The H Security

The H Week - Freedom, Clouds, Malware, Clever Exploits and Ubuntu betas

Sat, 20 Mar 2010 12:18:52 GMT

The H looked at freedom and the Cloud, how to track down malware, Munich's LiMux project, Microsoft and the W3C, Ubuntu 10.04's beta, Mac OS X and Virtual PC security and much

The H Week - Freedom, Clouds, Malware, Clever Exploits and Ubunu betas

Sat, 20 Mar 2010 12:04:32 GMT

The H looked at freedom and the Cloud, how to track down malware, Munich's LiMux project, Microsoft and the W3C, Ubuntu 10.04's beta, Mac OS X and Virtual PC security and much

Exploit's new technology trick dodges memory protection

Sat, 20 Mar 2010 08:09:08 GMT

A hacker who goes by the name "JDuck" has discovered the first malicious PDF files which use Return Oriented Programming to bypass Data Execution Prevention (DEP)

Exploit new technology trick from memory protection

Sat, 20 Mar 2010 07:49:08 GMT

A hacker who goes by the name "JDuck" has discovered the first malicious PDF files which use Return Oriented Programming to bypass Data Execution Prevention (DEP)

Mac OS X: "safer, but less secure" - Update

Fri, 19 Mar 2010 14:29:19 GMT

20 security holes in Apple software are about to be disclosed: Charlie Miller intends to present details of the vulnerabilities at the CanSecWest conference next week. The expert talked with heise Security about the security of Mac OS X beforehand

CA updates ARCserve Backup

Fri, 19 Mar 2010 12:04:26 GMT

An outdated Java runtime environment leaves security holes in the backup software

Exploit code with DNS tunnel

Fri, 19 Mar 2010 09:38:52 GMT

A hacker has written exploit code which can tunnel a shell connection through firewalls via DNS

Security updates for Drupal modules

Thu, 18 Mar 2010 15:09:37 GMT

Drupal's Email Input Filter, Keys and Tag Order modules contain security vulnerabilities, and should be updated to resolve this issue. The first at least is critical, as it can be exploited to penetrate a server

Mac OS X: "safer, but less secure"

Thu, 18 Mar 2010 15:04:09 GMT

Dispute about Virtual PC security holes

Thu, 18 Mar 2010 10:59:22 GMT

Does a software flaw which allows security safeguards to be bypassed count as a security hole in itself? Microsoft takes care to point out that it doesn't consider a recently published problem in Virtual PC a "vulnerability per se"

Security vulnerability in SpamAssassin filter module

Wed, 17 Mar 2010 18:14:21 GMT

Attackers are attempting to take control of mail servers, in particular those running Postfix and SpamAssassin, by exploiting a security vulnerability in the SpamAssassin Milter plug-in

Mozilla officially drops support for SeaMonkey 1.x

Wed, 17 Mar 2010 17:29:02 GMT

Mozilla has announced that it is officially discontinuing support for the 1.x branch of its SeaMonkey "all-in-one internet application suite", the successor to the old Netscape Communicator and Mozilla Application suites

Botnet with integrated copy protection

Wed, 17 Mar 2010 12:24:07 GMT

The current version of the commercial ZeuS botnet server software uses a licence management system to prevent pirate copying

Firefox 3.0 approaches end-of-life

Wed, 17 Mar 2010 10:49:28 GMT

Mozilla has confirmed that, following the release of version 3.0.19 of its popular open source Firefox web browser, there will be no more updates to the 3.0.x branch

Tracking down malware

Mon, 15 Mar 2010 17:18:43 GMT

Criminals use various methods to camouflage the traces of their malicious software on the internet. However, their paths can be retraced using special tools to identify the vulnerability the malware exploited to enter a system

Simple workarounds for latest IE security vulnerability

Mon, 15 Mar 2010 15:39:10 GMT

Two fix-it tools from Microsoft help users set-up workarounds which prevent exploitation of a critical security vulnerability in Internet Explorer

The H Week - Faster password cracking and Linux 2.6.34 in testing

Sat, 13 Mar 2010 12:05:21 GMT

On The H this week; FOSS at CeBIT, Linux 2.6.34 in testing, new faces at the W3C and OSI, SCO vs. Linux continues, ZigBee hacking, SSD accelerated password cracking, smartphone malware and Mandriva's health checked

Safari 4.0.5 patches 16 holes

Fri, 12 Mar 2010 13:03:44 GMT

Apple has released Safari 4.0.5, an update which addresses sixteen vulnerabilities in the browser, along with a number of stability and performance improvements

Google Chrome to do away with unique IDs

Fri, 12 Mar 2010 12:44:25 GMT

From version 4.1, Chrome will delete the ID token immediately after it is run for the first time – a symbolic step which takes the wind out of critics' sails

ICANN boss creates a stir with DNS security warning

Fri, 12 Mar 2010 10:04:50 GMT

By warning of acute danger to the domain name system, ICANN boss Rod Beckstrom has incurred the displeasure of domain operators. They are concerned that governments could get the wrong end of the stick

SecurityFocus to partially shut down

Fri, 12 Mar 2010 09:44:13 GMT

Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online

Exploit for new IE hole

Thu, 11 Mar 2010 12:43:58 GMT

A public exploit for the new hole in Internet Explorer 6 and 7 has become available. This will probably force Microsoft to release an out-of-cycle patch

Vodafone sold an Android smartphone infected with Mariposa

Wed, 10 Mar 2010 16:34:00 GMT

Vodafone Spain sold a HTC Magic Android smartphone which had the Mariposa bot installed on its memory card

Password cracker 100 times faster with an SSD

Wed, 10 Mar 2010 14:33:40 GMT

The security specialist Objectif Sécurité has optimised its rainbow tables - a common tool used to crack password hashes - to make use of SSDs

Attacks on newly discovered vulnerability in IE 6 and 7

Wed, 10 Mar 2010 12:59:08 GMT

Microsoft warns of an unpatched vulnerability in Internet Explorer 6 and 7, which is already being actively exploited in targeted attacks to infect Windows PCs with a Trojan