Remote Desktop Protocol security hole: 5 unanswered questions

Whether the Windows Remote Desktop Protocol (RDP) security vunerability will result in widespread Conficker- or Blaster-level mayhem remains to be seen. While we're waiting for the apocalypse, consider these question.

Android, the simmering security shemozzle

Even apart from the serious security flaw in HTC Sense and malware that talks to an encrypted blog, to name just two recent issues, a consensus seems to be emerging. Android has serious security problems.

By Stilgherrian | 14 October, 2011 12:33

Tags: security, mobile security, Android

Duqu, Son of Stuxnet, has arrived

The team behind Stuxnet, the complex malware used to attack Iran's nuclear program earlier this year, has produced another worm, dubbed "Duqu" by McAfee Labs.

By Stilgherrian | 19 October, 2011 07:28

Tags: duqu, Certificate Authorities, security, Stuxnet, mcafee labs

Global time zone database closed following legal threat

The tz database, the key source of time zone information for most the computing world, has been shut down following allegations of copyright infringement.

By Stilgherrian | 07 October, 2011 15:06

Tags: tz database, Olson database, Microsoft, zoneinfo database, government, copyright infringement

MD5 password hashes are dead

MD5 hashes, still a common method for securing login passwords, are no longer an adequate defence against hackers, according to Kaspersky Lab analyst Evgeny (Eugene) Aseev.

By Stilgherrian | 09 September, 2011 16:26

Tags: HB Gary, hackers, rainbow tables, MD5 hashes, Eugene Aseev, authentication, cryptographic hash function, kaspersky lab

Rogue Google certificate used by 300,000 Iranian IPs

Iranian internet users whose security may have been compromised by the forged Google.com digital certificate could number in the hundreds of thousands. An interim report (PDF) commissioned by DigiNotar, the certification authority (CA) at the centre of the hacking incident, also reveals lax security at the Dutch firm.

By Stilgherrian | 06 September, 2011 11:02

Tags: hackers, Tor, breach, VPN servers, Fox-IT, dropbox, digital certificates, MI6, DigiNotar, network servers, pki, network security, Google, security

Online health records at risk from malware

AusCERT general manager Graham Ingram has questioned the wisdom of Australia's National E-Health Strategy plans to make medical records available online, pointing to the difficulty of securing end-users' computers.

By Stilgherrian | 25 August, 2011 20:34

Tags: covert enterprise intrusions (CEIs, auscert, advanced persistent threats (APTs), health records, Graham Ingram, ehealth, malware, phishing attacks