Inspired by the recently completed HackWeekend and GTUGKL hackathon, HackWEEKDAY is a 24-hour code off that runs alongside the 9th annual HITB Security Conference in Malaysia – Asia’s premier deep-knowledge network security event that routinely brings together some of the world’s leading security experts under one roof
Maintainers of the open-source Apache webserver have fixed a severe weakness that attackers are exploiting to crash websites.
Flaws in Apache's HTTP daemon made it easy to crash servers using publicly available software released last week. The bugs in the way the HTTPD processed multiple web requests that involved overlapping byte ranges allowed attackers to overwhelm servers by sending them a modest amount of traffic.
Malware on Google Android devices is becoming more and more of a problem for smartphone owners. Until now, malicious apps such as DroidDream and DroidDream Light, had exploited bugs in earlier versions of the OS but wouldn't affect those devices running Gingerbread (version 2.3). However, now researchers have spotted malware that exploits a critical vulnerability in this version of Google's mobile platform.
Mozilla has garnered unfriendly attention lately after a former volunteer criticized the group's slow responses to bug reports.
The Snort network intrusion detection system has been updated with HTTP and DCE/RPC protocol aware flushing and improved SIP, POP and IMAP3 preprocessors. Updates to the HTTP and DCE/RPC preprocessors now allow Snort to reassemble requests and responses, even when spread over many packets, and to intelligently flush the results. Snort performs realtime analysis on IP network traffic to detect attempts to probe or attack the network by using a user-defined ruleset which characterises those attacks.
A recent proposal to remove the version number from the Firefox Web browser's "About" dialog attracted a surprising amount of attention. As critics and supporters moved to take sides on the issue, it gradually devolved into a divisive controversy.
One of the primary building blocks of yesterday's web is limbering up to become a mover and shaker in mobile – but it might just spend longer in training than you'd like.
Dries Buytaert, the Linus Torvalds of open-source content management systems (CMS), has told The Reg that websites built on Drupal 8 will default to being created in HTML5.
The Fedora Project has made the first and only alpha version of Fedora 16 available to download. It was originally scheduled for release a week ago, but was delayed a week due to a series of problems. As a result, Fedora has also put back all subsequent scheduling by 7 days, so that Fedora 16 (named after Jules Verne) is, barring further delays, now expected to arrive on 1 November.
Rapid7 created a $100,000 investment fund to support up to seven promising open source projects in the security industry. The "Magnificent7" projects will be identified and supported through the remainder of 2011 and into 2012.
Any security-related open source project - with a preference for BSD-compatible licensing - is applicable and encouraged to submit a "Magnificent7" application.
It’s being called an accident, but it could also be a show of force: a piece of state propaganda from China shows an attack being launched against Falun Gong computers. New York-based newspaper The Epoch Times says this image, taken from a TV spot aired in July, shows the software in use.
The newspaper translates the labels in the image as “Select attack target”, a drop-down list of Falun Gong Websites, and an “attack” button. It says the video, some of which is posted on F-Secure’s blog, provides direct evidence of government involvement in cyber-attacks.
