News (617)

Microsoft explains seven-year patch delay

Microsoft has offered an explanation as to why it took the company seven years to issue a patch for a known vulnerability. Read more »

Google details 'reboot' bug, Android security fixes

Google has begun releasing some details about the vulnerabilities it patched in two updates to Google's Android operating system software in the T-Mobile G1 smartphone. Read more »

Hackers attack White House

It was revealed last week that the presidential campaigns of Barack Obama and John McCain were hacked in recent months. Now, a report has surfaced that the White House has suffered multiple attacks in recent months as well. Read more »

Salesforce.com attacks Microsoft, SAP

Salesforce.com CEO Marc Benioff has accused SAP of failing to understand cloud computing and slammed Microsoft's internet-based operating system, Azure. Read more »

Core Security finds critical Adobe Reader hole

A critical security hole in Adobe Reader could allow an attacker to take control of a computer, according to Core Security Technologies. Read more »

Microsoft issues security patch for unreleased software

Microsoft released a security patch on Monday for software that won't be available publicly until Tuesday at the company's Professional Developer Conference. Read more »

Microsoft RPC exploit could be a packaged deal

While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way. Read more »

Keystrokes can be recovered remotely

Wired keyboards, like those found on desktop PCs, emit electromagnetic waves that can be read remotely, according two Swiss researchers. Read more »

Adobe addresses Flash Player 'clickjacking' flaw

Adobe has addressed a security flaw in its Flash Player products that could lead to 'clickjacking' attacks. Read more »

Botnets on mobile phones in 2009?

About 15 per cent of all online computers are infected with bots, says a new report on emerging threats for 2009 from Georgia Tech Information Security Center. Read more »

More Attack News Results

Features (149)

Security in the Web 2.0 Era

At the Gartner Symposium ITxpo 2008 in Sydney this week, Andrew Walls, the research director and security analyst at Gartner presented "Security in the Age of E-Commerce and Web 2.0". Read more »

Clickjacking: Potentially harmful web browser exploit

Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »

50 significant moments from internet history

We take you through 50 defining moments of the internet. Read more »

10+ things you should know about rootkits

Malware-based rootkits fuel a multibillion dollar spyware industry by stealing individual or corporate financial information. If that weren't bad enough, rootkit-based botnets generate untold amounts of spam. Here's a look at what rootkits are and what to do about them. Read more »

Realise the flexibility of OpenSSH

OpenSSH is one of the most useful tools available. With it, you can access systems remotely and securely, transfer files securely, execute single commands on remote systems, secure normally insecure services, and much more. Read more »

How to spoof a MAC address

MAC address filtering for wireless networking isn't real security. Anyone who pays any attention to current trends in wireless security at all should know that MAC filtering is less effective than WEP -- and that WEP can be cracked almost instantly these days with commonly available tools. Read more »

Google vs. Microsoft

At the 2008 Gartner Application Development, Integration and Web Services Summit, David Mitchell Smith, vice president and Gartner fellow gave a presentation titled "Google vs. Microsoft", discussing the seeming battle between the two companies. Read more »

HTTP and HTML: The paradox of dominance

The saying, "When all you have is a hammer, every problem looks like a nail," makes me think of the mess that we're in when it comes to the dominance of HTML and HTTP. Read more »

Log Linux services with runit

Each supervised service is controlled via a run script, similar to an init script for a system service. This run script does one thing: prepares for and starts a service. Read more »

What is cross-site scripting?

Cross-site scripting, also known as "XSS," is a class of security exploit that has gotten a fair bit of attention in the last few years. This article explains what it is and where the dangers lie. Read more »

More Attack Features Results

Video (6)

Play!
Five services to turn off in Windows XP

Running unnecessary Windows XP services can increase your vulnerability to exploits that might use those services as attack vectors. In this IT Dojo video, Bill Detwiler discusses five services that you should consider turning off and shows you how to disable them. Read more »

Play!
Charney: 9/11 attacks made security an asset

Until 9/11 security was simply a cost, says the VP of Microsoft's Trustworthy Computing Group – the stock exchange being knocked out suddenly changed this. Read more »

Play!
Charney: App vendors are the weakest security link

Microsoft now builds security into products such as Vista but attackers have shifted their focus to applications so software vendors are the weakest link, says the VP of Microsoft's Trustworthy Computing Group. Read more »

Play!
Russian criminals prefer Australian banks

Russian cyber-crooks prefer targeting Australian banks because we have fewer brands relative to the population, which means social engineering attacks require less customisation, according to Kimberly Zenz, a specialist in criminal activity originating in the former Soviet Union. Read more »

Play!
Gosling, the ATO and useless stats -- Club Builder

This week on Club Builder: James Gosling tells us why Emacs sucks, the ATO feels uncomfortable with using open source and who's to blame for IFRAME attacks? Read more »

Play!
CeBIT: NZ CIO on Web 2.0

  Read more »

Blog (19)

AJAX applications and security

Lana Kovacevic [blogs:webanatomy] -- Douglas Crockford, the creator of JSON, gave a talk entitled "AJAX Security" at the recent Web Directions South conference. In this talk, Crockford discussed some of the security concerns with AJAX applications and what can be done to address them. Read more »

Hack attack week

Staff [blogs:syslog] -- It wasn't a good week to be an Alaskan vice-presidential candidate, an online publication or even a multinational science project -- as all were compromised by hackers this week. Read more »

The 2008 Trends and Threats to Internet security

Lana Kovacevic [blogs:webanatomy] -- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »

10 PR 2.0 tips for startups

Brendon Chase [blogs:codemonkeybusiness] -- You’ve got a great product and spent much of your budget on developing your software or service and now you’re left with a marginal budget for marketing and PR. Sound familiar? Read more »

Sysadmin hijacks San Francisco while Torvalds attacks security circus

Staff [blogs:syslog] -- This edition of the Weekly Roundup looks at how one man has taken over the network of the city of San Francisco, take a glance at a local news start-up and Linus Torvalds calls out the IT security sector. Read more »

One ID to rule them all

Lana Kovacevic [blogs:webanatomy] -- OpenID is an open-source mechanism enabling you to use a single online identity to log-in to different websites that support OpenID. Read more »

2008 -- where 2006 exploits still rule

Staff [blogs:syslog] -- So the question is: who is running their SQL servers on systems unpatched since 2006 and/or not installing service packs? The answer is clearly enough people to warrant continued exploitation. Read more »

XSS fun with Howard: Liberal Party says no

Staff [blogs:syslog] -- Political parties have no sense of humour. Far from being a revelation, it was merely reinforced yet again as both the major parties in this country had their sites fall victim to XSS. Read more »

QuickTime and Firefox combine for insecurity

Nick Gibson [blogs:byteclub] -- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »

Free AntiVirus beats all comers in AntiVirus fight club

Nick Gibson [blogs:byteclub] -- A rare AntiVirus accuracy competition was conducted at Linuxworld this week, and the results should come as a blow to the paid antivirus industry. Read more »

More Attack Blog Results

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Crying, mooning and leaving

    In this week's roundup we see that continuous whining can get results, Linux users get 64-bit Flash and Moonlight previews, the latest in the Yahoo/Microsoft relationship and Senator Conroy ducks and weave in Senate Question Time. Read more »

    -- posted by Staff

  • Brendon Chase Sun eye Web developers with Netbeans 6.5

    Despite the recent employment axe hitting Sun the company has pushed out a new release of its Netbeans open source IDE with an eye to appeal more to Web developers. Read more »

    -- posted by Brendon Chase

  • Renai LeMay BarCamp buzz: Let the hacking continue

    Attending last weekend's BarCamp in Sydney, it was hard to escape the conclusion that a certain "dot-com bust" flavour had seeped into the kool aid previously being drunk by Australia's web 2.0 and early stage start-up sector. Read more »

    -- posted by Renai LeMay

What's on?