juct - Slashdot User

Submission + - Microsoft Security Essentials slumbers updates (h-online.com)

Submitted by

juct

on Saturday October 24, 2009 @02:10PM

juct writes: "Under certain conditions Microsoft's antivirus product fails to load signature updates for days. Heise Security was able to reproduce this issue with a laptop that was suspended after work by closing the lid."

Submission + - Mozilla to protect Adobe Flash users (h-online.com) 1

Submitted by

juct

on Friday September 04, 2009 @06:10AM

juct writes: "Firefox is going to check the version of installed Adobes Flash plug-ins and warn users if it discovers an outdated version with potential security holes. Mozilla confirmed this new security feature and said that the Flash version check was part of a wider commitment to "protect users from emerging threats online". Only recently a study confirmed, that 80 per cent of users surf with a vulnerable version of Adobe's plug-in."

Comment english version of the heise story (Score 1) 116

by juct on Tuesday December 30, 2008 @01:42PM (#26269335) Attached to: CCC Hackers Break DECT Telephones' Security

is available on thier UK site: 25C3: Serious security vulnerabilities in DECT wireless telephony

Submission + - From the diary of a spy (heise-security.co.uk)

Submitted by

juct

on Wednesday January 02, 2008 @04:16PM

juct writes: "A former agent of the British MI5 secret service, told tales out of school at the 24th Chaos Communication Congress (24C3) in Berlin last Saturday. Apart from revealing details about the agency's computer problems she also gave insight into the thought processes and methods used by spies and called emphatically for more democratic control."

Submission + - The year 2008 in retrospective (heise-security.co.uk)

Submitted by

juct

on Monday December 31, 2007 @08:39AM

juct writes: "heise Security has published a funny review of the security relevant events of the upcoming year 2008. But then — maybe this isn't funny at all..."

Submission + - Secure your PHP aps -- now (heise-security.co.uk)

Submitted by

juct

on Thursday December 27, 2007 @01:53PM

juct writes: "In their yearly top 20 security risks the Internet Storm Center names web applications as top risk for servers: "Every week hundreds of vulnerabilities are reported in commercially available and open source web applications, and are actively exploited." The number one problem they list is "PHP Remote File Include". So why not spend a little time to secure your web server now. heise Security has a writeup on Basic PHP security with practical examples."

Submission + - Antivirus protection worse than a year ago (heise-security.co.uk)

Submitted by

juct

on Thursday December 20, 2007 @11:35AM

juct writes: "In a test of 17 antivirus products, the german magazine c't concluded, that the effectiveness has fallen off, and more and more pests can now slip past these barriers. Most of the products perform reasonably well if they can rely on their database of signatures. But if they have to detect new malware with heuristics, the results were worse than last year. Besides this c't did the first comprehensive test of behaviour blocking in antivirus products and found that more than half of them did not react on suspicious behaviour at all. The test itself is available only in the printed magazine, heise Security published a summary."

Submission + - ATM fraud aka skimming on the rise (heise-security.co.uk)

Submitted by

juct

on Monday December 17, 2007 @06:23AM

juct writes: "While everybody is talking about phishing and online fraud, the rate of ATM fraud raises silently. With nearly undetectable skimming devives, additional touchpads and cameras, fraudsters copy your card data, catch your PIN and loot your account. Look at the pictures, to see, if you spotted them."

Submission + - Dreamlab cracks wireless keyboard encryption (heise-security.co.uk)

Submitted by

Felix

on Saturday December 01, 2007 @09:28PM

Felix writes: "Wireless keyboards and mice are becoming an increasingly common sight on desks. However, wireless hardware carries large hidden risks. Dreamlab Technologies has shown that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily eavesdropped. Checkout http://www.dreamlab.net/ for further information."

Submission + - SecTor conference starts of with DNS(SEC) talks

Submitted by leto on Thursday November 22, 2007 @12:40AM

leto writes: Dan Kaminsky and Paul Wouters both presented DNS security talks at the new Canadian security conference SecTor in Toronto. Kaminsky showed a DNS binding attack using javascript and flash, allowing him to penetrate any firewall and start scanning the internal network of any user that visited his website. Wouters gave a presentation on the Theory and current worldwide operational experiences of DNSSEC that included a fancy google map overlay showing all TLD's deploying or testing DNSSEC. For those not convinced about the need for DNSSEC, he showed "15 ways of using the DNS to capture your clicks". Other speakers included Rohit Sethi and Nish Bhalla demonstrating their new Opensource Exploit-Me series of Firefox plugins to perform automated penetration testing, Johnny Long with a hilarious talk on Hacking Hollywood, and the mandatory presentations about wifi and bluetooth insecurities. No presentors were denied entry into Canada.

Submission + - Spying on the TOR anonymisation network (heise-security.co.uk)

Submitted by

juct

on Wednesday November 21, 2007 @11:41AM

juct writes: "The long standing suspicion, that the anonymizing network TOR is (ab)used to catch sensitive data by Chinese, Russian and American government agencies as well as hacking groups gets new support. Members of the Teamfurry community found TOR exit-nodes which only forward unencrypted versions of certain protocols. These peculiar configurations invite speculation as to why they are set up in this way. Another tor exit node has been caught doing MITM attacks using fake SSL certificates."

Submission + - Apple Mail in Leopard vulnerable again (heise-security.co.uk)

Submitted by

juct

on Tuesday November 20, 2007 @10:37AM

juct writes: "In March 2006 Apple defused a security problem in Apple Mail that made it possible to inject disguised malignant code. In Leopard, the patch was apparently forgotten. This means that you can inadvertently start an executable by double-clicking a mail attachment that looks like a JPEG image file. This works with special attachmnets of the MIME type AppleDouble, that carry information which application should be used to open a file. In Tiger you got a warning about a program being opened, Leopard silently executes a shell script with Terminal.app. heise Security provides a demo, where you can check for yourself."

Submission + - Who will defeat Colossus? (heise-security.co.uk)

Submitted by

juct

on Thursday November 15, 2007 @10:00AM

juct writes: "Starting this Thursday Radio amateurs and cryptologists are being challenged to decode encrypted radio messages generated by a Lorenz SZ42 cipher machine and sent using the original radio protocol from WWII. Those taking part in the cipher event will compete against a rebuild of the computer used to crack enciphered messages sent by the German high command 63 years ago. See: Who will defeat Colossus?"

Submission + - Leopard firewall functionality and holes (heise-security.co.uk)

Submitted by

jmt(tm)

on Thursday November 08, 2007 @02:43PM

jmt(tm) writes: "The uk version of German it news site heise runs a follow up of earlier stories on problems with the firewall in Apple's new version of OS X. They take a look at Apple's own documentation, now available at the Mac OS X 10.5: About the Application Firewall page. Their verdict is clear: "Alltogether this confirms the impression created by the initial functionality test. In its current version, this firewall cannot be recommended for practical use.""

Submission + - Mac OS X Leopard firewall damages Skype and WoW (heise-security.co.uk)

Submitted by

juct

on Monday November 05, 2007 @02:52PM

juct writes: "Maybe it wasn't such a bad idea that Apple decided the firewall in Mac OS X Leopard should be deactivated by default. It turns out that it signs programs retrospectively — and can affect program integrity as a result. heise reports about omplaints coming in from users of Skype and World of Warcraft."

Slashdot Top Deals