News (264)
Patched Oracle database 'still vulnerable'
The latest update for Oracle 10g Release 2 does not plug a hole that allows published attack code to run, according to a security researcher. Read more »
Attack code released for IE hole
Exploit code for a new flaw in Internet Explorer could put systems at risk of remote attack, security experts warned Monday in the United States. Read more »
Attack code out for Apple flaw
Attack code that exploits a flaw in Apple Computer's Mac OS X was publicly released Wednesday in the US, increasing the urgency to patch. Read more »
Survey: Linux programmers yawn at SCO
A new survey has found that 73 percent of Linux programmers believe the SCO Group's legal attacks on the open-source operating system lack merit. Read more »
Developers take Linux attacks to heart
A handful of recent online attacks on free and open-source software servers has open-source developers looking over their shoulders. Read more »
Malware on 'trusted' websites has quadrupled
The amount of web-based malware hosted by trusted websites has increased by over 400 percent since last year, according to security vendor ScanSafe. Read more »
Berners-Lee: Web security still a fight
Sir Tim Berners-Lee, credited as the inventor of the Web, has described online security as a "never-ending battle". Read more »
Botnets threaten the Internet as we know it
Botnets are the biggest threat facing the Internet today and neither education, technology or the police can help, according to experts at the RSA security conference in San Francisco last week. Read more »
50 percent of DNS servers vulnerable
Security around DNS servers is still a serious issue for network administrators, even though new servers such as BIND 9 are more secure, according to a new survey released this week. Read more »
Flaw leaves Windows open to Java attack
Microsoft has warned of three flaws affecting its software, the most serious of which would allow an attacker to gain full control of a PC using Java applets. Read more »
Features (63)
New weapons in the war against DoS attacks
Industry watchdog groups are warning that denial of service attacks are becoming more destructive each year. Learn about some new tools you can add to your arsenal of DoS defenses to help safeguard your enterprise. Read more »
Glitch in C++ libraries allows a DoS attack against ISAPI
The Microsoft Foundation Classes static library contains flaws that make ISAPI extensions vulnerable to DoS attacks. Find out why this illustrates a major challenge for developers who need to produce secure applications. Read more »
Security through obscurity won't secure your code
Most applications use some form of security through obscurity, but you should avoid it when writing your apps. ZDNet Australia offers these tips on how to tighten up your code. Read more »
Make managed code work with .NET's CAS
Developers and administrators can set permission and trust levels with code access security (CAS), while allowing the code to execute effectively. Read more »
Develop applications that prevent intrusion
Designing secure applications requires developers to look beyond their own code. Accessing APIs or COM objects or establishing system privileges can result in security vulnerabilities that can be prevented. Read more »
CGI wrappers for Apache-based apps can boost security
CGI scripts represent a big potential security risk in Web development, but using CGI wrappers can help insulate your servers from attack. Here's an outline of how to create CGI wrappers to protect an Apache Web server. Read more »
File transfers between two applets
Security restrictions can make transferring files between two applets problematic. Find out how you can employ a middleman. Read more »
Develop secure software at the application level
Protect your application from input overflow and underflow attacks, and from other common tactics with these development techniques. Read more »
Security in the Web 2.0 Era
At the Gartner Symposium ITxpo 2008 in Sydney this week, Andrew Walls, the research director and security analyst at Gartner presented "Security in the Age of E-Commerce and Web 2.0". Read more »
Clickjacking: Potentially harmful web browser exploit
Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »
Blog (6)
AJAX applications and security
-- Douglas Crockford, the creator of JSON, gave a talk entitled "AJAX Security" at the recent Web Directions South conference. In this talk, Crockford discussed some of the security concerns with AJAX applications and what can be done to address them. Read more »
The 2008 Trends and Threats to Internet security
-- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »
QuickTime and Firefox combine for insecurity
-- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »
5 reasons restricting hacking is not like gun control
-- Let's get it out of the way: Guns don't kill people, people with guns kill people. People with hacking tools can steal your personal data, shut down your system and deface your web site -- but is that any reason to ban them? Read more »
Anti-Virus software hit with 6 critical vulnerabilities
-- Kaspersky Labs announced over easter that their latest maintenance pack fixes six critical security vulnerabilities in their anti-virus software. The security flaws affect the Anti-Virus 6.0 and Internet Security products, including both the workstation and server editions. Read more »
Application Threat Modeling v2
-- Threat Modeling has become one of the most important ways to increase the security of your application development projects. It allows you to understand the threats you will face, and implement countermeasure in a consistent, reliable way. If you only do one thing to improve yoru development processes, Threat Modeling should be it. Now with the new ACE Threat Modeling methodology and tools, it's easy to do as well! Read more »
Filter Tags
News and features
- Latest
- Popular
- Features
- Most Discussed
-
In this week's roundup we see that continuous whining can get results, Linux users get 64-bit Flash and Moonlight previews, the latest in the Yahoo/Microsoft relationship and Senator Conroy ducks and weave in Senate Question Time. Read more »
-
Sun eye Web developers with Netbeans 6.5Despite the recent employment axe hitting Sun the company has pushed out a new release of its Netbeans open source IDE with an eye to appeal more to Web developers. Read more »
-
BarCamp buzz: Let the hacking continueAttending last weekend's BarCamp in Sydney, it was hard to escape the conclusion that a certain "dot-com bust" flavour had seeped into the kool aid previously being drunk by Australia's web 2.0 and early stage start-up sector. Read more »
-
Interplanetary Internet a possibility
2008/11/21 10:32:55
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
2008/11/20 10:58:20
-
Yang's resignation: The talk of Silicon Valley
2008/11/19 16:10:33
What's on?
-
Conroy ducks, Ballmer evades and Android Fails -- Club Builder
Club Builder this week takes a long look at Senator Conroy's recent attempt to explain his Great Firewall of Australia, we chase Steve Ballmer over Sydney, and find Google's biggest bug of the year.