Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

How to pick a proper password [VIDEO]

HTPaPP-250

Here's a short and straight-talking video that not only shows you how to pick a proper password, but also explains why you should bother...

Apple patches OS X against Shellshock

apple-bash-250

If you're a Mac user, you may have felt wrongfully left out of all the Shellshock kerfuffle over the past few days.

Not any more!

Point-of-Sale vendor loses password, causes breaches at 324 US restaurants

In its own words, a US point-of-sale vendor "acts to Block Payment Card Security Incident."

Bit late for the 324 restaurants that were breached for between 3 days and 3 months in the incident...

Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]

60ss-video-250

Watch our latest 60 Second Security video!

An entertaining but insightful look at the week's security woes - in just one minute...

SSCC 166 - A sleeping bag and a camping stove to queue for an iPhone? [PODCAST]

chet-chat-logo-featured-250

For your listening pleasure!

Here's the latest episode in our weekly podcast series...

Bash “Shellshock” vulnerability – what you need to know

shellshock-250

Shellshock is the media-friendly name for a remote code execution hole in Bash, a command shell commonly used on Linux and UNIX systems.

Paul Ducklin explains...

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

moz-250

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

Is it *really* such a bad idea to use a password twice?

reuse-250

We regularly warn you against using the same password for multiple accounts.

But if you memorise one really long and complex password, isn't that enough?

No! Here's why...

10 security holes that cybercrooks dream about - 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's episode of 60 Second Security.

Enjoy the latest security news in just one minute...

Apple ships a sevenfold security surprise, including iOS 8 and OS X 10.9.5

apple-upd-250

Apple doesn't have Patch Tuesdays, but it does have Update Surprisedays.

We just had one of them, with brand new and more secure versions of iOS, OS X and Safari.

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

chet-chat-logo-featured-250

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Apple adds two-step verification for iCloud, effective immediately

icloud-250

Apple has listened, and extended its two-step verification system to iCloud.

It's a great start...but does it go far enough?

Apple relents, lets you "depurchase" that U2 album you never bought in the first place‏

u2-250

Apple has listened!

The company has come up with a free Album Removal Tool that allows you to "unbuy" the U2 album that recently showed up in your iTunes account...

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it

browser-250

The Metasploit crew is calling this Android Browser bug a "privacy disaster.”

Here's what you can do to avoid trouble...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Why would we let you say "No" to something that's free? 60 Sec Security [VIDEO]

60ss-video-250

Here's our latest 60 Second Security video for your viewing pleasure.

Enjoy...

Apple's free gift: Did U get the album 2?

apple-u2-250

Apple's gift of a free U2 album for iTunes users?

Turns out it's "free" as in "compulsory"...

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

Apple Pay - just how safe is it going to be?‏

ap-watch-250

Apple Live 2014 saw the announcement of the Apple Watch, a free U2 album for all iTunes users, and the iPhone 6/6 Plus.

But perhaps of most interest to security watchers was "Apple Pay", Cupertino's guns-blazing answer to Google Wallet...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

patch-tuesday-denim-250

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...