We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Version 14 of the Mozilla Firefox browser, released Tuesday, offers several new security-related features as well as patches for numerous vulnerabilities.
Chrome version 20 represents a major step forward for the security of the Google browser, at least for Linux users, for whom this has often been a somewhat neglected area. It introduces a new sandbox concept which precisely regulates and filters the system calls a process is able to make.
LINUX VENDOR Canonical will drop Grub 2 in favour of Intel's efilinux as its bootloader in order to comply with Microsoft's UEFI Secure Boot.
Microsoft has found a new way to deal with the increasingly complex issue of computer security: get hackers working for them.
The PHP developers have released updates to both the 5.4 and 5.3 branches of the language. The updates fix two security vulnerabilities and more than thirty other bugs. A vulnerability in the DES implementation of the language's crypt() function has been patched along with a heap overflow in PHP's phar extension.
Cloud Linux Inc., an innovative software company serving the needs of hosting service providers, has released CageFS Version 3.5. This new version of the software features dramatic improvements in security for shared hosting companies. CageFS is a virtual file system that encapsulates each shared hosting customer in its own private virtual space.
Security experts from ERNW have demonstrated the ability to break out of the virtualisation hypervisor of VMware ESXi 5.0 using crafted VMware images. If a provider offers customers the ability to run customer-supplied VMware images on its servers as part of an infrastructure as a service (IaaS) offering, a malicious user could access all data on the server, including other customers' user passwords and virtual machines.
The PHP Group released PHP 5.4.3 and PHP 5.3.13 on Tuesday to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.
Soon, users running Firefox 3.6.x will start being automatically upgraded to the current version 12.0 release of the open source web browser. The plan to auto-update these users has been being discussed since the end of March, when Mozilla Release Manager Alex Keybl proposed the move on a Mozilla planning discussion thread.
Along with new versions of the Firefox web browser, Mozilla has published updates to Thunderbird and SeaMonkey, but they introduce relatively few new features or changes.
The developers of the popular open source blog engine WordPress have released a security update for the software. WordPress 3.3.2 fixes unspecified bugs in three external file upload libraries used in the software and other security problems with the application.
A new security tool developed by Department of Energy engineers is designed to give security and IT administrators the ability to more quickly identify and respond to an issue on the network.
A spate of hacking tools infected with malicious software, or malware, threatens to destroy the credibility of the growing hacktivist movement, writes Adam Turner.
Jeroen Frijters describes himself as an
Two weeks after its last security update, the Joomla! project has published another update to the 2.5.x branch of its open source content management system (CMS) which addresses two vulnerabilities. Version 2.5.4 of Joomla! closes an information disclosure hole that allowed unauthorised access to administrative information and fixes a problem that could have been exploited by an attacker to conduct cross-site scripting (XSS) attacks. Versions 2.5.0 to 2.5.3 are affected.
Pastebin.com has promised to police content on its site more tightly by hiring staff to delete data dumps and other sensitive information more quickly.
The vulnerability was described as a
Over a year ago, a little Firefox add-on program called Firesheep showed just how easy it was to snoop on people on the same Wi-Fi network. Since then, more and more Web sites, like Facebook and Twitter, are securing their Web sites by default. Now, Google is continuing its own push into making its search sites more secure.
It's that time again folks, the hosting of the Pwn2Own hacking contest. This year has, for the first time, seen Google's Chrome browser fall almost immediately to two zero-day exploits, which had avoided discovery for the past three years.
The eyes of the online world are on Joe Sullivan. As the CSO of Facebook, Sullivan is without a doubt one of the most visible security chiefs in the business. He must mitigate myriad security and privacy risks not only for Facebook's employees and corporate systems, but also for the social network's 800 million members.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
