Security Features
Cross-site scripting (XSS) is one of the biggest problems faced by webmasters. The new Content Security Policy standard should finally provide some relief
more »
Our associate's discovery that URLs sent through Skype are then visited by Microsoft has caused quite a stir. A little more information has now emerged and leads to even more questions
more »
General malware continues to focus mainly on Windows systems, but targeted attacks aim at whatever system the intended victim is using, and this is bringing Macs increasingly into the firing line
more »
Those who heed well-intentioned recommendations and use a separate password for every service either require a photographic memory or the right techniques to keep the multitude of passwords under control
more »
Until now, little has been known about how cloud service Mega will work and how reliable it will be. Available documentation and some observations do, however, permit a few conclusions to be drawn
more »
When a malicious web page reconfigures a router or sets up forwarding in a webmail frontend, the culprit is usually a cross-site request forgery. OWASP's CSRFTester hunts down this kind of vulnerability
more »
TrueCrypt is considered the software of choice for encrypting data. A small utility called TCHead systematically takes on this encryption
more »
The recent iOS 6.0 release closes a critical security hole in the code for checking certificates that has been known about for nearly three years
more »
PPTP is a common standard for safe, encoded internet use, but CloudCracker promises it can crack any PPTP connection - within a day, for $200. We tried it out with a real session
more »
A programming flaw renders Java's entire elaborate security model ineffective because the exploit simply disables the security components
more »
The networking company's approach to security is an absolute scandal. Users are expected to follow a ridiculously excessive set of rules, while the company fails to conform to the most basic standards. That needs to change
more »
The spyware worm Flame is being built up as a "deadly cyber weapon", but a calmer analysis reveals it to be a tool by professionals for professionals that doesn't actually have that many new features
more »
It has been ten years since Bill Gates famously emailed all Microsoft's employees declaring that data protection and system security should be the company's top priorities. Uli Ries describes the subsequent progress Microsoft has achieved in making its software more secure
more »
The TDL4 rootkit is currently the most technically sophisticated piece of malware in existence. Our expert takes it apart piece by piece
more »
An online banking trojan has penetrated the system deeply, but a memory analysis still finds it
more »
When the boss's computer opens confidential emails remotely as if haunted, it is time to call the ghost busters or, even better, a professional forensic IT investigator.
more »
osCommerce systems are currently being targeted by a mass hacking attack - online shop administrators need to act immediately. This article aims to help administrators to help themselves
more »
Many mobile apps transmit sensitive data in plain text leaving users' private information in the open. To keep this data secure, The H takes a look at some mobile VPN solutions for Apple's iPhone or Android-powered devices
more »
S02E01: If a commercial online RPG's forum is taken down, it should set alarm bells ringing. Once the server is back up and running, it's time to set about tracking down the perpetrators
more »
You can't turn your iPhone into a tamper-proof data vault, but the following measures will make life considerably more difficult for thieves
more »
The greatest current risk for iPhone owners is not viruses or malicious web pages, it is the danger that the phone might fall into someone else's hands. Although iPhones do offer elaborate security mechanisms, these mechanisms won't stand up to an imaginative hacker
more »
Given the right technique, administrators can store even weak passwords in such a way that attackers will fail even with the most modern cracking equipment
more »
Ivan Ristić developed the open source web application firewall ModSecurity and wrote the book on securing Apache servers. He's now surveying SSL and heading up IronBee, a new web app firewall project. The H talks to him about how these projects are progressing and his thoughts on other security issues
more »
The free tool Foca extracts the information that is hidden in document metadata from publicly available documents and images and it can be astonishing what is revealed
more »
Content Security Policies are designed to prevent cross-site scripting and other attack types. Firefox 4 is the first browser to support this new concept
more »