News (458)

Microsoft to issue 11 security patches on Tuesday

On Thursday, Microsoft announced four security bulletins for next week. The announcement is intended as a heads-up for IT departments before Patch Tuesday. Four fixes are considered critical, six important, and one is moderate as ranked by the software giant. Read more »

Researchers warn of 'clickjacking' threat

Researchers have begun publishing details of a new type of attack called 'clickjacking', which can lead users to malicious websites by tricking them into clicking on unseen elements in a Web browser. Read more »

IBM joins the 'cloud computing' bandwagon

IBM on Monday launched a major initiative into 'cloud computing', a current term for internet-based services, in an effort it hopes will challenge the early lead of cloud pioneers such as Amazon and Google. Read more »

Why CIOs aren't nuts for Chrome

Google's recently launched web browser, Chrome, will have to overcome a number of major obstacles before it can break the business ubiquity of Internet Explorer and counter the rise of Firefox. Read more »

TCP flaw threatens Web servers

Two researchers in Sweden have found multiple flaws in the TCP stack that could lead to massive denial-of-service attacks if exploited. At present there is no workaround and there are no patches available. Read more »

Acrobat 9 crashes with malformed URLs

Certain URLs can cause Adobe Acrobat 9 to suffer a denial of service or crash, says a researcher. Read more »

Microsoft fixes eight critical flaws with four patches

Microsoft on Tuesday released its September 2008 security bulletin summary.The four bulletins concern Windows GDI+, Windows Media Player, and Microsoft Office OneNote. All are rated critical by Microsoft. There is no cumulative patch for Internet Explorer this month. Read more »

Google reveals Chrome security patch details

Earlier today, Google was keeping mum about a three-day-old security fix to its Chrome browser, but now the company has revealed details of two critical-risk vulnerabilities and some lesser issues it says are fixed. Read more »

Google quietly updates Chrome

Search giant Google has quietly begun releasing a hastily prepared update to its Chrome browser to fix some security problems. Read more »

Aussie CIOs poke under Chrome bonnet

Australian chief information officers have shown a mixed reaction to Google's new Chrome browser, which was released in testing form last week to early adopters' praise. Read more »

More Vulnerable News Results

Features (79)

50 significant moments from internet history

We take you through 50 defining moments of the internet. Read more »

10+ things you should know about rootkits

Malware-based rootkits fuel a multibillion dollar spyware industry by stealing individual or corporate financial information. If that weren't bad enough, rootkit-based botnets generate untold amounts of spam. Here's a look at what rootkits are and what to do about them. Read more »

Encrypt backups using Oracle 10gR2's RMAN

No IT pros want their company to make headline news because of a data breach. You can make your data less vulnerable to theft by using a new feature in Oracle 10g Release 2 that lets you make encrypted backups via Recovery Manager. Read more »

Red ring of death is closer than you think

It can seem hard to believe that a company with all the resources of Microsoft can make make a billion-dollar mistake with a small chip-design fault. Yet chip design is not an exact science and Rupert Goodwins, who has been there himself, details how it can go horribly wrong. Read more »

Find and fix weak OpenSSL/OpenSSH keys: Debian-based Linux vulnerability

A recent vulnerability was found in the OpenSSL package as provided by Debian and Debian-based Linux distributions, such as Ubuntu, that broke the effectiveness of the OpenSSL PRNG (Predictable Random Number Generator). Read more »

Automate and extend Firefox with the Chickenfoot add-on

Chickenfoot is a Firefox add-on that allows you to automate user actions within the browser environment. It also lets you extend the browser interface to provide additional features to a Web page. Read more »

What is cross-site scripting?

Cross-site scripting, also known as "XSS," is a class of security exploit that has gotten a fair bit of attention in the last few years. This article explains what it is and where the dangers lie. Read more »

Generate dynamic SQL statements in SQL Server

When you need to solve a tricky database problem, the ability to generate SQL statements is a powerful tool -- although you must be careful when using it. This article explores how you can use this functionality to generate SQL statements on the fly. Read more »

Why Apple's iPhone is like a 1981 IBM PC

Is the iPhone just a clunky 1981 IBM PC in a sexy black case? Rupert Goodwins asks some serious questions about its enduring appeal. Read more »

Establish a patch management policy

Patch management is an issue that will always plague your organisation's network -- there will always be patches, updates, and security fixes to apply. Read more »

More Vulnerable Features Results

Video (4)

Play!
Five services to turn off in Windows XP

Running unnecessary Windows XP services can increase your vulnerability to exploits that might use those services as attack vectors. In this IT Dojo video, Bill Detwiler discusses five services that you should consider turning off and shows you how to disable them. Read more »

Play!
Why security appliances can make you less secure

Security appliances can introduce vulnerabilities into an organisation's network because they often include older operating systems and vendors rarely inform customers how to properly update them, according to Microsoft's Roger Grimes, who was speaking at the AusCERT 2008 conference. Read more »

Play!
Security on the Web

Rasmus Lerdorf, creator of PHP, discusses security on the Web. He explains how almost all sites are vulnerable and why the entire structure of the Web needs an overhaul. Read more »

Play!
See how iPhone exploit works

A vulnerability has been discovered in the Safari browser of the iPhone, and this video is a brief demonstration of how it works. More details are set to be announced at this year's Black Hat security conference. Read more »

Blog (14)

Ubuntu gets jaunty

Staff [blogs:syslog] -- This week's Roundup looks at Ubuntu's new Jaunty Jackalope, new rules of virtualisation, the world of browsers and more. Read more »

The 2008 Trends and Threats to Internet security

Lana Kovacevic [blogs:webanatomy] -- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »

Australian twitterati talks malware

[blogs:bootstrappr] -- It was inevitable that micro-blogging service Twitter would become infested with malware, according to a number of high-profile Australian users of the service. Read more »

Repent Open Sourcerers

Staff [blogs:syslog] -- The Anglican Diocese in Sydney is moving away from Microsoft technologies, Access and ActiveX provide another way for remote code execution and a local Aussie team wins the Imagine Cup. All that and more in this week's Roundup. Read more »

XSS fun with Howard: Liberal Party says no

Staff [blogs:syslog] -- Political parties have no sense of humour. Far from being a revelation, it was merely reinforced yet again as both the major parties in this country had their sites fall victim to XSS. Read more »

QuickTime and Firefox combine for insecurity

Nick Gibson [blogs:byteclub] -- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »

We don't need an eBay for security holes

Nick Gibson [blogs:byteclub] -- It's been likened to an eBay for hackers -- new security site WabiSabiLabi is a market place for auctioning security vulnerabilities. Read more »

5 reasons restricting hacking is not like gun control

Nick Gibson [blogs:byteclub] -- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »

Builder AU's June book giveaway

Staff [blogs:syslog] -- Help out in the Builder AU forums and win a book! Read more »

Win Stuff! Builder AU's Book Of the Month Competition

Staff [blogs:syslog] -- We've got five copies of Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions by David Endler to give away, Read more »

More Vulnerable Blog Results

Log in


Sign up | Forgot your password?

Blogs

RSS feed

  • Staff XP stays on life support for longer

    This week's Roundup looks at Microsoft's decision to extend the life of Windows XP, the release of Microsoft Surface SDK, Firefox's new Geode plug-in, Yahoo's new tool -- Smush It and more. Read more »

    -- posted by Staff

  • Chris Duckett The good and truly awful celluloid depictions of computers

    Ever wonder why your lawyer uncle leaves the room whenever you turn over to Boston Legal? Or why your forensic science cousin can't stand crime drama? You know the answer: it’s the horrid trivialisation and dumbing down of an occupation to make it appear entertaining. Sometimes it is so unbelievable that it actually hurts and yelling at the screen is the only outlet. Read more »

    -- posted by Chris Duckett

  • Brendon Chase Apple's iPhone engineers to tour Sydney, Melbourne

    Aussie developers will be able to get up close and personal with some of the iPhone engineers in November to learn how to build applications for the platform. Read more »

    -- posted by Brendon Chase

What's on?