Monthly Archives: June 2014

Apple ships updates, including Snow Leopard (ONLY KIDDING!)‏

apple-250

Apple just published its latest round of updates for iOS, Apple TV, Safari and OS X, including dozens of security fixes.

OS X Snow Leopard users...we're afraid you missed out once again.

4 password mistakes small companies make and how to avoid them

F4il

When it comes to IT security very small businesses and micro-enterprises are in a tight spot. We've compiled a list of four common password mistakes - if you can avoid them then you'll have put your security on a stronger footing.

From the Labs: PlugX - the next generation

X. Image courtesy of Shutterstock

In this new paper from SophosLabs, Principal Researcher Gabor Szappanos takes a look into a new variation of the PlugX malware.

Payment card survey - where does your country sit on the fraud list?

Payment card fraud survey - where does your country sit on the list?

6,159 people were questioned by ACI Worldwide in 20 countries around the world, on a range of topics including incidents of fraud, risky behaviours which may put people at greater fraud risk, the issuing of replacement payment cards in response to data breaches, and satisfaction with banks' security processes and handling of fraud incidents.

Facebook's facing a losing battle to protect users' privacy

Facebook's facing a losing battle to protect users' privacy

Last year, prosecutors in Manhattan held Facebook up by the ankles and shook out personal data on 381 users. A judge last week said that it's up to the targeted users to complain about privacy invasion, not data-repository Facebook. But how are they supposed to stand up for their rights if they're never told about the sealed warrants to begin with?

Monday review - the hot 22 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Hacker who plotted to send heroin to Brian Krebs arrested in Italy

Hacker who plotted to send heroin to Brian Krebs arrested in Italy

I don't envy the scriptwriters who are busy at work on the Krebs movie. The news just keeps coming! The latest: Sergei Vovnenko, known as Fly, was arrested under suspicion of trafficking in stolen credit cards as well as plotting to send heroin to the security journalist/crimefighter.

Anatomy of an Android SMS virus - watch out for text messages, even from your friends!

slf-logo-250

Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus.

The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...

Canadian spam, New York taxis and Brazilian passwords - 60 Sec Security [VIDEO]

60ss-video-250

Canada goes "opt in", NYC makes a hash, and Brazil forgets its punctuation.

It's 60 Second Security for 28 June 2014!

Europe improving anti-cybercrime cooperation, but what about US and China?

Europe improving anti-cybercrime cooperation, but US-China links turning sour

Cybercrime is a global danger, so it's vital that agencies in different jurisdictions work together to investigate and prosecute crimes being committed across borders. Any step away from full cooperation is a step in the wrong direction.

Flaw in PayPal’s two-factor authentication, but keep calm and carry on!

Security researchers in the USA have just disclosed a flaw in PayPal's 2FA system.

Paul Ducklin looks at the mistakes that PayPal made, and what's been done to sort them out...

Revenge porn hits two high profile boyfriends where it hurts

Voodoo doll. Image courtesy of Shutterstock

Former NSA analyst and vocal NSA supporter John Schindler had his pink parts exposed by a lover in an extramarital affair, and a state representative's chief of staff was outed by a porn star ex-girlfriend and subsequently resigned. Revenge porn might typically target women, but these cases clearly show that we're all vulnerable when it comes to sharing explicit content.

TimThumb plugin for WordPress - zero-day remote code execution hole disclosed, quickly fixed

thumb-250

WordPress sites with the TimThumb image thumbnailing plugin could be taken over by attackers.

Paul Ducklin looks at what went wrong and explains how to fix the hole...

Serial hacker Cameron Lacroix gets four year jail term after taking plea bargain

Man behind bars. Image courtesy of Shutterstock.

A serial hacker with a long history of computer offences has pleaded guilty to computer intrusion and access device fraud charges, accepting a sentence of four years in jail in return for his plea.

"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids...

towels-250

Galaxy S5 users will be cheering. System administrators are probably groaning.

Paul Ducklin looks at an Android-era variant of Hamlet's dilemma: "To root or not to root, that is the question."

Is that Google Glass wearer stealing your iPad passcode?

Tablet. Image courtesy of Shutterstock.

What about the one with a smartwatch? Snoopers can catch your code from nearly 10 feet away with Google Glass or Samsung's smartwatch and from almost 150 away using a HD camcorder, thanks to researchers' custom-coded, shadow-tracking recognition algorithm.

SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]

chet-chat-logo-featured-250

Chester Wisniewski and Paul Ducklin present this week's edition of the regular Sophos security podcast, the "Chet Chat."

In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada's long, long, long-awaited anti-spam law.

37% of Canadian Justice Department fail phishing awareness test

37% of Canadian Justice Department fail phishing awareness test

An in-house awareness test run late last year at Department of Justice Canada has revealed that a good percentage of its employees are for the most part fairly easy to trick with phishing scams.

Cupid Media "breached Privacy act" after storing users' passwords in plain text

Heart. Image courtesy of Shutterstock.

The Australian Privacy Commissioner has ruled that Cupid Media Pty Ltd breached the Privacy Act following a data breach which saw over 40 million customer records exposed.

hitchBOT - Privacy invading hitchhiking robot or fun social experiment?

hitchBOT

Introducing hitchBOT, a science meets art project, getting ready to hitch 6158 km across Canada from Halifax to Victoria next month.