Articles by Chester Wisniewski

About Chester Wisniewski

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.

Patch Tuesday April 2014 - XP's last breath

istock_patchtuesday250

Patch Tuesday for April 2014 is here. In addition to being the final Windows XP fix released by Microsoft we have fixes for all versions of Windows, Office and even an Adobe Flash update.

Spammers take advantage of Naked Security writing about spammers

GreenCard3-250

An identity theft focused spam campaign is doing the rounds pretending to be a winning notification from the American "green card lottery". Worse yet, the spammers decided to utilize imagery hosted on Naked Security.

Internet Explorer, .NET, IPv6 and Shockwave top the February 2014 Patch Tuesday list

Monster super-critical Patch Tuesday for February 2013

February's patch roundup sees seven patches from Microsoft and one from Adobe. All supported versions of Windows are impacted, be sure to update as soon as possible.

Comcast servers compromised by same attackers as Bell Canada

NBCComcast290

After exposing usernames and passwords from Bell Canada, hacking group NullCrew claims to have compromised email servers at ISP Comcast.

SEA attempts to hack Facebook and other MarkMonitor domain customers

Facebook Photo Sync: Nine things you should know

The group known as the Syrian Electronic Army (SEA) attempted to commandeer the DNS records of Facebook, but were thwarted by DNS provider MarkMonitor. Are the basic protocols up to the task of protecting us in 2014?

Misleading advertisements lead to hijacked browser settings

iTunes-11-250

Advertisements don't have a great track record for safety and we are beginning to see more frequent abuse of search and mobile ads to deliver unwanted addons purporting to be legitimate tools. Be careful where you click and closely scrutinize software options before installation.

Adobe fixes critical Flash flaw

Adobe Flash security update for Windows, Mac, Android, Linux and Solaris users

Adobe has released an emergency update to its ubiquitous Flash Player software. The flaw is being exploited by attackers so you should update as soon as possible.

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Privacy is not dead - you're just doing it wrong

iheartpriv-250

Today is Data Privacy Day. While many have declared privacy to be dead, it isn't up to them, it is up to you.

Being aware about what you are sharing with whom can go a long way towards preserving your privacy.

Craft store Michaels faces second credit card compromise in 3 years

Michaels-250

The largest craft supply store in North America, Michaels, has indicated it may be the latest retail company to have credit cards compromised in a large scale malware attack.

Patch Tuesday January 2014 - Microsoft, Adobe and Oracle

istock_patchtuesday250

Microsoft, Adobe and Oracle have all released fixes today. Products covered include Microsoft Word, Windows XP, Windows 7, Adobe Reader, Java, MySQL and VirtualBox.

82% of enterprise Mac users not getting security updates

Apple109-250

Apple users are updating to OS X Mavericks in large numbers, but not fast enough. Corporate users in particular have been slow to upgrade, which could have serious security implications.

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

Black Friday spams are too good to be true

iPadAdwordsSpam250

With the holiday season approaching and lots of super good deals being offered around the American Thanksgiving holiday, retailers aren't the only ones looking to make a buck.

Microsoft leads the way, setting new cryptographic defaults

ts-cracked-250

Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.

Patch Tuesday November 2013 - Microsoft, Adobe and Google

Patch Tuesday

November's Patch Tuesday includes updates not just from Microsoft, but Adobe and Google as well. Critical patches for Internet Explorer, Chrome and Adobe Flash Player lead the way this month.

Apple's iCloud iConundrum - does convenience mean insecurity?

shutterstock_AppleArrow250

Researcher Vladimir Katalov explained how documents and backups stored in Apple's iCloud can be accessed bypassing Apple's two-factor authentication, even when enabled, last week at the Hack in the Box conference in Malaysia.

SSCC 119.5 - Tips for online safety from security expert Rob Slade

chet-chat-feat

This special Chet Chat is an interview with Robert Slade, author and security expert, on what you can do for your friends and family to help them stay safer for National Cyber Security Awareness Month.

Twitter introducing new direct message options - to combat spam or invite more?

Twitter screws up, sends deluge of password-reset messages

Twitter appears to be rolling out new options to allow the reception of direct messages from users you don't follow and new restrictions on what types of links can be sent through direct messages. Is this a safety feature or does is it too restrictive?

Oracle releases 127 security fixes, 51 for Java alone

oraclejava-250

Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.