"Apache Killer" tool spotted in the wild

Yipe! While DoS attacks hardly have a 100% working remedy, weakness to some special kind of attack means that another generation of script kiddies to put servers down just for fun.

"Apache Killer" tool spotted in the wild

Trojanized Android app intercepts messages to hide costly subscriptions

Trojanized Android app intercepts messages to hide costly subscriptions

Now that is nasty. Note, however, that the user must install the trojan first, and users who don't pay attention to permissions requested by the installed application, probably deserve some lessons.

What really breaks SSL?

An article about how SSL is misused (or not used at all).

The point is that SSL itself is secure, and it's people whose mistakes and misunderstandings make SSL-protected resources vulnerable.

Why Sign & Encrypt operation is weaker than you might thought

The article discusses the problems that arise from using Sign & Encrypt operation carelessly or from putting too much trust into data, secured this way.

Is MacOS X really secure?

This technical article discusses in details the topic of how [in]secure MacOS X is. The article includes a number of references to flaws in design and implementation of MacOS X and can serve like a good how-to guide for those who plan attacks on MacOS X.