Articles by Chester Wisniewski

About Chester Wisniewski

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.

Apple, please provide better protection for iCloud - Secure our Selfies!

iCloud

In the wake of exposed candid celebrity photos Apple recommends using two-step verification. Would this have made a difference? Should Apple strengthen its authentication options?

"There is no inside" - How to get the most from your firewall

shutterstock_SecurityDoNotEnter250

Firewalls are often seen as having the role of a moat surrounding the castle.

But data is everywhere, so it's time to take a new look at firewalling...

Bad passwords on PoS terminals lead to card stealing Backoff malware

MS-RDP250

This time the crooks are distributing their point-of-sale malware through remote control applications like Microsoft's RDP. No exploits, no social engineering, just good, old-fashioned password guessing.

Google looks to make OpenPGP easier for Gmail users

Google switches Gmail to HTTPS only

In early June Google announced a new project designed to create a Chrome plugin to allow end-to-end encryption of web-based emails using OpenPGP. We take a look at its current state and explain how it works.

World Cup security well executed if you don't count the Wi-Fi

Soccer250

The company providing security for one of the World Cup venues in Brazil accidentally posted a photo containing the secret Wi-Fi password. Does it really matter? Was it even a secret to begin with?

Is TrueCrypt pining for the fjords?

TrueCryptBrokenLogo250

An attempt at keeping the TrueCrypt dream alive has been kicked off, hosted in Switzerland. Will it make a difference? Sophos conducted a poll to see what IT managers think about TrueCrypt after all the news and speculation.

Twitter jumps to block XSS worm in Tweetdeck

TweetDeckLogo-250

A cross-site scripting flaw was disclosed this morning affecting the popular Twitter application Tweetdeck. It has now been fixed, but not before it wormed its way through thousands of browsers.

Latest OpenSSL flaws can lead to information leakage, code execution and DoS

Only two months after the Heartbleed vulnerability in OpenSSL captured global headlines we have another critical update for OpenSSL fixing 6 new flaws.

SSCC 148 - Cloud privacy policies not related to data security [PODCAST]

sscc-148-250

The Chet Chat comes to you this week from Hanoi, Vietnam with special guest Sean Richmond from Sophos Australia.

This week they tackle the FBI's crackdown on the Blackshades malware, more flaws in Chip-and-PIN, the latest Apple updates, and the EFF's "Who has got your back" report.

Dropbox stumbles over security and privacy of secret links

shutterstock_womandroppingbox250

Another flaw in Dropbox has been discovered. Users sharing documents using a secret link may have inadvertently been sharing the secret link with sites they linked to from shared files.

Target CEO resigns, latest executive fallout from card breach

targ-250

Target's CEO resigned earlier today, which may not come as a surprise to most. The bigger question is, have America's executives learned the correct lesson from Target's mistakes?

Patch Tuesday April 2014 - XP's last breath

istock_patchtuesday250

Patch Tuesday for April 2014 is here. In addition to being the final Windows XP fix released by Microsoft we have fixes for all versions of Windows, Office and even an Adobe Flash update.

Spammers take advantage of Naked Security writing about spammers

GreenCard3-250

An identity theft focused spam campaign is doing the rounds pretending to be a winning notification from the American "green card lottery". Worse yet, the spammers decided to utilize imagery hosted on Naked Security.

Internet Explorer, .NET, IPv6 and Shockwave top the February 2014 Patch Tuesday list

Monster super-critical Patch Tuesday for February 2013

February's patch roundup sees seven patches from Microsoft and one from Adobe. All supported versions of Windows are impacted, be sure to update as soon as possible.

Comcast servers compromised by same attackers as Bell Canada

NBCComcast290

After exposing usernames and passwords from Bell Canada, hacking group NullCrew claims to have compromised email servers at ISP Comcast.

SEA attempts to hack Facebook and other MarkMonitor domain customers

Facebook Photo Sync: Nine things you should know

The group known as the Syrian Electronic Army (SEA) attempted to commandeer the DNS records of Facebook, but were thwarted by DNS provider MarkMonitor. Are the basic protocols up to the task of protecting us in 2014?

Misleading advertisements lead to hijacked browser settings

iTunes-11-250

Advertisements don't have a great track record for safety and we are beginning to see more frequent abuse of search and mobile ads to deliver unwanted addons purporting to be legitimate tools. Be careful where you click and closely scrutinize software options before installation.

Adobe fixes critical Flash flaw

Adobe Flash security update for Windows, Mac, Android, Linux and Solaris users

Adobe has released an emergency update to its ubiquitous Flash Player software. The flaw is being exploited by attackers so you should update as soon as possible.

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Privacy is not dead - you're just doing it wrong

iheartpriv-250

Today is Data Privacy Day. While many have declared privacy to be dead, it isn't up to them, it is up to you.

Being aware about what you are sharing with whom can go a long way towards preserving your privacy.