News (98)

Exploit code makes IE flaw more dangerous

The threat posed by a critical flaw in Internet Explorer has been ratcheted up by the release of a program designed to exploit the vulnerability, security researchers warned on Thursday. Read more »

Code to exploit Windows graphics flaw now public

A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Read more »

Exploit code chases two Firefox flaws

Two vulnerabilities in the popular Firefox browser have been rated 'extremely critical' because exploit code is now available to take advantage of them. Read more »

'Dangerous' Flash exploit can infect by stealth

A Flash flaw discovered this month could change the face of Web security by allowing criminals to infect users of any browser or operating system with malware — without making their browser or application crash. Read more »

Apple QuickTime exploit in the wild

Symantec has found active exploit code in the wild for an unpatched Apple QuickTime vulnerability. Read more »

Web attackers get better at hiding

Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said this week. Read more »

Apple QuickTime zero-day flaw 'extremely critical'

Security research firm Secunia has reported what it calls an "extremely critical" vulnerability in media-streaming program Apple QuickTime. Read more »

Patch or get PWNED in a flash

Recently fixed vulnerabilities in Sun's Java Runtime Environment and Adobe's Flash player mean that unpatched systems are vulnerable and could be infected with spyware or recruited into a botnet by simply visiting a Web page with exploit code -- and Google last month warned that 10 percent of Web sites contain this kind of malicious code. Read more »

Microsoft rushes out 'critical' fix

Microsoft issued a "critical" security fix for Windows on Tuesday in the US, two weeks before its scheduled release date. Read more »

iPhone hacked in less than a month?

Apple's iPhone has been on the market for less than a month, but already researchers have claimed to have hacked the popular device. Read more »

More Browsers, Code, Exploit News Results

Features (19)

Clickjacking: Potentially harmful web browser exploit

Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »

CGI wrappers for Apache-based apps can boost security

CGI scripts represent a big potential security risk in Web development, but using CGI wrappers can help insulate your servers from attack. Here's an outline of how to create CGI wrappers to protect an Apache Web server. Read more »

PHP gotchas to avoid

When you are debugging PHP code under a tight deadline, start by looking for the most typical problems. Topping the list should be parsing and scope errors. Read more »

What is cross-site scripting?

Cross-site scripting, also known as "XSS," is a class of security exploit that has gotten a fair bit of attention in the last few years. This article explains what it is and where the dangers lie. Read more »

The secrets of open source security

The Linux vs. Windows security debate is a contest of examples, which stand in place of the concepts that comprise a larger, more fundamental question of what the security benefits and detriments are for the open source and closed source development models. Read more »

Why interactive site features can conflict with security

Interactive features on Web sites can offer great benefits to users, but may conflict with security concerns. We look at the ongoing war between interactive Web site features and better browser security. Read more »

The Mobile Future

The next battle for the hearts and minds of internet developers will be fought on the mobile phone. Read more »

Using Perl to take control of HTTP caching

This article shows how to take advantage of HTTP caching and expiry features with the help of Perl. Read more »

Avoid security vulnerabilities in your CGI programs

CGI makes creating Web-executable programs quick and easy--both for you and for hackers. Learn about some of the explicit security vulnerabilities of CGI and how to avoid them. Read more »

Adding value changing functionality to the HTML file input element

The HTML file input element is a valuable commodity that can add value to intranet applications. This article provides simple code that will allow you to control the value of this element. Read more »

More Browsers, Code, Exploit Features Results

Blog (2)

The 2008 Trends and Threats to Internet security

Lana Kovacevic [blogs:webanatomy] -- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »

QuickTime and Firefox combine for insecurity

Nick Gibson [blogs:byteclub] -- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »

Log in


Sign up | Forgot your password?

Blogs

RSS feed

What's on?