Open Source

New CII members pony up $100K annually toward OpenSSL Project

By

OpenSSL is getting some much needed funding with reports saying new Core Infrastructure Initiative members Huawei, Smartisan and Nokia have made annual pledges.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster open source

By

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.

Major software flaws in iPhones, iPads fixed in update

By

A difficult-to-find vulnerability, disclosed in March at Google's inaugural hacker competition, was among the iOS fixes.

Twitter makes available some code from Whisper Systems buy

By

Twitter, which recently acquired year-old Android security start-up Whisper Systems, announced Tuesday that it is making some of the company's open-source code publicly available.

MySQL.com hacked to distribute malware

By

Visitors to MySQL.com on Monday were greeted with a drive-by download that attempted to silently install malware on their machine.

Open source research program for DHS takes root

By

The Georgia Tech Research Institute (GTRI) is currently heading a new five-year, $10 million U.S. Department of Homeland Security project to investigate open cybersecurity methods and how they can benefit government. The program, called Homeland Open Security Technology (HOST), is aimed at identifying open-source approaches that can support federal security objectives while saving agencies money. As part of the program, GTRI researchers are reaching out to members of government, industry and academia to learn how such solutions have been successfully implemented and where challenges remain. They plan to launch a public information portal this summer.

Apache.org hit by targeted XSS attack

By

The Apache Software Foundation is advising users to change their passwords after hackers launched a successful attack against its infrastructure.

IBM report: Vulnerabilities fell in '09, attacks rose

By

The number of new and unpatched vulnerabilities decreased last year compared to 2008, but attack volume grew substantially, according to a new report from IBM ISS.

Apple distributes whopper of security update

By

On the eve of Microsoft's Patch Tuesday, Apple released a monster security update for its Mac OS X platform.

New Safari 4.0 fixes more than 50 vulnerabilities

By

Apple on Monday released web browser Safari 4.0, which contains fixes for more than 50 vulnerabilities.

ActiveX flaw detector released

By

The CERT Coordination Center at the Carnegie Mellon Software Engineering Institute in Pittsburgh on Thursday released a free, open-source tool that software developers can use to detect ActiveX vulnerabilities. Dubbed Dranzer, the tool was tested on 22,000 ActiveX controls produced by more than 5,000 organizations. Dranzer is designed for use during the quality assurance phase of software creation and can help prevent flaws, such as buffer overflows, from being shipped in software to the public. — DK

Google working on fix for clickjacking vulnerability in Chrome

By

A researcher has shown that the Google Chrome web browser also can succumb to clickjacking.

iPhone and iPod touch 2.2 update addresses flaws

By

The vulnerabilities can be maliciously exploited to bypass certain security restrictions.

Vulnerability patched in Google's Android-powered phone

By

Google and T-Mobile late last week began rolling out a patch to users of the G1 phone to address a security vulnerability in the Android operating system.

OpenOffice releases patches for two vulnerabilities

By

The open-source alternative to Microsoft Office has released patches to rectify two critical flaws.

Firefox fixes security holes with release of 3.0.2

By

Mozilla's Firefox 3.0.2, released late Tuesday, corrects 12 vulnerabilities, seven that are deemed "critical."

Google Chrome flaws come soon after browser release

By

Surprise, surprise. Researchers have discovered vulnerabilities in Google's latest innovation, the Chrome browser.

DHS report: Open-source code "quality" is up

By

A U.S. Department of Homeland Security-sponsored project has not only discovered that the quality of open-source software code has improved significantly over the past two years, it has debunked a widely held assumption that longer function strings within source code are associated with an increased number of code defects.

New "critical" Linux kernel flaws discovered

By

Three "critical" vulnerabilities have been discovered in the Linux kernel found in many of the widely used distribution versions of the popular open source operating system.

Mass attack on Apache servers can be stopped: SecureWorks

By

Security vendor SecureWorks says a mass attack launched against Apache servers running Linux, which has now infected 10,000 websites, can be thwarted by disabling dynamic loading in the server configuration.

DHS-funded project uncovers open-source flaws

By

A vendor working with the U.S. Department of Homeland Security (DHS) has uncovered vulnerabilities impacting 11 major open-source software projects, including the Perl and PHP programming and scripting languages used widely to develop web applications.

Researcher: Firefox authentication box can be spoofed

By

The information in an authentication dialog box from Mozilla's Firefox browser can be spoofed, allowing an attacker to conduct phishing schemes, according to Israeli researcher Aviv Raff.

Apple releases hefty package of OS X fixes

By

Apple has issued patches to correct at least 40 vulnerabilities in its Mac operating system that could permit an attacker to install malicious software on a victim's machine

OpenOffice.org releases update to fix database vulnerability

By

OpenOffice.org released a new version of its productivity suite this week, fixing a flaw that could allow arbitrary code execution attacks.

Grisoft acquires Exploit Prevention Labs

By

Anti-virus vendor Grisoft announced today that it has acquired web-browsing security provider Exploit Prevention Labs.

Apple releases monster patch bulletin for OS X

By

Apple on Wednesday released security updates for Mac OS X and Safari Beta 3, patching nearly 50 vulnerabilities.

News briefs

Clothing retailer Gap Inc. revealed that a laptop containing the Social Security numbers of 800,000 job applicants was stolen from a third-party vendor. The laptop contained info of job applicants who applied to the company's Old Navy, Banana Republic, Gap and Outlet stores. The vendor, not identified by Gap, contacted law enforcement authorities about the breach. The data was not encrypted.

SC Magazine survey - Preventing a data breach

A legion of data exposures have occurred over the past year, with many affected companies not only being forced to address customer and investor concerns, but also pay fines and adhere to prolonged sets of requirements administered by the Federal Trade Commission. So just how is news of such breaches, exposures and possible thefts affecting the way organizations -- large and small -- focus on information security plans?

Endace buys MSSP Applied Watch for $5 million

By

New Zealand-based network monitoring provider Endace has acquired Applied Watch Technologies, a managed security services provider, for $5 million.

Firefox plagued by unpatched QuickTime flaw

By

Mozilla on Thursday acknowledged that a year-old vulnerability in the QuickTime media player plug-in for Firefox could let a hacker break into the open-source browser.

Sign up to our newsletters

POLL