News (468)
Microsoft explains seven-year patch delay
Microsoft has offered an explanation as to why it took the company seven years to issue a patch for a known vulnerability. Read more »
Google details 'reboot' bug, Android security fixes
Google has begun releasing some details about the vulnerabilities it patched in two updates to Google's Android operating system software in the T-Mobile G1 smartphone. Read more »
Core Security finds critical Adobe Reader hole
A critical security hole in Adobe Reader could allow an attacker to take control of a computer, according to Core Security Technologies. Read more »
Researcher warns of Android browser vulnerability
A flaw exists in the Google-led Android mobile platform that could let users be tricked into visiting malware-laden websites and unwittingly have their keystrokes recorded, The New York Times has reported. Read more »
Microsoft issues security patch for unreleased software
Microsoft released a security patch on Monday for software that won't be available publicly until Tuesday at the company's Professional Developer Conference. Read more »
Microsoft RPC exploit could be a packaged deal
While Microsoft has labeled Thursday's emergency patch MS08-067 as "critical" and provided a rareout-of-cycle fix because its exploit could easily be used as worm on a compromised network, one security researcher doesn't think it will happen that way. Read more »
Keystrokes can be recovered remotely
Wired keyboards, like those found on desktop PCs, emit electromagnetic waves that can be read remotely, according two Swiss researchers. Read more »
Adobe addresses Flash Player 'clickjacking' flaw
Adobe has addressed a security flaw in its Flash Player products that could lead to 'clickjacking' attacks. Read more »
Microsoft to issue 11 security patches on Tuesday
On Thursday, Microsoft announced four security bulletins for next week. The announcement is intended as a heads-up for IT departments before Patch Tuesday. Four fixes are considered critical, six important, and one is moderate as ranked by the software giant. Read more »
Researchers warn of 'clickjacking' threat
Researchers have begun publishing details of a new type of attack called 'clickjacking', which can lead users to malicious websites by tricking them into clicking on unseen elements in a Web browser. Read more »
Features (83)
Should you install the new version of Java?
Sun Microsystems released a new version of Java for Windows, Linux and Solaris recently. Should you rush out to install it? Probably not. Read more »
Security in the Web 2.0 Era
At the Gartner Symposium ITxpo 2008 in Sydney this week, Andrew Walls, the research director and security analyst at Gartner presented "Security in the Age of E-Commerce and Web 2.0". Read more »
Clickjacking: Potentially harmful web browser exploit
Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »
50 significant moments from internet history
We take you through 50 defining moments of the internet. Read more »
10+ things you should know about rootkits
Malware-based rootkits fuel a multibillion dollar spyware industry by stealing individual or corporate financial information. If that weren't bad enough, rootkit-based botnets generate untold amounts of spam. Here's a look at what rootkits are and what to do about them. Read more »
Encrypt backups using Oracle 10gR2's RMAN
No IT pros want their company to make headline news because of a data breach. You can make your data less vulnerable to theft by using a new feature in Oracle 10g Release 2 that lets you make encrypted backups via Recovery Manager. Read more »
Red ring of death is closer than you think
It can seem hard to believe that a company with all the resources of Microsoft can make make a billion-dollar mistake with a small chip-design fault. Yet chip design is not an exact science and Rupert Goodwins, who has been there himself, details how it can go horribly wrong. Read more »
Find and fix weak OpenSSL/OpenSSH keys: Debian-based Linux vulnerability
A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). Read more »
Automate and extend Firefox with the Chickenfoot add-on
Chickenfoot is a Firefox add-on that allows you to automate user actions within the browser environment. It also lets you extend the browser interface to provide additional features to a Web page. Read more »
What is cross-site scripting?
Cross-site scripting, also known as "XSS," is a class of security exploit that has gotten a fair bit of attention in the last few years. This article explains what it is and where the dangers lie. Read more »
Video (5)
Cyber-terrorism 'a big threat'
The UK dependence on computer systems leaves the country vulnerable to cyber-terrorist attack, according to former leader of the UK Liberal Democrats, Lord Ashdown. Read more »
Five services to turn off in Windows XP
Running unnecessary Windows XP services can increase your vulnerability to exploits that might use those services as attack vectors. In this IT Dojo video, Bill Detwiler discusses five services that you should consider turning off and shows you how to disable them. Read more »
Why security appliances can make you less secure
Security appliances can introduce vulnerabilities into an organisation's network because they often include older operating systems and vendors rarely inform customers how to properly update them, according to Microsoft's Roger Grimes, who was speaking at the AusCERT 2008 conference. Read more »
Security on the Web
Rasmus Lerdorf, creator of PHP, discusses security on the Web. He explains how almost all sites are vulnerable and why the entire structure of the Web needs an overhaul. Read more »
See how iPhone exploit works
A vulnerability has been discovered in the Safari browser of the iPhone, and this video is a brief demonstration of how it works. More details are set to be announced at this year's Black Hat security conference. Read more »
Blog (15)
SMB bug gets seven-year itch
-- This week's roundup looks at the Great Firewall of Australia, seven year-old security holes, Android's big bug and we chase Steve Ballmer around Sydney. Read more »
Ubuntu gets jaunty
-- This week's Roundup looks at Ubuntu's new Jaunty Jackalope, new rules of virtualisation, the world of browsers and more. Read more »
The 2008 Trends and Threats to Internet security
-- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »
Australian twitterati talks malware
-- It was inevitable that micro-blogging service Twitter would become infested with malware, according to a number of high-profile Australian users of the service. Read more »
Repent Open Sourcerers
-- The Anglican Diocese in Sydney is moving away from Microsoft technologies, Access and ActiveX provide another way for remote code execution and a local Aussie team wins the Imagine Cup. All that and more in this week's Roundup. Read more »
XSS fun with Howard: Liberal Party says no
-- Political parties have no sense of humour. Far from being a revelation, it was merely reinforced yet again as both the major parties in this country had their sites fall victim to XSS. Read more »
QuickTime and Firefox combine for insecurity
-- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »
We don't need an eBay for security holes
-- It's been likened to an eBay for hackers -- new security site WabiSabiLabi is a market place for auctioning security vulnerabilities. Read more »
5 reasons restricting hacking is not like gun control
-- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »
Builder AU's June book giveaway
-- Help out in the Builder AU forums and win a book! Read more »
Filter Tags
News and features
- Latest
- Popular
- Features
- Most Discussed
-
Bridging the gap between programmers and the visionA successful project will have a hard time flying if you don't walk through the game plan before writing a line of code. Read more »
-
Social news start-up Streem shuts downSydney social news start-up Streem will shut down this afternoon, according to a heartfelt notice posted on the site this morning by its founder Elgar Welch. Read more »
-
What's the point in following Apple's rules on the iPhone SDK if other developers will just flaunt them? We check the answer out and cover the other issues from the week: OLPC, IE, Ballmer and the Internet in space. Read more »
-
Five things to consider when choosing a Linux distribution
2008/10/01 15:50:33
-
Cyber-terrorism 'a big threat'
2008/12/01 12:43:32
-
Behind the Apple-Google API dustup
2008/11/27 10:43:36
What's on?
-
Space pr0n, patent karma and Yang out -- Club Builder
On Club Builder this week: how NASA plans to get the Internet into space, Jerry Yang is out the door at Yahoo and Brendan Eich discusses javascript engine competition.