News (310)

Beware of bogus Microsoft security bulletins

Organisations are being warned to be on the lookout for fake Microsoft security bulletins which spammers sent out yesterday to thousands of companies in the US and the UK. Read more »

MacBook hacked in contest at security event

Software engineer Shane Macaulay hacked into a MacBook through a zero-day security hole in Apple's Safari browser, winning a free laptop in the process. The computer was one of two offered as a prize in the "PWN to Own" hack-a-Mac contest at the CanSecWest conference in Vancouver, Canada. Read more »

Donations flood in for 'guilty' security researcher

Security expert Guillaume Tena, who was last week ordered to pay a fine of 14,300 euros for breach of French copyright law after publishing information about security vulnerabilities in an anti-virus application, has already collected around half the money in donations after appealing for help on his Web site. Read more »

RSS, Atom feeds may carry security risk

Reading blogs via popular RSS or Atom feeds may expose computer users to hacker attacks, a security expert warns. Read more »

IE plus Firefox equals 'critical' security risk

Firefox combined with Internet Explorer on the same desktop opens up a zero day vulnerability that is highly critical, according to security researchers. Read more »

'Dangerous' Flash exploit can infect by stealth

A Flash flaw discovered this month could change the face of Web security by allowing criminals to infect users of any browser or operating system with malware — without making their browser or application crash. Read more »

Kevin Mitnick: Social engineering 101

Kevin Mitnick has proven that the weakest link in any security system is the person holding the information. Read more »

PHP exploit code plants itself in GIF

Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. Read more »

Exploit code released for Adobe Photoshop flaw

Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported this week. Read more »

Apple QuickTime exploit in the wild

Symantec has found active exploit code in the wild for an unpatched Apple QuickTime vulnerability. Read more »

More Exploit, Secure News Results

Features (59)

Ten commandments for the security-conscious programmer

Here are the steps from Builder AU that you should take to keep hackers and other security threats at bay. Read more »

CGI wrappers for Apache-based apps can boost security

CGI scripts represent a big potential security risk in Web development, but using CGI wrappers can help insulate your servers from attack. Here's an outline of how to create CGI wrappers to protect an Apache Web server. Read more »

Five steps to designing a secure system with TCB

Security must be a factor in system design from the beginning. It starts with defining the trusted computing base (TCB). Follow these steps to achieve a secure system. Read more »

Develop applications that prevent intrusion

Designing secure applications requires developers to look beyond their own code. Accessing APIs or COM objects or establishing system privileges can result in security vulnerabilities that can be prevented. Read more »

Why you should perform regular security audits

Most companies believe that their computer systems are secure. But one of the only ways to determine whether this is actually true is by performing an audit. Read more »

Security through obscurity won't secure your code

Most applications use some form of security through obscurity, but you should avoid it when writing your apps. ZDNet Australia offers these tips on how to tighten up your code. Read more »

The secrets of open source security

The Linux vs. Windows security debate is a contest of examples, which stand in place of the concepts that comprise a larger, more fundamental question of what the security benefits and detriments are for the open source and closed source development models. Read more »

What hackers can teach you about security

He's probably the most infamous hacker of all time. Which is why we should listen when Kevin Mitnick says that traditional network security tools aren't enough to keep our information safe. Read more »

New security flaw in Outlook, IE

A Danish security researcher has warned that a recently discovered software flaw could leave user's systems open to malicious code carried on Web pages or in e-mails. Read more »

Why interactive site features can conflict with security

Interactive features on Web sites can offer great benefits to users, but may conflict with security concerns. We look at the ongoing war between interactive Web site features and better browser security. Read more »

More Exploit, Secure Features Results

Video (1)

Play!
See how iPhone exploit works

A vulnerability has been discovered in the Safari browser of the iPhone, and this video is a brief demonstration of how it works. More details are set to be announced at this year's Black Hat security conference. Read more »

Blog (12)

The 2008 Trends and Threats to Internet security

Lana Kovacevic [blogs:webanatomy] -- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »

Sysadmin hijacks San Francisco while Torvalds attacks security circus

Staff [blogs:syslog] -- This edition of the Weekly Roundup looks at how one man has taken over the network of the city of San Francisco, take a glance at a local news start-up and Linus Torvalds calls out the IT security sector. Read more »

We don't need an eBay for security holes

Nick Gibson [blogs:byteclub] -- It's been likened to an eBay for hackers -- new security site WabiSabiLabi is a market place for auctioning security vulnerabilities. Read more »

Australian twitterati talks malware

[blogs:bootstrappr] -- It was inevitable that micro-blogging service Twitter would become infested with malware, according to a number of high-profile Australian users of the service. Read more »

Assumption-based Hacking 101

Chris Duckett [blogs:betaliving] -- High-level thinking leads to assumptions, and assumptions are the mother of all mistakes -- consequently the best place to find a security hole is in a place where the programmer has made an incorrect assumption. Read more »

Anti-Virus software hit with 6 critical vulnerabilities

Staff [blogs:syslog] -- Kaspersky Labs announced over easter that their latest maintenance pack fixes six critical security vulnerabilities in their anti-virus software. The security flaws affect the Anti-Virus 6.0 and Internet Security products, including both the workstation and server editions. Read more »

QuickTime and Firefox combine for insecurity

Nick Gibson [blogs:byteclub] -- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »

Attack Modeling vs Threat Modeling

[blogs:] -- Traditional Threat Modeling from an adversarial approach is actually Attack Modeling. So what is Threat Modeling then and how does it differ from Attack Modeling? Read more »

5 reasons restricting hacking is not like gun control

Nick Gibson [blogs:byteclub] -- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »

Is that $500 million in your wallet?

Staff [blogs:syslog] -- Have we officially returned to the silly season of the late 1990s? If not, there was a momentous step closer taken this week. Read more »

More Exploit, Secure Blog Results

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff Shadow chasing in browsers

    The punching and counterpunching continued in the ongoing web browser development bout. Each time one browser closes a feature gap, a new feature appears in one of the others -- how we ever put up with the years of browser stagnation, I'll never know. Read more »

    -- posted by Staff

  • Chris Duckett Safari gets Gears

    Since its release in May last year, Gears has supported only Internet Explorer and Firefox browsers. With the addition of Safari into the Gears fold, it closes the loop of major browsers to support Gears Read more »

    -- posted by Chris Duckett

  • Renai LeMay MyPerfect.com.au has potential

    Victorian Web start-up My Perfect has a strong story and rationale for why it will succeed. But it has to overcome some challenges and design flaws first. Read more »

    -- posted by Renai LeMay

What's on?