News (253)
Oracle attack code out
Code is in the wild for one of the holes patched by the database firm on tuesday. Read more »
Web attackers get better at hiding
Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said this week. Read more »
MySpace attacked with background image hack
Security researcher Roger Thompson has found a new way to link to malicious servers that doesn't involve iframes (inline frames). This time, popular MySpace artist sites are the target. Read more »
Microsoft RPC exploit could be a packaged deal
While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way. Read more »
Exploit code released for Adobe Photoshop flaw
Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported this week. Read more »
'Dangerous' Flash exploit can infect by stealth
A Flash flaw discovered this month could change the face of Web security by allowing criminals to infect users of any browser or operating system with malware — without making their browser or application crash. Read more »
Facebook banner ad serves an IE exploit
Unpatched PCs running Internet Explorer could fall victim to adware when visiting social networking site Facebook. Read more »
PHP exploit code plants itself in GIF
Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. Read more »
Exploit code makes IE flaw more dangerous
The threat posed by a critical flaw in Internet Explorer has been ratcheted up by the release of a program designed to exploit the vulnerability, security researchers warned on Thursday. Read more »
Exploit code chases two Firefox flaws
Two vulnerabilities in the popular Firefox browser have been rated 'extremely critical' because exploit code is now available to take advantage of them. Read more »
Features (42)
Clickjacking: Potentially harmful web browser exploit
Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »
10+ things you should know about rootkits
Malware-based rootkits fuel a multibillion dollar spyware industry by stealing individual or corporate financial information. If that weren't bad enough, rootkit-based botnets generate untold amounts of spam. Here's a look at what rootkits are and what to do about them. Read more »
What is cross-site scripting?
Cross-site scripting, also known as "XSS," is a class of security exploit that has gotten a fair bit of attention in the last few years. This article explains what it is and where the dangers lie. Read more »
Windows rootkits 101
When administrators and security professionals hear the word rootkit, most think first of a UNIX-based system. Unfortunately, this only leads to a false sense of security for Windows-based systems. The fact is that Windows rootkits do exist, and you need to be able to detect them. Read more »
ASP.NET security holes
Learn about the recently discovered holes in ASP.NET, and ponder who should be responsible for security. Read more »
WinNuke: coming to a system near you
A reincarnated version of the malicious program WinNuke has surfaced and can affect Windows NT, 2000, XP, and .NET by causing disruption and disablement of network communications. Read more »
Safe browser an oxymoron?
In November 2003, the CERT Coordination Center first advised Web users to consider using a Web browser other than Microsoft Internet Explorer. Read more »
Establish a patch management policy
Patch management is an issue that will always plague your organisation's network -- there will always be patches, updates, and security fixes to apply. Read more »
Dreamweaver testing scripts can lead to DB compromise
Get the details on an important flaw in sites developed with Macromedia Dreamweaver. Read more »
Kerberos vulnerability hits Linux/UNIX versions
The Kerberos Administration daemon (kadmind), which is used in connection with Kerberos authentication, contains a buffer overflow vulnerability in many implementations, mostly affecting Linux/UNIX. Read more »
Video (1)
Five services to turn off in Windows XP
Running unnecessary Windows XP services can increase your vulnerability to exploits that might use those services as attack vectors. In this IT Dojo video, Bill Detwiler discusses five services that you should consider turning off and shows you how to disable them. Read more »
Blog (9)
2008 -- where 2006 exploits still rule
-- So the question is: who is running their SQL servers on systems unpatched since 2006 and/or not installing service packs?
The answer is clearly enough people to warrant continued exploitation. Read more »
Hack attack week
-- It wasn't a good week to be an Alaskan vice-presidential candidate, an online publication or even a multinational science project -- as all were compromised by hackers this week. Read more »
Attack Modeling vs Threat Modeling
-- Traditional Threat Modeling from an adversarial approach is actually Attack Modeling. So what is Threat Modeling then and how does it differ from Attack Modeling? Read more »
Sysadmin hijacks San Francisco while Torvalds attacks security circus
-- This edition of the Weekly Roundup looks at how one man has taken over the network of the city of San Francisco, take a glance at a local news start-up and Linus Torvalds calls out the IT security sector. Read more »
The 2008 Trends and Threats to Internet security
-- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »
Anti-Virus software hit with 6 critical vulnerabilities
-- Kaspersky Labs announced over easter that their latest maintenance pack fixes six critical security vulnerabilities in their anti-virus software. The security flaws affect the Anti-Virus 6.0 and Internet Security products, including both the workstation and server editions. Read more »
QuickTime and Firefox combine for insecurity
-- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »
Builder AU's June book giveaway
-- Help out in the Builder AU forums and win a book! Read more »
5 reasons restricting hacking is not like gun control
-- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »
Filter Tags
News and features
- Latest
- Popular
- Features
- Most Discussed
-
In this week's roundup we see that continuous whining can get results, Linux users get 64-bit Flash and Moonlight previews, the latest in the Yahoo/Microsoft relationship and Senator Conroy ducks and weave in Senate Question Time. Read more »
-
Sun eye Web developers with Netbeans 6.5Despite the recent employment axe hitting Sun the company has pushed out a new release of its Netbeans open source IDE with an eye to appeal more to Web developers. Read more »
-
BarCamp buzz: Let the hacking continueAttending last weekend's BarCamp in Sydney, it was hard to escape the conclusion that a certain "dot-com bust" flavour had seeped into the kool aid previously being drunk by Australia's web 2.0 and early stage start-up sector. Read more »
-
Interplanetary Internet a possibility
2008/11/21 10:32:55
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
2008/11/20 10:58:20
-
Yang's resignation: The talk of Silicon Valley
2008/11/19 16:10:33
What's on?
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
Club Builder this week takes a long look at Senator Conroy's recent attempt to explain his Great Firewall of Australia, we chase Steve Ballmer over Sydney, and find Google's biggest bug of the year.