Monthly Archives: February 2014

SSCC 136.5 - RSA 2014 Conference Special: the good, the weird and the interesting! [PODCAST]

sscc-136.5-thumb-250

Paul Ducklin hooks up "live at RSA" with Chester Wisniewski and John Shier for a Conference Special podcast.

Find out what was good, weird, interesting, or all of the above, at this year's RSA 2014 event!

Jail time for university hacker who changed his grades to straight As

Jail time for university hacker who changed his grades to straight As

Three former Purdue University students are thought to have altered their grades by breaking into staff offices and attaching keyloggers to computers operated by class professors, possibly by replacing the keyboards with doctored versions.

SSCC 136 - Apple's "goto fail", Neiman Marcus's logfiles, and Adobe's double update [PODCAST]

sscc136-thumb-250

Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.

From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.

US woman wins $500K in revenge-porn suit against ex-boyfriend

US woman wins $500K in revenge-porn suit against ex-boyfriend

In a court decision that could prompt a change in state law, a Texas woman has been awarded a half-million dollars in a civil lawsuit she brought against her ex-boyfriend for plastering nude photos on the internet without her permission.

Notorious "Gameover" malware gets itself a kernel-mode rootkit...

gameover-250

The Gameover botnet gang has been trying new techniques lately: most recently comes the introduction of a kernel-mode rootkit called Necurs, making the malware harder to find and remove.

Senior Researcher James Wyke of SophosLabs investigates...

How emails can be used to track your location and how to stop it

Chrome extension 'Streak' betrays what time you open mail and your location

A new Google Chrome browser extension lets email senders using Google accounts see when recipients open email, who exactly opened the email, and where the recipient is located. And sorry, but no, recipients don't have a say in the matter whatsoever, since we don't have to sign up for the extension to have it blab about us.

Naked Security wins at the Security Blogger Awards!

winner-250

To everyone who voted for us to win in this year's Security Blogger Awards in San Francisco, "Thanks!"

We won!

We're now officially The Blog That Best Represents The Security Industry.

US Attorney General calls for unified data breach notification laws

Eric Holder

US Attorney General Eric Holder has used his weekly video message to demanded Congress get busy developing a "strong national standard" for breach notifications in the wake of the Target and Neiman Markus leaks.

Google paves the way for Glass; throws lobbyists in front of distracted-driver legislation

Google paves the way for Glass; throws lobbyists in front of distracted-driver legislation

Google has hired lobbyists in at least three US states to battle proposed restrictions on driving with headsets such as Google Glass.

MasterCard aims to reduce card fraud with smartphone geo-location technology

MasterCard logo

MasterCard and Syniverse are running a pilot scheme that aims to reduce credit card fraud by making sure that a customer's card and mobile phone are in the same location when the card is used.

Are you safe against mobile threats? Check out our tips for keeping the crooks away...

mstr-250

Do you use a mobile device? (Of course you do!)

Read Sophos researcher Vanja Svajcer's paper, "Mobile Security Threat Report," and check out our expert tips for keeping the crooks away...

Woman claims to have been attacked for wearing Google Glass

Sarah Slocum. Image courtesy of Facebook.

The scorn for glassholes has apparently now gone too far, having evolved into what might be the first violent action taken against a Glass wearer.

Apple ships OS X 10.9.2 - delivers on promise to patch SSL/TLS hole "very soon"

osx-250

Forget my unofficial patch for OS X!

Apple has done what it said, and delivered the latest update to Mavericks, numbered OS X 10.9.2, "very soon."

Ethical hacking organisation site hacked, defaced with Snowden's passport

Edward Snowden passport

The attacker says it's just the tip of the iceberg, claiming that s/he's "sitting on thousands of passports" belonging to law enforcement and military personnel.

Stalking victim's petition to LinkedIn for blocking feature is finally heard

Stalking victim's petition to LinkedIn for blocking feature is finally heard

After being stalked by a former colleague via the career-oriented social network, a young woman started an online petition to get LinkedIn's attention, who have finally responded with a new blocking feature. But is it enough?

Neiman Marcus hackers set off 60,000 alarms over 3 months

Payment data hacked at US luxury retailer Neiman Marcus

Apparently, the hackers named their malware so it would appear to be part of the company's payment software, thereby ensuring that alerts would not stand out amongst the huge amount of data being reviewed by the company's security team. The good news is that the breach isn't as large at first thought.

Anatomy of a "goto fail" - Apple's SSL bug explained, plus an unofficial patch for OS X!

gotofail-250

Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.

Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)

South Korea concocting Stuxnet-like virus to infect enemies

South Korea concocting Stuxnet-like virus to infect enemies

Let's hope that somebody in South Korea remembers that malware doesn't respect borders. Stuxnet escaped from its original cage to bite a whole bunch of countries not originally on the hit list, plus it spawned its nasty son, Duqu.

Monday review - the hot 19 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.