News (243)
Web attackers get better at hiding
Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said this week. Read more »
Oracle attack code out
Code is in the wild for one of the holes patched by the database firm on tuesday. Read more »
MySpace attacked with background image hack
Security researcher Roger Thompson has found a new way to link to malicious servers that doesn't involve iframes (inline frames). This time, popular MySpace artist sites are the target. Read more »
Microsoft RPC exploit could be a packaged deal
While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way. Read more »
RSS, Atom feeds may carry security risk
Reading blogs via popular RSS or Atom feeds may expose computer users to hacker attacks, a security expert warns. Read more »
MacBook hacked in contest at security event
Software engineer Shane Macaulay hacked into a MacBook through a zero-day security hole in Apple's Safari browser, winning a free laptop in the process. The computer was one of two offered as a prize in the "PWN to Own" hack-a-Mac contest at the CanSecWest conference in Vancouver, Canada. Read more »
IE plus Firefox equals 'critical' security risk
Firefox combined with Internet Explorer on the same desktop opens up a zero day vulnerability that is highly critical, according to security researchers. Read more »
Exploit code released for Adobe Photoshop flaw
Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported this week. Read more »
'Dangerous' Flash exploit can infect by stealth
A Flash flaw discovered this month could change the face of Web security by allowing criminals to infect users of any browser or operating system with malware — without making their browser or application crash. Read more »
PHP exploit code plants itself in GIF
Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. Read more »
Features (38)
Ten commandments for the security-conscious programmer
Here are the steps from Builder AU that you should take to keep hackers and other security threats at bay. Read more »
CGI wrappers for Apache-based apps can boost security
CGI scripts represent a big potential security risk in Web development, but using CGI wrappers can help insulate your servers from attack. Here's an outline of how to create CGI wrappers to protect an Apache Web server. Read more »
Develop applications that prevent intrusion
Designing secure applications requires developers to look beyond their own code. Accessing APIs or COM objects or establishing system privileges can result in security vulnerabilities that can be prevented. Read more »
Clickjacking: Potentially harmful web browser exploit
Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »
New security flaw in Outlook, IE
A Danish security researcher has warned that a recently discovered software flaw could leave user's systems open to malicious code carried on Web pages or in e-mails. Read more »
Security through obscurity won't secure your code
Most applications use some form of security through obscurity, but you should avoid it when writing your apps. ZDNet Australia offers these tips on how to tighten up your code. Read more »
ASP.NET security holes
Learn about the recently discovered holes in ASP.NET, and ponder who should be responsible for security. Read more »
Why interactive site features can conflict with security
Interactive features on Web sites can offer great benefits to users, but may conflict with security concerns. We look at the ongoing war between interactive Web site features and better browser security. Read more »
Secure your system with the TCB concept
New US legislation will make developers liable for security attacks. Cover all the bases by using this approach to implementing system security. Read more »
Open, closed source security about equal?
Proprietary programs should mathematically be as secure as those developed under the open-source model, a Cambridge University researcher argued in a paper presented in Toulouse, France. Read more »
Blog (7)
Attack Modeling vs Threat Modeling
-- Traditional Threat Modeling from an adversarial approach is actually Attack Modeling. So what is Threat Modeling then and how does it differ from Attack Modeling? Read more »
Sysadmin hijacks San Francisco while Torvalds attacks security circus
-- This edition of the Weekly Roundup looks at how one man has taken over the network of the city of San Francisco, take a glance at a local news start-up and Linus Torvalds calls out the IT security sector. Read more »
The 2008 Trends and Threats to Internet security
-- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »
Anti-Virus software hit with 6 critical vulnerabilities
-- Kaspersky Labs announced over easter that their latest maintenance pack fixes six critical security vulnerabilities in their anti-virus software. The security flaws affect the Anti-Virus 6.0 and Internet Security products, including both the workstation and server editions. Read more »
QuickTime and Firefox combine for insecurity
-- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »
Builder AU's June book giveaway
-- Help out in the Builder AU forums and win a book! Read more »
5 reasons restricting hacking is not like gun control
-- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »
Filter Tags
News and features
- Latest
- Popular
- Features
- Most Discussed
-
In this week's roundup we see that continuous whining can get results, Linux users get 64-bit Flash and Moonlight previews, the latest in the Yahoo/Microsoft relationship and Senator Conroy ducks and weave in Senate Question Time. Read more »
-
Sun eye Web developers with Netbeans 6.5Despite the recent employment axe hitting Sun the company has pushed out a new release of its Netbeans open source IDE with an eye to appeal more to Web developers. Read more »
-
BarCamp buzz: Let the hacking continueAttending last weekend's BarCamp in Sydney, it was hard to escape the conclusion that a certain "dot-com bust" flavour had seeped into the kool aid previously being drunk by Australia's web 2.0 and early stage start-up sector. Read more »
-
Interplanetary Internet a possibility
2008/11/21 10:32:55
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
2008/11/20 10:58:20
-
Yang's resignation: The talk of Silicon Valley
2008/11/19 16:10:33
What's on?
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
Club Builder this week takes a long look at Senator Conroy's recent attempt to explain his Great Firewall of Australia, we chase Steve Ballmer over Sydney, and find Google's biggest bug of the year.