Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC161 - What do you mean, "Trade him for Edward Snowden"? [PODCAST]

chet-chat-logo-featured-250

Here's the latest Chet Chat security podcast!

Sophos experts Chester Wisniewski and Paul Ducklin once again turn plain old news into advice you can use.

5 excuses for doing nothing about computer security!

Here are five security excuses that we hear a lot, both from individuals and from small businesses.

We've given you some advice to help you argue back that security really does matter...

Microsoft pulls Patch Tuesday kernel update - MS14-045 can cause Blue Screen of Death

bsod-8-250

MS14-045, which fixes various security holes in the Windows kernel, can cause a BSoD and leave you stuck in a reboot loop.

Here's how to escape...

The EPIC edition - 60 Sec Security [VIDEO]

60ss-video-250

One less opt-in app, one more Android virus, and a bunch of EPIC failures...

All in this week's 60 Second Security.

Apple Safari for OS X gets "click-to-own" security holes patched

safari-250

The 6th Safari security update in 10 months is out.

With fixes for 7 potential remote code execution holes, get it while it's hot...

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

chet-chat-logo-featured-250

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

pt-250

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...

Android "Heart App" virus spreads quickly, author arrested within 17 hours

Q. How to attract the attention of the police if you're a bored student on summer vacation?

A. Write a virus that unleashes 20,000,000 SMSes, infects 100,000 devices, and steals personal data...

The data breach apocalypse that wasn't - 60 Sec Security [VIDEO]

60ss-video-250

Malware, spam and hacking - and not all bad news, either!

Watch 60 Second Security for Aug 9, 2014...

SSCC 159.5 - Black Hat USA 2014 Conference Special [PODCAST]

chet-chat-logo-featured-250

The Black Hat USA 2014 conference is over, and Naked Security's Chester Wisniewski was there in fabulous Las Vegas to take it all in.

And, as we all know, what happens in Vegas...

...gets faithfully reported on the internet!

Sophos Techknow - Firewalls Demystified [PODCAST]

techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

SSCC 159 - What can we learn from the "honeybot"? [PODCAST]

chet-chat-logo-featured-250

For your listening pleasure!

Here's this week's episode of the Sophos Security Chet Chat podcast...

How to send 5 million spam emails without even noticing

spam-250

Before you read the article, see if you can guess, to the nearest million, how many spams a 10,000-strong botnet might realistically send each week.

Commit yourself first, and then read the story of the SophosLabs "honeybot"!

Facebook iPhone 6 scams - how NOT to get sucked in

free-stuff-250

We "do the math" to help you explain to your friends and family why they are NOT getting a free iPhone 6 for clicking Like!

"BadUSB" - what if you could never trust a USB device again?

usb-tangle-250

Imagine if you had to throw away your USB devices after letting someone else use them...

Security must come first! 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's 60 Second Security.

News you can learn from, in just one minute...

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

How anyone can hack your Instagram account

instagram-250

Should you write instructions that tell everyone how to hack Instagram accounts, including advice like "wait for someone to use the Instagram iOS app"?

This security researcher did, after he was denied a bug bounty for reporting the problem...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.