Articles by Chester Wisniewski

About Chester Wisniewski

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.

Patch Tuesday January 2014 - Microsoft, Adobe and Oracle

istock_patchtuesday250

Microsoft, Adobe and Oracle have all released fixes today. Products covered include Microsoft Word, Windows XP, Windows 7, Adobe Reader, Java, MySQL and VirtualBox.

82% of enterprise Mac users not getting security updates

Apple109-250

Apple users are updating to OS X Mavericks in large numbers, but not fast enough. Corporate users in particular have been slow to upgrade, which could have serious security implications.

Skype's Twitter account compromised by Syrian Electronic Army

Microsoft's reading Skype messages

Microsoft's Skype brand had its Twitter, Facebook and WordPress accounts hacked by a someone claiming to be the Syrian Electronic Army. The real question is, where was the two-factor?

Black Friday spams are too good to be true

iPadAdwordsSpam250

With the holiday season approaching and lots of super good deals being offered around the American Thanksgiving holiday, retailers aren't the only ones looking to make a buck.

Microsoft leads the way, setting new cryptographic defaults

ts-cracked-250

Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.

Patch Tuesday November 2013 - Microsoft, Adobe and Google

Patch Tuesday

November's Patch Tuesday includes updates not just from Microsoft, but Adobe and Google as well. Critical patches for Internet Explorer, Chrome and Adobe Flash Player lead the way this month.

Apple's iCloud iConundrum - does convenience mean insecurity?

shutterstock_AppleArrow250

Researcher Vladimir Katalov explained how documents and backups stored in Apple's iCloud can be accessed bypassing Apple's two-factor authentication, even when enabled, last week at the Hack in the Box conference in Malaysia.

SSCC 119.5 - Tips for online safety from security expert Rob Slade

chet-chat-feat

This special Chet Chat is an interview with Robert Slade, author and security expert, on what you can do for your friends and family to help them stay safer for National Cyber Security Awareness Month.

Twitter introducing new direct message options - to combat spam or invite more?

Twitter screws up, sends deluge of password-reset messages

Twitter appears to be rolling out new options to allow the reception of direct messages from users you don't follow and new restrictions on what types of links can be sent through direct messages. Is this a safety feature or does is it too restrictive?

Oracle releases 127 security fixes, 51 for Java alone

oraclejava-250

Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.

SSCC 118.99 - How do you define a Potentially Unwanted Application (PUA)?

Google rolls out fix for Android security vulnerability

In the third part of Sophos Security Chet Chat 118, Chet interviews Vanja Svajcer to explain the rise of potentially unwanted applications on Android, what they are and how we might deal with them.

GinMaster, unwanted Android apps and legit apps gone bad

evil-android-thumb

More coverage from the Virus Bulletin 2013 Conference in Berlin, Germany. Today's topics include Android botnets, malware abusing legitimate applications and defining the types of apps we allow on our phones.

Zero Access, vulnerability disclosure and the evils of RTF

VB2013-Wyke-250

Chester Wisniewski writes to us from Virus Bulletin 2013 in Berlin, Germany to share the latest research on malicious documents, bot herders and foos ball.

SophosLabs prepares for great showing at Virus Bulletin 2013

Who is SophosLabs

Sophos has a larger than normal presense this week at the Virus Bulletin Conference in Berlin, Germany. Research presented includes bot nets, rootkits, Android and even techniques we can use to better protect others.

Firefox 24 available now! 17 fixes, 7 critical

Firefox250

The Mozilla Foundation released Firefox, Thunderbird and SeaMonkey version 24.0, fixing 17 vulnerabilities.

Internet Explorer zero-day exploit prompts Microsoft to publish emergency Fix it

Microsoft releases fix for Internet Explorer security hole, full patch coming Friday

Microsoft has published an out of band security advisory for users of Internet Explorer to warn about a new zero-day attack being used in the wild. IE users are advised to use Microsoft's Fix it or EMET tool to protect against exploitation until a permanent fix is released.

Oracle Java fails at security in new and creative ways

CC-Oracle-PeterMakinski250

Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.

Secure Google Docs email results in mailbox compromise

GDocs250

As cloud services become more pervasive criminals continue to try and convince corporate users to surrender their identities.

Google Docs is the latest target, so look out!

Syrian Electronic Army brings down Twitter and The New York Times through domain name provider hack

T250

The Syrian Electronic Army attacked an internet domain name provider today taking down for a short time the websites of The New York Times and Twitter for some users,

CNN, Time and Washington Post redirect users to Syrian Electronic Army site

SEALogo250

The Syrian Electronic Army appears to have compromised content recommendation engine Outbrain resulting in visitors to CNN, Time and The Washington Post being redirected to the hacking groups website. BREAKING: SEA claims was hacking the New York Times as Outbrain shutdown.