News (258)
Attack code released for IE hole
Exploit code for a new flaw in Internet Explorer could put systems at risk of remote attack, security experts warned Monday in the United States. Read more »
Attack code out for Apple flaw
Attack code that exploits a flaw in Apple Computer's Mac OS X was publicly released Wednesday in the US, increasing the urgency to patch. Read more »
Patched Oracle database 'still vulnerable'
The latest update for Oracle 10g Release 2 does not plug a hole that allows published attack code to run, according to a security researcher. Read more »
Survey: Linux programmers yawn at SCO
A new survey has found that 73 percent of Linux programmers believe the SCO Group's legal attacks on the open-source operating system lack merit. Read more »
Berners-Lee: Web security still a fight
Sir Tim Berners-Lee, credited as the inventor of the Web, has described online security as a "never-ending battle". Read more »
Fedora reboots updates after hack
The Red Hat-supported Fedora Project has started issuing updates to its Linux distribution again, after a hiatus of several weeks caused by a hacker break-in. Read more »
Developers take Linux attacks to heart
A handful of recent online attacks on free and open-source software servers has open-source developers looking over their shoulders. Read more »
Malware on 'trusted' websites has quadrupled
The amount of web-based malware hosted by trusted websites has increased by over 400 percent since last year, according to security vendor ScanSafe. Read more »
Shell scripting flaw opens OS X to attack
A flaw in the way the Mac operating system handles downloaded files with fake file extensions opens the door to all kinds of nastiness. Read more »
Microsoft: Vista UAC designed to 'annoy users'
A Microsoft manager has said one of the security features in Vista was deliberately designed to "annoy users" in order to put pressure on third-party software makers to make their applications more secure. Read more »
Features (63)
Develop secure software at the application level
Protect your application from input overflow and underflow attacks, and from other common tactics with these development techniques. Read more »
Develop applications that prevent intrusion
Designing secure applications requires developers to look beyond their own code. Accessing APIs or COM objects or establishing system privileges can result in security vulnerabilities that can be prevented. Read more »
CGI wrappers for Apache-based apps can boost security
CGI scripts represent a big potential security risk in Web development, but using CGI wrappers can help insulate your servers from attack. Here's an outline of how to create CGI wrappers to protect an Apache Web server. Read more »
Glitch in C++ libraries allows a DoS attack against ISAPI
The Microsoft Foundation Classes static library contains flaws that make ISAPI extensions vulnerable to DoS attacks. Find out why this illustrates a major challenge for developers who need to produce secure applications. Read more »
New weapons in the war against DoS attacks
Industry watchdog groups are warning that denial of service attacks are becoming more destructive each year. Learn about some new tools you can add to your arsenal of DoS defenses to help safeguard your enterprise. Read more »
Security through obscurity won't secure your code
Most applications use some form of security through obscurity, but you should avoid it when writing your apps. ZDNet Australia offers these tips on how to tighten up your code. Read more »
Follow these steps to secure your data layer
A secure data layer is essential for a truly secure application. Learn how to nurture a secure environment for the pivotal Data tier of your application with the correct tools. Read more »
How to build secure ASP.NET applications
ASP.NET provides several ways to protect your Web-based app from attack. Here's an overview of authentication, authorisation, and role-based security. Read more »
Ten commandments for the security-conscious programmer
Here are the steps from Builder AU that you should take to keep hackers and other security threats at bay. Read more »
Make managed code work with .NET's CAS
Developers and administrators can set permission and trust levels with code access security (CAS), while allowing the code to execute effectively. Read more »
Blog (6)
AJAX applications and security
-- Douglas Crockford, the creator of JSON, gave a talk entitled "AJAX Security" at the recent Web Directions South conference. In this talk, Crockford discussed some of the security concerns with AJAX applications and what can be done to address them. Read more »
The 2008 Trends and Threats to Internet security
-- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »
Anti-Virus software hit with 6 critical vulnerabilities
-- Kaspersky Labs announced over easter that their latest maintenance pack fixes six critical security vulnerabilities in their anti-virus software. The security flaws affect the Anti-Virus 6.0 and Internet Security products, including both the workstation and server editions. Read more »
Application Threat Modeling v2
-- Threat Modeling has become one of the most important ways to increase the security of your application development projects. It allows you to understand the threats you will face, and implement countermeasure in a consistent, reliable way. If you only do one thing to improve yoru development processes, Threat Modeling should be it. Now with the new ACE Threat Modeling methodology and tools, it's easy to do as well! Read more »
QuickTime and Firefox combine for insecurity
-- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »
5 reasons restricting hacking is not like gun control
-- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »
Filter Tags
News and features
- Latest
- Popular
- Features
- Most Discussed
-
In this week's roundup we see that continuous whining can get results, Linux users get 64-bit Flash and Moonlight previews, the latest in the Yahoo/Microsoft relationship and Senator Conroy ducks and weave in Senate Question Time. Read more »
-
Sun eye Web developers with Netbeans 6.5Despite the recent employment axe hitting Sun the company has pushed out a new release of its Netbeans open source IDE with an eye to appeal more to Web developers. Read more »
-
BarCamp buzz: Let the hacking continueAttending last weekend's BarCamp in Sydney, it was hard to escape the conclusion that a certain "dot-com bust" flavour had seeped into the kool aid previously being drunk by Australia's web 2.0 and early stage start-up sector. Read more »
-
Interplanetary Internet a possibility
2008/11/21 10:32:55
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
2008/11/20 10:58:20
-
Yang's resignation: The talk of Silicon Valley
2008/11/19 16:10:33
What's on?
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
Club Builder this week takes a long look at Senator Conroy's recent attempt to explain his Great Firewall of Australia, we chase Steve Ballmer over Sydney, and find Google's biggest bug of the year.