Monthly Archives: February 2014
Paul Ducklin hooks up "live at RSA" with Chester Wisniewski and John Shier for a Conference Special podcast.
Find out what was good, weird, interesting, or all of the above, at this year's RSA 2014 event!
Three former Purdue University students are thought to have altered their grades by breaking into staff offices and attaching keyloggers to computers operated by class professors, possibly by replacing the keyboards with doctored versions.
Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.
From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.
In a court decision that could prompt a change in state law, a Texas woman has been awarded a half-million dollars in a civil lawsuit she brought against her ex-boyfriend for plastering nude photos on the internet without her permission.
The Gameover botnet gang has been trying new techniques lately: most recently comes the introduction of a kernel-mode rootkit called Necurs, making the malware harder to find and remove.
Senior Researcher James Wyke of SophosLabs investigates...
A new Google Chrome browser extension lets email senders using Google accounts see when recipients open email, who exactly opened the email, and where the recipient is located. And sorry, but no, recipients don't have a say in the matter whatsoever, since we don't have to sign up for the extension to have it blab about us.
To everyone who voted for us to win in this year's Security Blogger Awards in San Francisco, "Thanks!"
We're now officially The Blog That Best Represents The Security Industry.
US Attorney General Eric Holder has used his weekly video message to demanded Congress get busy developing a "strong national standard" for breach notifications in the wake of the Target and Neiman Markus leaks.
Google has hired lobbyists in at least three US states to battle proposed restrictions on driving with headsets such as Google Glass.
MasterCard and Syniverse are running a pilot scheme that aims to reduce credit card fraud by making sure that a customer's card and mobile phone are in the same location when the card is used.
Do you use a mobile device? (Of course you do!)
Read Sophos researcher Vanja Svajcer's paper, "Mobile Security Threat Report," and check out our expert tips for keeping the crooks away...
The scorn for glassholes has apparently now gone too far, having evolved into what might be the first violent action taken against a Glass wearer.
Forget my unofficial patch for OS X!
Apple has done what it said, and delivered the latest update to Mavericks, numbered OS X 10.9.2, "very soon."
The attacker says it's just the tip of the iceberg, claiming that s/he's "sitting on thousands of passports" belonging to law enforcement and military personnel.
Apparently, the hackers named their malware so it would appear to be part of the company's payment software, thereby ensuring that alerts would not stand out amongst the huge amount of data being reviewed by the company's security team. The good news is that the breach isn't as large at first thought.
Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.
Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)
Let's hope that somebody in South Korea remembers that malware doesn't respect borders. Stuxnet escaped from its original cage to bite a whole bunch of countries not originally on the hit list, plus it spawned its nasty son, Duqu.
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.