News & Features
Friday, 21 Jun 2013
While ICO only threatens increased focus on Google's operations, it serves an enforcement order on the company to destroy hard disks of sniffed Wi-Fi data it still retains
more »
Germany's Federal Office for Information Security (BSI) has conducted a study to analyse how secure some of the most popular content management systems are. Add-ons, they say, can contribute as much as 95 per cent of the problems
more »
Thursday, 20 Jun 2013
A new user privacy initiative from Stanford Law School called Cookie Clearinghouse will maintain block and allow lists of cookie creators. Mozilla has put its cookie patch on hold while it works with the group
more »
Russia and the US plan to improve communication in the fight against cyber-threats in order to minimise the risk of a bilateral crisis. Lines of direct communication between Moscow and Washington are being expanded
more »
Microsoft has announced that it is launching a bug bounty programme for upcoming versions of Windows and Internet Explorer. Researchers will be able to earn up to $150,000 for vulnerabilities reported to the company
more »
Wednesday, 19 Jun 2013
Makandra plans to continue providing security updates for the old 2.3.x branch once Ruby on Rails 4.0 is released and official support is ended
more »
A recently discovered email indicates that the spear phishing campaign from the group behind NetTraveler is still operating, despite being exposed by Kaspersky
more »
iOS's choice of password for mobile tethering is not genuinely random. Passwords for mobile hotspots can be cracked in just a few seconds
more »
Oracle's latest critical patch update addresses 37 vulnerabilities in all versions of Java that can be exploited without authentication over a network. Free updates are only available for Java 7 users
more »
As well as offering better protection from cyber-attacks, version 4.0 of EMET, Microsoft's mitigation tool, has been made much more user friendly. The recommended protection settings can now be set up with just a few mouse clicks
more »
Tuesday, 18 Jun 2013
It's possible to trick users into activating their webcams through clickjacking trickery and transparent Flash apps in the page. The problem was allegedly fixed in 2011 but is back again in the latest Chrome browser
more »
Java users should be prepared to update their installations later today as Oracle's latest Java update will fix 40 security vulnerabilities, 37 of which can be exploited over the network
more »
Monday, 17 Jun 2013
If attackers can get the user to install a malicious app and convince the user to reset their password using BlackBerry Protect, it is possible to take complete control of a BlackBerry Z10
more »
Patient monitors, medical pumps, and analysis devices like industry control systems, the equipment used in hospitals is increasingly connected to networks. Now, ICS-CERT says that some 300 devices from 40 manufacturers have backdoors
more »
Media reports have suggested that Microsoft has been supplying the US government with Windows security vulnerabilities for uses related to the PRISM programme. Microsoft has now released a statement denying all such allegations
more »
Initially as a preview only, Microsoft is offering Azure customers the facility, after entering their username and password, to authenticate via a smartphone app or over the phone. This option does not, however, come cheap
more »
Saturday, 15 Jun 2013
In the week ending 15 June Business Source, GNOME Classic Mode in RHEL 7, users warned to remove the Debian Multimedia repository, Hetzner hacked, GlassFish 4.0, the BrickPi, and a sophisticated Android trojan
more »
Friday, 14 Jun 2013
Google plans to retire its extension for older versions of Internet Explorer next January and recommends users switch to a modern version of IE or make the jump to Chrome in earnest
more »
The Debian project is warning users that the unofficial Debian Multimedia repository has to be considered unsafe as its domain has switched hands and is now under the control of an unknown party
more »
Thursday, 13 Jun 2013
Over the past few months, the US government has generated increasing amounts of publicity around alleged hacker attacks from China. The Mandiant report on the ATP1 group appeared to provide plenty of evidence. However, the US aren't the only victims
more »
Google is warning Iranian internet users to be on the look out for phishing emails which attempt to compromise their Google accounts. It believes the emails are from the same group behind the DigiNotar compromise in 2011
more »
The Open Web Application Security Project (OWASP) has published its latest top ten of web application security risks. Both cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks lost in importance in favour of other threats
more »
Wednesday, 12 Jun 2013
The web management interface of ProLiant and Integrity servers contains a critical vulnerability
more »
In the process of taking down 1462 botnets last week, it appears that Microsoft failed to take down over a third of the domains it was targeting and that an estimated 25% of the domains were being run by security researchers
more »
CyanogenMod founder Steve "Cyanogen" Kondik is working on privacy mode implementation for the open source third party firmware for Android devices. The per-app setting will allow users to not share their private data with apps
more »
Oracle releases fixes for 40 Java holes
