Articles by Paul Ducklin
Join SophosLabs Principal Researcher Gabor Szappanos as he takes you on a fascinating journey into the latest "product" from the PlugX malware factory.
It's almost time for the annual AusCERT conference in Queensland, Australia.
And for everyone who's asked, the answer is, "Yes! There's a #sophospuzzle!"
No, you don't have to be there to join in...
Last week, we ran a competition around a steganographic code that was used by the British during the Second Word War.
Take a secret military message, and wrap it up into a believable "letter home"... it's harder than it sounds!
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
Here's a video that might make you think twice about taking your laptop out into the world unencrypted.
This is "data theft" in the most literal sense...
Microsoft's Patch Tuesday for May 2013 will be published in the coming week.
Paul Ducklin points out what to prepare for...
What happens when a scammer decides to marry fake anti-virus and bogus support calls?
Paul Ducklin has a bit of a weekend chuckle at the result...
When you think of cybercrime, you probably imagine a hacker sitting far from his victims, breaking in digitally from a distance.
But when it comes to cashing out the proceeds of your crime, it's a question of "Go where the money is...and go there often."
Snapchat claims to let you share even "ugly selfies" because once they're viewed they "disappear forever."
US-based computer forensics geek Richard Hickman thought he'd find out how true that claim was...
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
Domain registrar and web hosting company Name.com, part of the Demand Media group, has suffered a data breach.
Crooks have apparently made off with data up to and including credit card numbers...but it sounds as though everything was encrypted, which is a silver lining.
If you were taken prisoner and wanted to send messages home under your captors' noses, what would you do?
Find out how a Royal Navy officer did just that during WW2, and have a go yourself at hiding a secret message in an innocent-sounding letter home!
IBM just released an open source software package called HELib.
HE stands for *homomorphic encryption*, and HELib is an important cryptographic milestone.
Paul Ducklin explains why...
Apple just released iOS 6.1.4 for the iPhone 5.
Apparently, it improves speakerphone calls, but it doesn't fix the lock-screen bug in iOS 6.1.3...
One problem with network games: how do you trust the other people in the contest?
You could build a network that requires your customers to installed a special "cheat-blocker" client...
...and then use the client to mine Bitcoins.
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware.
Paul Ducklin takes a quick look at the attack...
An iPhone messaging app that claims to be "totally secure" is offering a £10,000 prize to anyone who can intercept a message from it.
Paul Ducklin wonders how you are supposed to win the prize if the app really is "totally secure"...