heise.uk security

In the last seven days: a critical hole in PHP was closed, Ubuntu 12.04 Alpha 2 arrived and there was controversy around a Busybox alternative. Also Debian 7.0 will use the 3.2 kernel, VLC 2.0 gets ready to bloom and Wayland 1.0 approaches

Google has disclosed that it has, for the last year, been using a system called Bouncer to scan the Android Market for malware and says there was a 40% decline in downloads of malicious software in 2011

The lure was a well-made invitation to a prestigious conference which then injected spyware into employee's computers

In late 2011, the US corporation notified the authorities of several intrusions into its IT systems in 2010. However, no important information is believed to have been stolen

The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known

The PHP developers are working to fix a critical security vulnerability in PHP that they introduced in a previous security patch. The full impact of the problem is not yet known

Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques

Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the spam-sending botnet is now said to be making a comeback and using new techniques

Android applications running on some HTC smartphones can access the passwords of the Wi-Fi networks they are connected to and potentially send that information to third parties. HTC has release updates for the affected devices

The company has released Mac OS X 10.7.3 and, for users who have yet to upgrade from 10.6.8 to Lion, Security Update 2012-001. The updates address more than 50 security vulnerabilities that could be exploited to, for example, remotely execute arbitrary code

Mozilla has detailed the security fixes included in the recent updates to its Firefox web browser, Thunderbird email client and SeaMonkey suite. Version 10.0 of Firefox, for example, closes 8 holes, 5 of which are rated as critical

At a conference, Kristin Paget demonstrated how easily RFID-enabled credit cards can be used to make a payment without requiring any card owner interaction

Google has briefly experimented with a new procedure for logging in to use its services. Known as Sesame, the new process used a smartphone and QR code to allow users to log in securely on non-secure computers

A group of hackers has published access credentials allegedly belonging to staff at Deutsche Telekom's US offshoot

Further attacks temporarily brought down the web sites of Israel's stock exchange, as well as those of the national El Al airline and First International Bank, on Monday

Current Linux systems can quite easily be crashed remotely by a particular combination of IGMP packets

US-based online shoe and apparel shop Zappos.com, a subsidiary of Amazon.com, has confirmed that the private data of its more than 24 million customers was exposed in an attack on its servers

Malware that appears to have diverted sensitive data to external recipients was found on a staff computer

In the last seven days: a million installs of CyanogenMod and 15 million lines of code in Linux. Also Firefox for enterprises, Python for Android and fresh Firebug

Spammers have been using a vulnerability in McAfee's Total Protection software service to send out spam from customers' computers. Another vulnerability disclosed by ZDI was fixed back in August