Information freedom for open source users.

Once thought to be unhackable, the Android phone is anything but, according to researchers presenting at Black Hat 2010.

Stealthy, targeted attacks aren’t just for defense agencies and high-tech giants like Google, according to researchers from managed security services firm TrustWave’s Spider Labs research grou

Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

Adobe Systems and Microsoft are now working together to give security companies a direct line into their bug-fixing efforts.

AT&T says it won’t interfere with a highly anticipated talk on intercepting cell phone calls at the Black Hat conference this week, even though rumors are circulating that it will do just that.

Google on Monday patched five vulnerabilities in Chrome by issuing a new “stable” build of the browser.

Last month, ICANN approved the .xxx top-level domain for adult websites. It’s been a controversial subject for many years, with conservatives saying the domain legitimizes the porn industry and pornographers decrying digital segregation. Well, the domain is approved, but there is no law in place that will force adult websites to use it (at least, not yet).

Sourcefire, best known for its Snort intrusion-prevention technology, Tuesday is unveiling a new open source project called Razorback that’s designed to spot malware and especially zero-day exploits.

“We want others to test it to see if our idea about this new protection framework is as innovative as we think it is,” says Matt Watchinski, senior director on the Sourcefire vulnerability research team.

The German security company G Data released a tool on Tuesday that blocks attacks using Microsoft’s shortcut vulnerability but also preserves shortcut icons unlike the hotfix released recently by Microsoft.

Both Mozilla and the Google are raising their rewards for submitted critical vulnerabilities in respective browsers. Mozilla is now paying $3,000 for Firefox bugs and the Google Chromium team is paying $3133.70 (“elite” in hacker leet-speak) for bugs in Chrome, compared to the initial $1,337 reward from six months ago.

Attendees at the annual Defcon hacking conference in Las Vegas might be advised to keep their cell phones powered off at the show, where one prominent security researcher says he will demonstrate a way to transparently intercept and eavesdrop on cell phone calls.

A new study of 45 U.S. organizations found that cyber crime — including Web attacks, malicious code, and rogue insiders — costs each one of them $3.8 million per year, on average, and results in about one successful attack each week.

For the second time in two months, Mozilla has rushed out a fix for Firefox to patch a problem with a browser update issued just days before.

Mozilla shipped Firefox 3.6.8 on Friday to patch a single security problem and deal with what Mike Beltzner, director of Firefox, called “a stability problem that affected some pages with embedded plug-ins.”

A computer that monitored drilling operations on the Deepwater Horizon had been freezing with a “blue screen of death” prior to the explosion that sank the oil rig last April, the chief electrician aboard testified Friday at a federal hearing.

“Blue screen of death,” or BSOD, is a term most often used to describe the display shown by Microsoft Windows after a serious crash that has incapacitated a PC.

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

Ask the average techie which browser has the most vulnerabilities, and odds are their answer will be “Internet Explorer, of course.” Indeed, Microsoft’s browser has endured plenty of slings and arrows — and not entirely without justification — but some of those projectiles should deservedly be aimed at Apple, Mozilla, and Google.

It wasn’t long ago that we were reading about the air war between Microsoft and Google over a vulnerability disclosure from a Google employee, Tavis Ormandy, that affected

The Windows attack used by a recently discovered worm is being picked up by other virus writers and will soon become much more widespread, according to security vendor Eset.

Eset reported Thursday that two new families of malicious software have popped up, both of which exploit a vulnerability in the way Windows processes .lnk files, used to provide shortcuts to other files on the system.

Adobe Systems today announced that it will harden the next version of its popular Reader PDF viewer, a frequent target of attacks, by adding “sandboxing” technology to the software.