The H Security

Trustwave issued a man-in-the-middle certificate

Tue, 07 Feb 2012 19:02:00 GMT

Certificate authority Trustwave issued a CA certificate to a company allowing it to issue certificates for any server, thereby enabling it to listen in on encrypted data sent and received by its staff

Adobe releases beta version of sandboxed Flash for Firefox

Tue, 07 Feb 2012 12:44:00 GMT

Protected Mode is designed to significantly improve the security of Flash in Firefox and a beta version is now available for download

RealPlayer update closes critical holes

Tue, 07 Feb 2012 11:10:00 GMT

Version 15.02.71 of RealPlayer addresses seven remote code execution vulnerabilities that could be exploited by an attacker to compromise a victim's system. The company advises all users to upgrade

Sandbox applications quickly with KVM or LXC

Tue, 07 Feb 2012 10:32:00 GMT

At FOSDEM, Daniel Berrange presented libvirt-sandbox, which sandboxes programs in a VM or a container without first requiring the user to set up an operating system there

Google wants to do away with online certificate checks

Tue, 07 Feb 2012 09:47:00 GMT

Google plans to get rid of online checks for SSL certificate validity in Chrome soon, because they don't work properly

Joomla! updates close information disclosure holes

Mon, 06 Feb 2012 17:13:00 GMT

Versions 1.7.5 and 2.5.1 of the open source content management system close two information disclosure vulnerabilities; the update to Joomla! 2.5.x also fixes 30 bugs found in the prevoius release

Backdoor in TRENDnet IP cameras

Mon, 06 Feb 2012 12:38:00 GMT

Some TRENDnet IP cameras permit anyone to view the rooms being monitored by the camera, whether or not an access password has been created. Lists of openly accessible camera streams are circulating

German government makes recommendations for secure Windows PCs

Mon, 06 Feb 2012 09:10:00 GMT

Anti-virus software, backups, updates, an alternative browser and a healthy level of mistrust are the main components of the German Federal Office of Information Security's (BSI's) PC security concept

The H Roundup for the week ending 4 February

Sat, 04 Feb 2012 11:59:00 GMT

In the last seven days: a critical hole in PHP was closed, Ubuntu 12.04 Alpha 2 arrived and there was controversy around a Busybox alternative. Also Debian 7.0 will use the 3.2 kernel, VLC 2.0 gets ready to bloom and Wayland 1.0 approaches

Google's Bouncer scans the Android Market for Malware

Fri, 03 Feb 2012 11:49:00 GMT

Google has disclosed that it has, for the last year, been using a system called Bouncer to scan the Android Market for malware and says there was a 40% decline in downloads of malicious software in 2011

MSUpdate trojan attacked companies in the defence sector

Fri, 03 Feb 2012 10:34:00 GMT

The lure was a well-made invitation to a prestigious conference which then injected spyware into employee's computers

Break-ins at domain registrar VeriSign in 2010

Thu, 02 Feb 2012 21:36:00 GMT

In late 2011, the US corporation notified the authorities of several intrusions into its IT systems in 2010. However, no important information is believed to have been stolen

Critical PHP vulnerability being fixed - Update

Thu, 02 Feb 2012 17:04:00 GMT

The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known

Critical PHP vulnerability being fixed

Thu, 02 Feb 2012 17:04:00 GMT

The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known

Report: Kelihos botnet making a comeback - Update

Thu, 02 Feb 2012 12:34:00 GMT

Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques

Report: Kelihos botnet making a comeback

Thu, 02 Feb 2012 12:34:00 GMT

Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques

HTC Android phones expose Wi-Fi passwords to apps

Thu, 02 Feb 2012 11:51:00 GMT

Android applications running on some HTC smartphones can access the passwords of the Wi-Fi networks they are connected to and potentially send that information to third parties. HTC has release updates for the affected devices

Apple releases Mac OS X 10.7.3

Thu, 02 Feb 2012 10:41:00 GMT

The company has released Mac OS X 10.7.3 and, for users who have yet to upgrade from 10.6.8 to Lion, Security Update 2012-001. The updates address more than 50 security vulnerabilities that could be exploited to, for example, remotely execute arbitrary code

Mozilla closes critical holes in Firefox, Thunderbird and SeaMonkey

Wed, 01 Feb 2012 11:17:00 GMT

Mozilla has detailed the security fixes included in the recent updates to its Firefox web browser, Thunderbird email client and SeaMonkey suite. Version 10.0 of Firefox, for example, closes 8 holes, 5 of which are rated as critical

Hacker extracts RFID credit card details

Wed, 01 Feb 2012 10:25:00 GMT

At a conference, Kristin Paget demonstrated how easily RFID-enabled credit cards can be used to make a payment without requiring any card owner interaction

The H Roundup for the week ending 14 January

Tue, 31 Jan 2012 23:00:53 GMT

In the last seven days: a million installs of CyanogenMod and 15 million lines of code in Linux. Also Firefox for enterprises, Python for Android and fresh Firebug

Data stolen from Japanese space agency

Tue, 31 Jan 2012 23:00:53 GMT

Malware that appears to have diverted sensitive data to external recipients was found on a staff computer

Customer data exposed in Zappos.com breach

Tue, 31 Jan 2012 23:00:53 GMT

US-based online shoe and apparel shop Zappos.com, a subsidiary of Amazon.com, has confirmed that the private data of its more than 24 million customers was exposed in an attack on its servers

Linux developers fix a homemade network problem

Tue, 31 Jan 2012 23:00:53 GMT

Current Linux systems can quite easily be crashed remotely by a particular combination of IGMP packets

US legislation to strengthen mobile data protection proposed

Tue, 31 Jan 2012 14:50:00 GMT

Post the Carrier IQ controversy, a legislative initiative aims to give US mobile phone users more control over their data. In future, users would have to explicitly consent to the installation of information-collecting software