Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

chet-chat-logo-featured-250

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Apple adds two-step verification for iCloud, effective immediately

icloud-250

Apple has listened, and extended its two-step verification system to iCloud.

It's a great start...but does it go far enough?

Apple relents, lets you "depurchase" that U2 album you never bought in the first place‏

u2-250

Apple has listened!

The company has come up with a free Album Removal Tool that allows you to "unbuy" the U2 album that recently showed up in your iTunes account...

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it

browser-250

The Metasploit crew is calling this Android Browser bug a "privacy disaster.”

Here's what you can do to avoid trouble...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Why would we let you say "No" to something that's free? 60 Sec Security [VIDEO]

60ss-video-250

Here's our latest 60 Second Security video for your viewing pleasure.

Enjoy...

Apple's free gift: Did U get the album 2?

apple-u2-250

Apple's gift of a free U2 album for iTunes users?

Turns out it's "free" as in "compulsory"...

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

Apple Pay - just how safe is it going to be?‏

ap-watch-250

Apple Live 2014 saw the announcement of the Apple Watch, a free U2 album for all iTunes users, and the iPhone 6/6 Plus.

But perhaps of most interest to security watchers was "Apple Pay", Cupertino's guns-blazing answer to Google Wallet...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

patch-tuesday-denim-250

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...

Home Depot says, "Er, yes, we did have a breach actually"‏

Home Depot

Just how big and bad it will turn out to be is still unknown...all we know so far is that Home Depot has officially confirmed that, yes, there was indeed a breach.

Tim Cook says Apple *does* care about iCloud Security. But is that enough? [POLL]

2sv-cloud-250

Tim Cook told the WSJ that, yes Apple *does* care about iCloud security, and will take steps to make it more secure.

Really?

How far would your sysadmins go to fix a problem? 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

Google to pay $19,000,000 compensation for taking candy from kids

ftcgoog-250

Google will stump up $19,000,000 in a settlement with the US Federal Trade Commission.

The money will be used to refund Android users whose children, says the FTC, were able rack up in-app purchases too easily.

SSCC 163 - So THAT'S why you can't erase Flash RAM properly [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat.

Our regular security podcast that turns news into useful advice...

Apple developer guidelines lead to rogue phone call risks in iOS

ios-call-250

It turns out to be surprisingly easy to trick unsuspecting users into making unwanted phone calls from iOS.

That could cost you premium-rate money, or give away your number to a scammer...

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

Using WPS on your Wi-Fi router may be even more dangerous than you think

wps-250

In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be.

Now, another researcher has found that cracking it may be 10,000 times easier again...

NASA prepares for serious sysadmin work - reimaging Opportunity Rover out on MARS!

Reboot on Mars

Ever sweated a bit on Patch Tuesday when it's time to reboot?

Then spare a thought for NASA sysadmins - this month they'll be reimaging a computer 200,000,000km away...on Mars!

How dare you use my camera! 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's 60 Second Security.

A week of news distilled into a swift minute of amusing but informative video...