News (126)

Exploit code makes IE flaw more dangerous

The threat posed by a critical flaw in Internet Explorer has been ratcheted up by the release of a program designed to exploit the vulnerability, security researchers warned on Thursday. Read more »

Web attackers get better at hiding

Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said this week. Read more »

IE plus Firefox equals 'critical' security risk

Firefox combined with Internet Explorer on the same desktop opens up a zero day vulnerability that is highly critical, according to security researchers. Read more »

MacBook hacked in contest at security event

Software engineer Shane Macaulay hacked into a MacBook through a zero-day security hole in Apple's Safari browser, winning a free laptop in the process. The computer was one of two offered as a prize in the "PWN to Own" hack-a-Mac contest at the CanSecWest conference in Vancouver, Canada. Read more »

Patch or get PWNED in a flash

Recently fixed vulnerabilities in Sun's Java Runtime Environment and Adobe's Flash player mean that unpatched systems are vulnerable and could be infected with spyware or recruited into a botnet by simply visiting a Web page with exploit code -- and Google last month warned that 10 percent of Web sites contain this kind of malicious code. Read more »

'Dangerous' Flash exploit can infect by stealth

A Flash flaw discovered this month could change the face of Web security by allowing criminals to infect users of any browser or operating system with malware — without making their browser or application crash. Read more »

Apple QuickTime exploit in the wild

Symantec has found active exploit code in the wild for an unpatched Apple QuickTime vulnerability. Read more »

Facebook banner ad serves an IE exploit

Unpatched PCs running Internet Explorer could fall victim to adware when visiting social networking site Facebook. Read more »

Exploit code chases two Firefox flaws

Two vulnerabilities in the popular Firefox browser have been rated 'extremely critical' because exploit code is now available to take advantage of them. Read more »

iPhone hacked in less than a month?

Apple's iPhone has been on the market for less than a month, but already researchers have claimed to have hacked the popular device. Read more »

More Browser, Exploit, Security News Results

Features (17)

Clickjacking: Potentially harmful web browser exploit

Clickjacking has the potential to redirect unknowing users to malicious websites or even spy on them. We all need to be aware of clickjacking and how to avoid its trappings. Read more »

Safe browser an oxymoron?

In November 2003, the CERT Coordination Center first advised Web users to consider using a Web browser other than Microsoft Internet Explorer. Read more »

Why interactive site features can conflict with security

Interactive features on Web sites can offer great benefits to users, but may conflict with security concerns. We look at the ongoing war between interactive Web site features and better browser security. Read more »

The secrets of open source security

The Linux vs. Windows security debate is a contest of examples, which stand in place of the concepts that comprise a larger, more fundamental question of what the security benefits and detriments are for the open source and closed source development models. Read more »

CGI wrappers for Apache-based apps can boost security

CGI scripts represent a big potential security risk in Web development, but using CGI wrappers can help insulate your servers from attack. Here's an outline of how to create CGI wrappers to protect an Apache Web server. Read more »

Avoid security vulnerabilities in your CGI programs

CGI makes creating Web-executable programs quick and easy--both for you and for hackers. Learn about some of the explicit security vulnerabilities of CGI and how to avoid them. Read more »

How CGI programs make your server vulnerable

CGI is the popular standard for generating content dynamically on the server side. But running CGI apps on your server can result in a signficant security risk. Read more »

Watch out for IE Local Zone script injection flaw

A flaw in the way Internet Explorer handles some errors, discovered by security company GreyMagic, could result in an attacker being able to read local files on a system or run various scripting commands. Get the details. Read more »

What is cross-site scripting?

Cross-site scripting, also known as "XSS," is a class of security exploit that has gotten a fair bit of attention in the last few years. This article explains what it is and where the dangers lie. Read more »

Be proactive in your fight against malware

Mike Mullins discusses the merits of proactive security and explains why it's better to know whether a Web site is potentially harmful before you browse. Read more »

More Browser, Exploit, Security Features Results

Video (1)

Play!
See how iPhone exploit works

A vulnerability has been discovered in the Safari browser of the iPhone, and this video is a brief demonstration of how it works. More details are set to be announced at this year's Black Hat security conference. Read more »

Blog (2)

The 2008 Trends and Threats to Internet security

Lana Kovacevic [blogs:webanatomy] -- I recently came across the IBM Internet Security Systems X-Force 2008 Mid-Year Trend Statistics report, which outlines issues affecting internet security, including application vulnerabilities, phishing, malware and spam. Read more »

QuickTime and Firefox combine for insecurity

Nick Gibson [blogs:byteclub] -- A vulnerability in Apple Software's QuickTime media player can be exploited to execute remote javascript code, or by tapping into Firefox's chrome engine can execute remote code of any kind. Read more »

Log in


Sign up | Forgot your password?

Blogs

RSS feed

What's on?