As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. You need a way to both automate tests and make sure you're running the most appropriate and up-to-date tests. Open Vulnerability Assessment System (OpenVAS) is a ...

Hackers turned computer security specialists accuse Google of setting users up for online disasters by letting them personalize home pages with applications that could be tainted. Software that hackers can trick people into installing on "iGoogle" home pages can track users' activities and control their machines, SecTheory chief executive ...

The Domain Name System (DNS) is responsible for translating host names to IP addresses (and vice versa) and is critical for the normal operation of internet-connected systems. DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into ...

Symantec has confirmed flaws in its most popular consumer security software that could give attackers the means to hijack the Windows PCs that the programs are supposed to protect. The vulnerabilities are in an ActiveX control that ships with several products, including Norton AntiVirus, Norton Internet Security, Norton SystemWorks ...

Wireless phones and devices become more prevalent in today's society, it is inevitable that these devices become more difficult to properly secure. Antivirus giant Symantec suggests users are wising up to a growing threat of mobile phone viruses. But one company which handles support for major mobile operators claims the ...

Testing software during the development phase has become an important part of the development lifecycle and is key to the agile methodologies. Code quality and maintainability is increased by adopting an integrated testing strategy that stresses unit tests, integration tests and acceptance tests throughout the project. But these tests are ...

Authentication strength is a somewhat subjective question. For many of the approaches that we will discuss, strength comes from the details of cryptographic algorithms and key lengths used; but part lies also in overall system design and implementation and in the realities of user behavior, and this can ...

Your PC powers up correctly, it passes the POST, all drives are detected correctly, but Windows does not load automatically. Instead you see the following error message: Cannot find a device file that may be needed to run Windows or a Windows application.The Windows registry or SYSTEM.INI file refers ...

A security policy says what is and is not allowed. A vulnerability is a condition that enables someone (the attacker) to violate the security policy. Security policies vary from site to site. For example, consider a race condition problem in UNIX software that is to be run with ...

Metasploit has proof of concept code for exploiting MS06-040. The countdown to the worm begins. Exploit Module: netapi_ms06_040 [MetaSploit.com] Original post by Security Wonk and powered by Img Fly

Wired has a story out of DefCon picturing Blackberries as the perfect backdoor into your corporate network. Since many cop orations inherently trust the blackberry straight in through their firewalls, it might be worth a read. The program, called proxy, has to be placed on a Blackberry either physically or ...

The guys at Black Hat are demonstrating some interesting attacks against the device drivers for the wireless card in a MacBook Pro: The video shows Ellch and Maynor targeting a specific security flaw in the Macbook’s wireless “device driver,” the software that allows the internal wireless card to communicate with the ...