We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Want to hack someone else's Amazon, Facebook, Twitter or Windows Live account in just one click? A Firefox extension called Firesheep claims you can by hijacking a person's current user session over an open Wi-Fi connection.
A vulnerability in the library loader of the GNU C library can be exploited to obtain root privileges under Linux and other systems. Attackers could exploit the hole, for instance, to gain full control of a system by escalating their privileges after breaking into a web server with restricted access rights. Various distributors are already working on updates.
A University of North Florida (UNF) computer file containing the sensitive information of students may have been accessed by a foreign hacker.
An interesting story reported by The Huffington Post suggests Conde Nast iPad (and iPhone) apps have a critical flaw that can allows anyone inclined to change a preference file to download new issues of magazines for free.
Corey "Xyrix" Barnhill, Michael "Virus" Nieves and Justin "Null" Perras are hacker-thugs suspected of repeatedly trashing Cryptome.org, John Young's email, and John Young's LAN on and about 2 October 2010.
If Willie Sutton had been a hacker, we know what he
A trojan recently analysed by Webroot is said to rely on retrieving web page passwords from a browser's password storage, rather than logging a user's keyboard inputs. To make sure it will find all the interesting passwords in Firefox, the malware, called PWS-Nslog, makes some changes to jog the browser's memory.
According to a report from Red Hat, two vulnerabilities in the free PDF reader Xpdf can be exploited via manipulated PDF documents to compromise a victim's system. The flaws are reportedly due to an uninitialised pointer and an array index error.
Policy group New America has written a scathing blog entry that criticizes the HTC G2 for including a "hardware rootkit" that prevents users from installing custom firmware on the device. The report appears, however, to be based on a misunderstanding of technical issues raised in an XDA discussion thread.
Is this year turning out to be even worse for getting hacked than last year? That's what a survey of 350 IT and network professionals would indicate, with large companies in particular reporting this to be worse than last in terms of suffering at least one network intrusion of their user machines, office network or servers.
The lack of a secured infrastructure is typically the reason hackers are able to gain access to enterprise servers and from there, implant malware to launch an attack, according to Verizon.
Security researchers in the States say they have developed a cunning new method of "fingerprinting" voice calls that could offer a route to trustworthy caller ID and a barrier against so-called "vishing" or voice phishing.
A recent study shows that organized criminals create approximately 8,000 malicious websites every day, or over 57,000 each week.
An internet voting system designed to allow District of Columbia residents to cast absentee ballots has been put on hold after computer scientists exploited vulnerabilities that would have allowed them to rig elections and view secret data.
The Cryptome whistleblowing website was hacked last weekend in an attack that could have compromised sensitive data, possibly including the email addresses of top secret sources for leaks sent to the site.
You might think that since you use a personal laptop at home, and not a computer at a cafe, you are safe from hackers. Well, think again. Hackers don't even need to have physical access to your computer to be privy to all the information it contains.
A security expert at a managed services provider has kicked off a project to expose and blacklist the networks hosting VoIP attacks against his and other companies' VoIP PBX servers. The VoIP Abuse Project uses a honeypot to gather as much data as it can from incoming VoIP attacks, including the IP address and a recording of what the call was sending.
Hackers are preparing to raise the stakes in their next assault on anti-piracy organisations after they crippled the website of the Australian Federation Against Copyright Theft (Afact) on Tuesday.
After the piracy activist group known as 4can targeted the MPAA and RIAA websites with a distributed denial of service (DDoS) attack one week ago, a group of activists has locked on a new target: anti-piracy lawyers.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
