't always know where they'll land until they've actually arrived. The next generation of short URLs even go one step further more »

22 January 2010
SSL for free - step by step

SSL Teaser Israeli vendor StartSSL offers free SSL server certificates that are valid for a year. This article explains how to apply for a certificate for a domain and install it on the server more »

10 November 2009
Inside the Security Operations Center

In its Security Operations Center (SOC), Symantec remotely monitors its clients' networks for signs of hacking and suspicious activity. We've taken a look inside the SOC more »

22 September 2009
Testing email with encryption

SSL plumbing It can be very useful to be able to talk directly with your SMTP or IMAP server for diagnostic purposes. Things get a bit more complicated when encryption rears its ugly head, but with the right tools, it doesn't have to be a black art more »

19 August 2009
Hacking at Random: more bandwidth, more far-sightedness, more future

Hacking at Random logo The hackers' summer camp has ended without any major events or serious injuries. Inspired by the event the activists have dispersed back into society. Whether these people are really at the centre of the political fight for freedom remains to be seen more »

4 August 2009
All Around My (Black) Hat

Black Hat Logo Wendy Grossman reports on the proceedings at the Black Hat security conference 2009 more »

24 July 2009
Protecting SSH from brute force attacks

Armouring SSH Using just open source tools and a few tweaks, it is possible to detect and block suspicious login attempts more »

26 May 2009
Worth Reading: Analysing packed malware

Piotr Bania has presented a concept which allows evasive measures used by packed malware to be circumvented more »

26 May 2009
My wish list for Windows 7: updates for everything

Why does Windows tell me about Internet Explorer 8, but not about the new version of Adobe Reader, which fixes a critical security vulnerability that is already being actively exploited? more »

1 May 2009
A secure USB disk from Lenovo

Having examined some low cost USB crypto hard disks and found them disappointing we take a look at a more up-market product from Lenovo more »

1 May 2009
Getting started with the PHPIDS intrusion detection system

Web applications are always threatened by attacks that try to exploit programming weaknesses. The PHP-based, open source PHPIDS solution detects attempted intrusions and raises the alarm in case of a threat. The H offers some practical installation tips more »

3 April 2009
The H Security Conficker information site

The H Security information page on Conficker is where you can find the latest stand-alone removal tools, news, scanners and tips about the Conficker worm. more »

21 March 2009
Worth Reading: An Analysis of Conficker-C

SRI International's Malware Threat Center has published a detailed examination of the new mechanisms within the Conficker-C worm more »

16 March 2009
Worth Reading: Optimised to fail - Card Readers for online banking

The distribution of hand held, one-time-key 'card readers' led one research team to reverse engineer the underlying protocol and find a number of vulnerabilities more »

11 March 2009
The right way to handle encryption with Firefox 3

Mozilla has changed the way Firefox 3 handles certificates, but not always for the better. A few modifications will sort things out - and give you more security more »

11 February 2009
Risky MIME sniffing in Internet Explorer

Uploading images is a standard requirement for any Web 2.0 application, but some features of Internet Explorer need to be carefully handled, otherwise a hole can open up and facilitate cross-site scripting attacks on site visitors more »

9 February 2009
The PayPal approach to customer security

PayPal have recently introduced some new security options and say they are committed to helping their customers develop a more secure relationship to on-line transactions more »

5 February 2009
New VIPRE fangs - An interview with Sunbelt CEO Alex Eckelberry

heise Security UK talk to Alex Eckleberry, CEO of Sunbelt about their its newest weapon in the battle against malware and what Windows 7 and Morro mean to anti-Malware vendors more »

3 February 2009
Cracking budget encryption

Our previous experience with hardware encryption has shown that budget is equivalent to useless. Raidon's Staray S series doesn't seem to be an exception. This article explains how we conducted our analysis more »

9 January 2009
Cheap Cracks - Of dictionaries and rainbows

Modern cryptological attacks can crack mobile phone calls, as well as debit and credit cards, in seconds. The trick is to find a practical compromise between computing time and memory space with the help of precomputed tables more »

7 January 2009
Consequences of the successful MD5 attacks

At the end of 2008, an international team of researchers forged a Certification Authority certificate. This has far-reaching consequences and has, therefore, created a fair deal of confusion about the actual practical implications more »

12 December 2008
Rogue anti-virus products

Some unscrupulous suppliers are selling rogue anti-virus products by using a gamut of false positives to frighten unsuspecting users into believing their PCs are infected. Reports even suggest that these programs have taken to carrying their own Trojans more »

12 December 2008
Worth Reading: Browser Security Handbook

The Browser Security Handbook is a reference on browser security features for developers and security experts more »

9 September 2008
USB stick with hardware AES encryption has been cracked

Whether you are talking about certification or 256-bit AES, even the best encryption is compromised if a subsequently added function renders the password vulnerable more »






The H open source

The H Security

The H Internet Toolkit