In association with heise online

Security Features

21 June 2013
Content Security Policy halts XSS in its tracks

Content Security Policy halts XSS in its tracks Cross-site scripting (XSS) is one of the biggest problems faced by webmasters. The new Content Security Policy standard should finally provide some relief more »

17 May 2013
Skype's ominous link checking: Facts and speculation

Skype Listening In icon Our associate's discovery that URLs sent through Skype are then visited by Microsoft has caused quite a stir. A little more information has now emerged and leads to even more questions more »

22 February 2013
Macs in the crosshairs

Macs in the crosshairs General malware continues to focus mainly on Windows systems, but targeted attacks aim at whatever system the intended victim is using, and this is bringing Macs increasingly into the firing line more »

05 February 2013
Password protection for everyone

Password protection for everyone Those who heed well-intentioned recommendations and use a separate password for every service either require a photographic memory or the right techniques to keep the multitude of passwords under control more »

23 January 2013
Mega facts

Mega Facts Until now, little has been known about how cloud service Mega will work and how reliable it will be. Available documentation and some observations do, however, permit a few conclusions to be drawn more »

07 November 2012
Detecting CSRF vulnerabilities

Detecting CSRF Vulnerabilities When a malicious web page reconfigures a router or sets up forwarding in a webmail frontend, the culprit is usually a cross-site request forgery. OWASP's CSRFTester hunts down this kind of vulnerability more »

24 October 2012
Attacking TrueCrypt

Attacking TrueCrypt TrueCrypt is considered the software of choice for encrypting data. A small utility called TCHead systematically takes on this encryption more »

04 October 2012
iOS 6 closes configuration hole

iOS 6 closes configuration hole The recent iOS 6.0 release closes a critical security hole in the code for checking certificates that has been known about for nearly three years more »

26 September 2012
A death blow for PPTP

A death blow for PPTP PPTP is a common standard for safe, encoded internet use, but CloudCracker promises it can crack any PPTP connection - within a day, for $200. We tried it out with a real session more »

29 August 2012
The new Java 0day examined

Java 0Day A programming flaw renders Java's entire elaborate security model ineffective because the exploit simply disables the security components more »

07 June 2012
Comment: LinkedIn and its password problems

Key icon The networking company's approach to security is an absolute scandal. Users are expected to follow a ridiculously excessive set of rules, while the company fails to conform to the most basic standards. That needs to change more »

31 May 2012
FAQ: Flame, the "super spy"

FAQ: Flame, the "super spy" The spyware worm Flame is being built up as a "deadly cyber weapon", but a calmer analysis reveals it to be a tool by professionals for professionals that doesn't actually have that many new features more »

15 February 2012
Microsoft's struggle against bugs

Microsoft's struggle against bugs It has been ten years since Bill Gates famously emailed all Microsoft's employees declaring that data protection and system security should be the company's top priorities. Uli Ries describes the subsequent progress Microsoft has achieved in making its software more secure more »

03 October 2011
CSI:Internet - Open heart surgery

CSI:Internet The TDL4 rootkit is currently the most technically sophisticated piece of malware in existence. Our expert takes it apart piece by piece more »

12 September 2011
CSI:Internet - A trip into RAM

An online banking trojan has penetrated the system deeply, but a memory analysis still finds it more »

19 August 2011
CSI:Internet - Controlled from the beyond

CSI Internet When the boss's computer opens confidential emails remotely as if haunted, it is time to call the ghost busters or, even better, a professional forensic IT investigator. more »

17 August 2011
Rapid relief for osCommerce administrators

osCommerce logo osCommerce systems are currently being targeted by a mass hacking attack - online shop administrators need to act immediately. This article aims to help administrators to help themselves more »

15 August 2011
Mobile VPN: staying secure on the go

Many mobile apps transmit sensitive data in plain text leaving users' private information in the open. To keep this data secure, The H takes a look at some mobile VPN solutions for Apple's iPhone or Android-powered devices more »

03 August 2011
CSI:Internet - Living in SYN

S02E01: If a commercial online RPG's forum is taken down, it should set alarm bells ringing. Once the server is back up and running, it's time to set about tracking down the perpetrators more »

04 July 2011
Three iPhone and iPad security tips

You can't turn your iPhone into a tamper-proof data vault, but the following measures will make life considerably more difficult for thieves more »

04 July 2011
iOpener - How safe is your iPhone data?

iOpener The greatest current risk for iPhone owners is not viruses or malicious web pages, it is the danger that the phone might fall into someone else's hands. Although iPhones do offer elaborate security mechanisms, these mechanisms won't stand up to an imaginative hacker more »

20 June 2011
Storing passwords in uncrackable form

Uncrackable Given the right technique, administrators can store even weak passwords in such a way that attackers will fail even with the most modern cracking equipment more »

04 May 2011
IronBee, Community and SSL: An interview with Ivan Ristić

Ivan Ristić developed the open source web application firewall ModSecurity and wrote the book on securing Apache servers. He's now surveying SSL and heading up IronBee, a new web app firewall project. The H talks to him about how these projects are progressing and his thoughts on other security issues more »

28 April 2011
Treacherous metadata in company documents

FOCA vs Metadata The free tool Foca extracts the information that is hidden in document metadata from publicly available documents and images and it can be astonishing what is revealed more »

29 March 2011
CSP: Thwarting cross-site scripting and click-jacking attacks

Pointer Padlock Content Security Policies are designed to prevent cross-site scripting and other attack types. Firefox 4 is the first browser to support this new concept more »


  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit