We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
The PostgreSQL development team has published updates for all actively supported branches of its open source relational database to fix bugs and close security holes found in the previous releases.
Oracle is offering Red Hat Enterprise Linux customers a 30-day free trial of its Ksplice zero-downtime security patch technology, in an apparent move to tempt them into switching to its own Oracle Linux platform.
As part of its bug bounty program, Google doled out $6,837 to purchase the rights to information on the Chrome security vulnerabilities. Google has shipped another Chrome browser update to fix several gaping security holes.
It turns out that stealing someone's Google Wallet funds isn't that much more difficult than stealing that person's actual wallet, according to a few recently publicized exploits. "I think these types of vulnerabilities threaten to kill the adoption of NFC before it is even fully born," said the Yankee Group's Carl D. Howe. "All forms of mobile payment rely on being able to trust the payment system."
Google plans to remove online certificate revocation checks from future versions of Chrome, because it considers the process inefficient and slow. Browsers currently check if a website's SSL certificate has been revoked by its issuing Certificate Authority (CA) when trying to establish an HTTPS connection.
From the start, Google's Safe Browsing API was designed to spot malicious web pages so users wouldn't get trapped in them. Google identifies these sites through its own algorithms and user notification.
The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions.
Mozilla has released the latest version of its browser, Firefox 10, with fixes for nine security flaws, including five critical vulnerabilities.
Following the release of new versions of its open source Firefox web browser, Thunderbird email client and SeaMonkey suite, Mozilla has detailed the security fixes included in each of the updates. According to the project's Security Center page for Firefox, version 10.0 closes a total of 8 security holes in the browser, 5 of which are rated as "Critical" by Mozilla.
Google has released version 16.0.912.77 of Chrome which closes several security holes in the WebKit-based web browser. The update addresses a total of four vulnerabilities, all of which are rated as "high severity".
The developers of the Apache Struts 2 Java web framework have released version 2.3.1.2. This closes a critical hole in versions of Struts from 2.0.0 to 2.3.1.1 that allowed for remote command execution. The vulnerability makes it possible for the protection around OGNL, an expression language used for getting and setting properties of Java objects, to be bypassed and arbitrary expressions be evaluated.
The Apache Tomcat developers are advising users of the 7.0.x, 6.0.x and 5.5.x branches of the Java servlet and JSP container to update to the latest released versions 7.0.23, 6.0.35 and 5.5.35. Recent investigations revealed inefficiencies in how large numbers of parameters and parameter values were handled by Tomcat.
The National Security Agency (NSA) has released SE Android, a security-enhanced version of Android, which provides and enforces stricter access-control policies than those found in the popular mobile operating system by default.
Versions 1.4.11 and 1.6.5 of the open source Wireshark network protocol analyser have been released, fixing bugs and closing holes found in the previous builds. The maintenance and security updates to the cross-platform tool fix several vulnerabilities that could be exploited by an attacker to cause a denial-of-service (DoS) or compromise a victim's system.
Version 3.3.1 of the open source WordPress blogging and publishing platform has been released. The maintenance and security update addresses a cross-site scripting (XSS) vulnerability affecting WordPress 3.3. According to a blog post by security researchers Aditya Modha and Samir Shah, the hole affects WordPress instances installed using an IP address; instances of WordPress installed using a domain name are reportedly not vulnerable.
In the wake of a researcher's public disclosure of flaws in Siemens products that could let an attacker take over a control system without even knowing the username and password, Siemens today said it will issue security updates in January to fix product vulnerabilities.
A security testing firm today said a recent report that named Google's Chrome as the most secured browser was flawed -- and part of a campaign by Google to undermine Mozilla's Firefox.
Which is the most secure browser around? According to a newly released study by Accuvant, that
Goldblatt is the lead plaintiff in a class action lawsuit, filed Thursday against HP in California, claiming that the IT giant should have warned customers about the flaws ahead of time.
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
