The H Security

NetBSD 6.1 and 6.0.2 released

Mon, 20 May 2013 11:09:00 GMT

Among the enhancements in NetBSD 6.1 is support for the Raspberry Pi's USB and onboard Ethernet, along with security and bug fixes. The same fixes are also in the newly released 6.0.2

Search engine available for Internet Census 2012 data

Mon, 20 May 2013 09:01:00 GMT

A convenient online search facility is now available for the enormous amount of data that was accumulated during a port scan of the entire internet

The H Roundup - Skype surveillance, Linux exploit & Android Studio

Sat, 18 May 2013 10:58:00 GMT

In the week ending 18 May Microsoft is reading what you type in Skype's chat, an exploit for the Linux kernel is discovered, Google unveils its new IDE for developing Android applications, and the International Space Station is using more Linux

Lost+Found: Hacking Smart TVs, scammer hotlines and Vaccination

Fri, 17 May 2013 15:59:00 GMT

On The H's radar over the last seven days: Samsung's Smart TV software, phone scammers with their own hotline, tricking malware with Vaccination, Qualcomm is pre-installing Kaspersky on Android phones and Twitter account security

Skype's ominous link checking: facts and speculation

Fri, 17 May 2013 15:13:00 GMT

Our associate's discovery that URLs sent through Skype are then visited by Microsoft has caused quite a stir. A little more information has now emerged and leads to even more questions

Mac spyware takes screenshots

Fri, 17 May 2013 14:42:00 GMT

A newly found item of Mac malware appears to have been signed by its creator but is apparently unable to deliver its cache of screenshots to the two command and control servers it is meant to connect to

ownCloud fixes critical security vulnerabilities

Fri, 17 May 2013 10:08:00 GMT

The ownCloud developers have released versions 5.0.6, 4.0.15, and 4.5.11 to fix a number of serious vulnerabilities in their software including SQL injection, code execution and privilege escalation problems

LulzSec trial: sentence handed down for UK hackers

Thu, 16 May 2013 22:20:00 GMT

Four hackers from the infamous group LulzSec were sentenced in the UK today. Three of them are facing prison, while the fourth got a suspended sentence

Catching hackers with virtual industrial plants

Thu, 16 May 2013 15:59:00 GMT

What is someone scanning the internet for easily accessible industrial plants actually up to? The SCADA honeypot Conpot can help supply answers to that question

zPanel hacked after support team member insults forum user

Thu, 16 May 2013 15:20:00 GMT

The zPanel server is unavailable at the moment, most likely as a result of a hacker attack brought on by a member of the support team who swore at a forum user

RIPE: Attacks on domain name systems are on the increase

Thu, 16 May 2013 14:22:00 GMT

At the meeting of the RIPE IP address registry, discussions revolved around how to get black sheep to implement overdue security measures

Fraunhofer FOKUS institute releases Fuzzino fuzzing library

Thu, 16 May 2013 09:17:00 GMT

To avoid the need to develop new fuzz testing tools, researchers at Fraunhofer FOKUS institute have created the Fuzzino open source fuzzing library that can be used to add fuzzing features to existing test tools

Exploit for local Linux kernel bug in circulation - Update

Wed, 15 May 2013 21:43:00 GMT

A bug that was fixed in the development branch of the kernel back in April was not identified as being security relevant and can therefore still be exploited on many systems

Exploit for local Linux kernel bug in circulation

Wed, 15 May 2013 21:43:00 GMT

A bug that was already fixed in the development branch of the kernel back in April was not identified as being security relevant and can therefore still be exploited on many systems

New Yorker opens Strongbox - a Tor-based anonymous drop site

Wed, 15 May 2013 16:15:00 GMT

The magazine's anonymous drop site is based on DeadDrop, developed by the late Aaron Swartz. Anonymity is in part ensured by only accepting connections via the Tor project's network

Mozilla's Firefox update fixes three critical holes

Wed, 15 May 2013 11:26:00 GMT

Critical holes are also closed in Mozilla's Firefox ESR, Thunderbird and Thunderbird ESR, along with fixes for high severity issues; one of the high severity issues is a local privilege escalation through Mozilla's Maintenance Service

Oracle to change Java version numbers

Wed, 15 May 2013 10:03:00 GMT

With an increase in security updates and a need to schedule non-security changes predictably, Oracle has decided to rework how Java updates get a version number

Microsoft closes 33 security holes in May

Wed, 15 May 2013 09:30:00 GMT

The company has fixed a critical hole in Internet Explorer that is already being exploited by attackers, and patched vulnerabilities in all versions of Windows, in Office, in Windows Essentials, and in other components

Urgent security patches for ColdFusion, Adobe Reader, Acrobat and Flash

Wed, 15 May 2013 08:51:00 GMT

Adobe's May Patch Tuesday brings a flurry of security updates that close various critical security holes. Administrators who manage ColdFusion servers should act immediately; the remaining updates should also be installed as soon as possible

Skype with care Microsoft is reading everything you write

Tue, 14 May 2013 13:50:00 GMT

If you thought Skype messaging was private, think again. The H's associates at heise Security have discovered that Skype/Microsoft analyses all data sent using the service

AP news agency spied on by US government

Tue, 14 May 2013 13:14:00 GMT

Associated Press has accused the US government of secretly and illegally obtaining phone records for 20 of the news agency's phone lines

Deutsche Telekom launches online code vulnerability scanner

Tue, 14 May 2013 12:31:00 GMT

The Developer Garden Code Analyzer enables developers to find security vulnerabilities in their web applications and mobile apps. It supports many different languages and is available in three pricing tiers

Name.com domain registrar hacked

Mon, 13 May 2013 13:45:00 GMT

Unknown intruders gained access to the registrar's customer database, including customers' credit card details. Name.com is thought to manage around 500,000 domains

Microsoft warns of Facebook-hijacking extensions

Mon, 13 May 2013 11:21:00 GMT

Browsers are being hijacked by extensions delivered with trojan droppers that are using victim's Facebook accounts to like and comment on behalf of criminals with

The H Roundup - Debian 7, Blender 2.67 and your next language

Sat, 11 May 2013 10:58:00 GMT

In the week ending 11 May Your next programming language, Debian Wheezy is released, Blender now renders models in cartoon style, hackers gain access to all .edu domains, and Linux is the "benchmark of quality"