The annual security fest featured thrills and chills as the pros did their best to make everyone feel afraid

Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk.

In August 2010, hackers bent on jailbreaking Android smartphones found a vulnerability in the way the Android debugger handled an overwhelming number of processes. The code designed to exploit the flaw, dubbed RageAgainstTheCage, allowed users to reflash their smartphone and install custom firmware.

A hacking group has released a tool to remove the copy protection for a popular bot program, an event that is both good news and bad news for end users, a security researcher said Tuesday.

As smartphones increasingly hold interesting data, attackers will target the devices using known vulnerabilities in common software packages.

The U.S. Department of Defense has announced a set of five guiding strategic principles for better preparing its forces to handle operations to defend the nation in cyberspace.

Agricultural technology firm Monsanto became the latest target of hacktivists this week, when hackers donning the mantle of the distributed protest group Anonymous claimed that it had penetrated the firm's network and leaked personal information on 2,500 of the company's employees.

Code that exploits two iPhone flaws to allow people to jailbreak their devices could, ironically, force security-conscious users to use the vulnerabilities to jailbreak their own iPhones and apply a third-party patch.

If companies patch the most popular 37 Windows programs, they could cut their risk by 80 percent, according to a report released on Wednesday by vulnerability management and information firm Secunia.

With the surge in hacktivism and nation-state espionage in recent years, not to mention the continuing high levels of cybercrime, companies need better tools to evaluate the quality of any developer's code.

Companies and bloggers that run their own WordPress installations should make sure that they have not downloaded any of three popular plugins that were, for about 24 hours, playing host to malicious code, WordPress creator Auttomatic warned.

Online criminals have evolved their tactics to harden their botnets against takedown using a variety of tactics, including fast-flux networks and Conficker-like dynamic domain generation. Yet, such tactics can also pinpoint when such networks are being created by bot operators, according to research from the Georgia Institute of Technology.

Massive website compromises using a technique known as SQL injection has long been a top security concern for Web developers and site owners. Now, the attacks may become harder to detect and prevent, according to one security firm's analysis.

In June 2007, Apple released the iPhone, and the device quickly took off to become a major brand in the smartphone market. Yet when the iPhone shipped, security on the mobile operating system was nearly nonexistent. Missing from the initial iOS (then called iPhone OS) were many of the security features that modern-day desktop software has as a matter of course, such as data-execution protection (DEP) and address-space layout randomization (ASLR). Apple's cachet lured security researchers to test the platform, and in less than a month, a trio had released details on the first vulnerability: an exploitable flaw in the mobile Safari browser.

The source code and a manual to the popular crimeware creation kit Zeus has been leaked, perhaps giving defenders additional tools to fight infections but also raising concerns that criminals may use the source code to create a rapidly expanding compendium of variants.