Group attacks flaw in browser crypto security
A group of researchers warns browser makers and certificate authorities to drop support for MD5 digital signatures, after successfully creating a fake, but valid, certificate.
Commission calls for cybersecurity czar
A group of technology and government experts warns that, without significant changes to the U.S. approach to cyberspace, foreign companies and other nations will continue to steal valuable technologies.
Online payment site hijacked by crime gang
CheckFree loses control of at least two of its domains in an attack that sends customers to servers run by a notorious crime gang.
Microsoft hopes free security means less malware
The software giant says shutting down Windows Live OneCare to release the software as a free tool could make consumers more secure.
Researchers find more flaws in wireless security
Two security experts plan to show a limited attack against the popular Wi-Fi Protected Access (WPA) -- a replacement for insecure WEP -- at a conference in Tokyo.
Secure hash competition kicks off
Dozens of amateur and professional cryptographers have joined the United States' first open competition for creating an uncrackable algorithm for generating hashes -- the digital fingerprints widely used in a variety of security functions.
You don't know (click)jack
Security professionals Robert "RSnake" Hansen and Jeremiah Grossman discuss a class of attacks, known as clickjacking, on user interfaces of Web browsers.
Researchers weigh "clickjacking" threat
A canceled presentation at a Web security summit attracts attention to the danger of overlaying Web pages with graphics to persuade a victim to click where an attacker wants.
Security of Google's browser gets mixed marks
The search giant uses process isolation, least privilege rules, and sandboxing as the security foundation for its Chrome browser, but security experts say more is needed.
Online intruders hit Red Hat, Fedora Project
A leading Linux company and its open-source distribution acknowledge that attackers breached several systems, including one that manages the Fedora signing process.