News (222)

Code to exploit Windows graphics flaw now public

A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Read more »

Exploit code makes IE flaw more dangerous

The threat posed by a critical flaw in Internet Explorer has been ratcheted up by the release of a program designed to exploit the vulnerability, security researchers warned on Thursday. Read more »

PHP exploit code plants itself in GIF

Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. Read more »

Exploit code chases two Firefox flaws

Two vulnerabilities in the popular Firefox browser have been rated 'extremely critical' because exploit code is now available to take advantage of them. Read more »

Exploit code released for Adobe Photoshop flaw

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported this week. Read more »

Oracle attack code out

Code is in the wild for one of the holes patched by the database firm on tuesday. Read more »

Microsoft: Watch out for rogue code

Microsoft has urged customers to apply its latest security patches, after several companies published "proof of concept" attacks that exploit the flaws that the updates fix. Read more »

Microsoft RPC exploit could be a packaged deal

While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way. Read more »

Apple QuickTime exploit in the wild

Symantec has found active exploit code in the wild for an unpatched Apple QuickTime vulnerability. Read more »

'Dangerous' Flash exploit can infect by stealth

A Flash flaw discovered this month could change the face of Web security by allowing criminals to infect users of any browser or operating system with malware — without making their browser or application crash. Read more »

More Code, Exploit News Results

Features (63)

Reap the benefits of design patterns

Proper use of design patterns in software development allows you to increase the efficiency of the coding process. Apply design patterns in your next project and reap the benefits. Read more »

Security through obscurity won't secure your code

Most applications use some form of security through obscurity, but you should avoid it when writing your apps. ZDNet Australia offers these tips on how to tighten up your code. Read more »

Proprietary vs. open source? Take the best of both codes

The Microsoft vs. Linux confrontation is too often seen as a battle for the hearts and minds of this industry. From a corporate IT perspective, each side has legitimate claims and products to offer. It's not an either-or situation; it's about the price and service for goods rendered. The enterprise will be a hybrid world that continues to integrate both proprietary and open source code for a long time to come. Read more »

Develop applications that prevent intrusion

Designing secure applications requires developers to look beyond their own code. Accessing APIs or COM objects or establishing system privileges can result in security vulnerabilities that can be prevented. Read more »

CGI wrappers for Apache-based apps can boost security

CGI scripts represent a big potential security risk in Web development, but using CGI wrappers can help insulate your servers from attack. Here's an outline of how to create CGI wrappers to protect an Apache Web server. Read more »

PHP gotchas to avoid

When you are debugging PHP code under a tight deadline, start by looking for the most typical problems. Topping the list should be parsing and scope errors. Read more »

Clickjacking: Potentially harmful web browser exploit

Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »

Send email alerts when errors are written to the event log

It is common for applications to write to the Windows Event Log when errors occur or a warning is issued, and with the advent of the .NET Framework, Microsoft has provided developers with built-in functionality to read and write data to or from the event log. Read more »

What is cross-site scripting?

Cross-site scripting, also known as "XSS," is a class of security exploit that has gotten a fair bit of attention in the last few years. This article explains what it is and where the dangers lie. Read more »

10+ things you should know about rootkits

Malware-based rootkits fuel a multibillion dollar spyware industry by stealing individual or corporate financial information. If that weren't bad enough, rootkit-based botnets generate untold amounts of spam. Here's a look at what rootkits are and what to do about them. Read more »

More Code, Exploit Features Results

Blog (6)

The good and truly awful celluloid depictions of computers

Chris Duckett [blogs:betaliving] -- Ever wonder why your lawyer uncle leaves the room whenever you turn over to Boston Legal? Or why your forensic science cousin can't stand crime drama? You know the answer: it’s the horrid trivialisation and dumbing down of an occupation to make it appear entertaining. Sometimes it is so unbelievable that it actually hurts and yelling at the screen is the only outlet. Read more »

The 2008 Trends and Threats to Internet security

Lana Kovacevic [blogs:webanatomy] -- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »

QuickTime and Firefox combine for insecurity

Nick Gibson [blogs:byteclub] -- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »

Anti-Virus software hit with 6 critical vulnerabilities

Staff [blogs:syslog] -- Kaspersky Labs announced over easter that their latest maintenance pack fixes six critical security vulnerabilities in their anti-virus software. The security flaws affect the Anti-Virus 6.0 and Internet Security products, including both the workstation and server editions. Read more »

We don't need an eBay for security holes

Nick Gibson [blogs:byteclub] -- It's been likened to an eBay for hackers -- new security site WabiSabiLabi is a market place for auctioning security vulnerabilities. Read more »

5 reasons restricting hacking is not like gun control

Nick Gibson [blogs:byteclub] -- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »

Log in


Sign up | Forgot your password?

Blogs

RSS feed

What's on?