DOS

(get it in RSS or Atom)

Patch Tuesday for July 2014 - 6 bulletins, 2 RCEs, 3 EoPs and get ready to reboot

pt-2014-07-250

Here's what to expect from Microsoft in the July 2014 edition of Patch Tuesday, scheduled to ship on Tuesday 08 July 2014...

Patch Tuesday for June 2014 - 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole

pt-june-2104-250

You'll be patching and rebooting everything this month.

Paul Ducklin gives you a brief overview to help you prepare.

He also explains some vulnerability terminology you might not have heard before...

Hootsuite suffers DoS attack, reassures users

Hootsuite owl

Social media management tool Hootsuite has recovered from a denial of service (DoS) attack which left users unable to use the system for some time yesterday.

Patch Tuesday - no critical updates for XP...then Microsoft adds two XP fixes after all

pt-feb-2014-250

Here's a quick run-down of what you'll face in the February 2014 Patch Tuesday update from Microsoft, which comes out tomorrow.

Online games services Steam and Origin fall as gamers ring in New Year DDoS-ing

Online games Steam and Origin fall as gamers ring in New Year DDoS-ing

Gamers have come up with a new game this week: DDoS games that their targets like to play. Scores of games fell flat on their faces.

Polish programmers jailed for 5 years for DDoS and cyber-extortion of online casino

Polish programmers jailed for 5 years for DDoS and cyber-extortion of online casino

Two online gaming programmers from Poland have been jailed for trying to cyber-extort the owner of an online marketing company based in Manchester, UK, and the CEO of an unnamed US internet software host.

NSA, Apple, Facebook and Adobe - 60 Sec Security [VIDEO]

2013-11-02-giraffes-250

A touch of fun but with a serious side - and only a minute to watch it.

Give our weekly "60 Second Security" video a whirl today...

Sophos Techknow - Understanding Vulnerabilities [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Make sense of vulnerability jargon by listening to this 15 minute podcast...

With recent updates from Microsoft (three times), Adobe, Oracle, Apple and Firefox, the timing could scarcely be better.

Police nab Argentinian teen who hacked money transfer and gambling websites

Police nab Argentinian teen hacker who netted $50,000/month

Argentinian police have arrested a teenager, dubbed "the superhacker", who was allegedly bleeding $50,000 (£31,500) per month out of international money transfer and gambling websites.

September Patch Tuesday is out - one update lost en route, 13 patches left, 8 RCE, 4 critical

patch-500

One of Microsoft's 14 promised patches for September failed to materialise.

There's still plenty left over, though: IE gets a jumbo fix, as usual; SharePoint, FrontPage, Excel, Access, Outook and more get vital updates, too.

DDoS-for-hire service is legal and even lets FBI peek in, says a guy with an attorney

Polish programmers jailed for 5 years for DDoS and cyber-extortion of online casino

It's "a public service on a public connection to other public servers", the operator of RageBooter told Brian Krebs, and if sites don't like getting their socks knocked off in DDoS attacks, they should fix recursive DNS and default DNS server settings.

Oh, and yes, he says, he not only cooperates with the FBI, he works with them. He's busy on Tuesdays around 1 p.m., so try later if you need to to launch an attack.

Hackers launch DDoS attack on security blogger's site, send SWAT team to his home

Brian Krebs SWATted

Brian Krebs was the victim of a caller ID spoof that resulted in armed police surrounding his house. He's pretty sure about the criminal element responsible and has linked the perpetrator(s) to a denial-of-service attack against Ars Technica following its report of Krebs's ordeal.

Anatomy of a "feature" - what happens if a website grabs all your disk space?

w3c-storage-250

HTML5 allows websites to save data on your hard disk for the next time you visit.

Your browser is supposed to restrict how much disk space each website can use. But for most browsers, the restrictions simply don't work...

Apple bumps iOS to 6.0.1, fixes an interesting set of bugs

Apple bumps iOS to 6.0.1, fixes an interesting set of bugs

Four good reasons to upgrade to Apple iOS 6.0.1.

Apple Mountain Lion 10.8.2 - lots of bug fixes, no known vices

Apple Mountain Lion 10.8.2 - lots of bug fixes, no known vices

The latest security updates for Snow Leopard, Lion and Mountain Lion came out last week.

They were overshadowed by the iPhone 5 and iOS 6, but to OS X users, are just as important. More so, in fact!

Alleged TeaMp0isoN teen hackers charged with jamming anti-terrorist hotline

teen hacker

Two teenagers have been arrested following a series of prank calls and DoS (denial-of-service) attacks launched against the Anti-Terrorist Hotline.

Large percentage of websites vulnerable to HashDoS denial of service attack

28c3logo

Researchers in Germany have disclosed a vulnerability in most web programming languages that allows for a denial of service attack to be successful with very little resource and against the vast majority of websites

Mystery flaw crashing DNS servers across the internet

net-globe-thumb

A zero-day vulnerability is being exploited in-the-wild to crash BIND 9 DNS servers all over the internet. The flaw, a Denial of Service vulnerability described as an "as-yet unidentified network event" affects all of the currently supported versions of BIND.

Apache 2.2.20 released to fix DoS vulnerability

iStockVirusBug175

The Apache Foundation has released version 2.2.20 to address a denial of service vulnerability. Web admins using Apache should update as soon as possible.

Apache exploit leaves up to 65% of all websites vulnerable

apache-250x250

A newly discovered vulnerability in the Apache web server could leave up to 65% of all websites vulnerable to low-powered denial-of-service attacks.