The H Security

The H Roundup for the week ending 4 February

Sat, 04 Feb 2012 11:59:00 GMT

In the last seven days: a critical hole in PHP was closed, Ubuntu 12.04 Alpha 2 arrived and there was controversy around a Busybox alternative. Also Debian 7.0 will use the 3.2 kernel, VLC 2.0 gets ready to bloom and Wayland 1.0 approaches

Google's Bouncer scans the Android Market for Malware

Fri, 03 Feb 2012 11:49:00 GMT

Google has disclosed that it has, for the last year, been using a system called Bouncer to scan the Android Market for malware and says there was a 40% decline in downloads of malicious software in 2011

MSUpdate trojan attacked companies in the defence sector

Fri, 03 Feb 2012 10:34:00 GMT

The lure was a well-made invitation to a prestigious conference which then injected spyware into employee's computers

Break-ins at domain registrar VeriSign in 2010

Thu, 02 Feb 2012 21:36:00 GMT

In late 2011, the US corporation notified the authorities of several intrusions into its IT systems in 2010. However, no important information is believed to have been stolen

Critical PHP vulnerability being fixed - Update

Thu, 02 Feb 2012 17:04:00 GMT

The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known

Critical PHP vulnerability being fixed

Thu, 02 Feb 2012 17:04:00 GMT

The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known

Report: Kelihos botnet making a comeback - Update

Thu, 02 Feb 2012 12:34:00 GMT

Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques

Report: Kelihos botnet making a comeback

Thu, 02 Feb 2012 12:34:00 GMT

Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques

HTC Android phones expose Wi-Fi passwords to apps

Thu, 02 Feb 2012 11:51:00 GMT

Android applications running on some HTC smartphones can access the passwords of the Wi-Fi networks they are connected to and potentially send that information to third parties. HTC has release updates for the affected devices

Apple releases Mac OS X 10.7.3

Thu, 02 Feb 2012 10:41:00 GMT

The company has released Mac OS X 10.7.3 and, for users who have yet to upgrade from 10.6.8 to Lion, Security Update 2012-001. The updates address more than 50 security vulnerabilities that could be exploited to, for example, remotely execute arbitrary code

Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey

Wed, 01 Feb 2012 11:17:00 GMT

Mozilla has detailed the security fixes included in the recent updates to its Firefox web browser, Thunderbird email client and SeaMonkey suite. Version 10.0 of Firefox, for example, closes 8 holes, 5 of which are rated as critical

Hacker extracts RFID credit card details

Wed, 01 Feb 2012 10:25:00 GMT

At a conference, Kristin Paget demonstrated how easily RFID-enabled credit cards can be used to make a payment without requiring any card owner interaction

The H Roundup for the week ending 14 January

Tue, 31 Jan 2012 23:00:53 GMT

In the last seven days: a million installs of CyanogenMod and 15 million lines of code in Linux. Also Firefox for enterprises, Python for Android and fresh Firebug

Data stolen from Japanese space agency

Tue, 31 Jan 2012 23:00:53 GMT

Malware that appears to have diverted sensitive data to external recipients was found on a staff computer

Customer data exposed in Zappos.com breach

Tue, 31 Jan 2012 23:00:53 GMT

US-based online shoe and apparel shop Zappos.com, a subsidiary of Amazon.com, has confirmed that the private data of its more than 24 million customers was exposed in an attack on its servers

Linux developers fix a homemade network problem

Tue, 31 Jan 2012 23:00:53 GMT

Current Linux systems can quite easily be crashed remotely by a particular combination of IGMP packets

US legislation to strengthen mobile data protection proposed

Tue, 31 Jan 2012 14:50:00 GMT

Post the Carrier IQ controversy, a legislative initiative aims to give US mobile phone users more control over their data. In future, users would have to explicitly consent to the installation of information-collecting software

Security hole in Sudo's debug option closed

Tue, 31 Jan 2012 10:44:00 GMT

The addition of a debug option to the widely used sudo command introduced a flaw which could allow an attacker to gain root privileges by using a symbolic link to change the name of the command

Symantec's trojan warning criticised as scaremongering

Mon, 30 Jan 2012 15:31:00 GMT

What Symantec calls malware is really applications participating in an aggressive ad network says Lookout security

Git 1.7.9 offers more secure modification requests

Mon, 30 Jan 2012 12:32:00 GMT

The new technology for signing Git pull requests is an indirect consequence of the break-in at kernel.org.

Rootkit has rhythm

Mon, 30 Jan 2012 11:39:00 GMT

MIDI music on web pages is providing the soundtrack to malware exploiting a vulnerability in Windows multimedia to install a rootkit

Samba update closes DoS hole

Mon, 30 Jan 2012 10:57:00 GMT

A small memory leak on every connection to the Samba file sharing daemon could be exploited to create a denial of service. A patch and an update have been released

Android games contain malware

Mon, 30 Jan 2012 09:51:00 GMT

Symantec warns that 13 Android apps are infected with malware that accesses data on smartphones and tablets and changes the start page in the browser

The H Roundup for the week ending 28 January

Sat, 28 Jan 2012 11:59:00 GMT

In the last seven days: Linux 3.3 goes into testing, Ubuntu 12.04 gets a new HUD and a Linux root exploit surfaced. Also KDE 4.8 and a stable release of Cinnamon arrived, jSlate was open sourced and the 6502 microprocessor relaunched

Cisco Security Appliances at risk from Telnet bug

Fri, 27 Jan 2012 16:21:00 GMT

Attackers can remotely execute code with system privileges as a result of a known bug in Telnet daemon telnetd