Articles by Paul Ducklin
Inside the "PlugX" malware with SophosLabs - a fascinating journey into a malware factory...
Join SophosLabs Principal Researcher Gabor Szappanos as he takes you on a fascinating journey into the latest "product" from the PlugX malware factory.
Get ready for the next #sophospuzzle - coming soon to a T-shirt near you
It's almost time for the annual AusCERT conference in Queensland, Australia.
And for everyone who's asked, the answer is, "Yes! There's a #sophospuzzle!"
No, you don't have to be there to join in...
And the winner of the World War Two steganography competition is...
Last week, we ran a competition around a steganographic code that was used by the British during the Second Word War.
Take a secret military message, and wrap it up into a believable "letter home"... it's harder than it sounds!
Mozilla pushes out new Firefox and Thunderbird: 8 security advisories, 3 critical fixes
Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
Bloomberg accused of "snooping" on customers for journalistic gain
A brouhaha is brewing after claims late last week that financial media giant Bloomberg had been using its proprietary data terminals to snoop on its customers.
Intriguingly, the Bloomberg fuss is as much about what you *didn't* say or search for as what you did...
Is your laptop still unencrypted? Perhaps 7 seconds of CCTV might change your mind...
Here's a video that might make you think twice about taking your laptop out into the world unencrypted.
This is "data theft" in the most literal sense...
May Patch Tuesday coming up - Microsoft still not sure if latest 0-day fix will make the cut
Microsoft's Patch Tuesday for May 2013 will be published in the coming week.
Paul Ducklin points out what to prepare for...
An unholy alliance - Fake Anti-Virus, meet Bogus Support Call!
What happens when a scammer decides to marry fake anti-virus and bogus support calls?
Paul Ducklin has a bit of a weekend chuckle at the result...
"Casher crew" from global $45m cyberheist busted in New York - 1 dead, 7 face trial
When you think of cybercrime, you probably imagine a hacker sitting far from his victims, breaking in digitally from a distance.
But when it comes to cashing out the proceeds of your crime, it's a question of "Go where the money is...and go there often."
Snapchat images that have "disappeared forever" stay right on your phone...
Snapchat claims to let you share even "ugly selfies" because once they're viewed they "disappear forever."
US-based computer forensics geek Richard Hickman thought he'd find out how true that claim was...
Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
Name.com suffers breach, credit card data accessed, encryption in place (phew!)
Domain registrar and web hosting company Name.com, part of the Demand Media group, has suffered a data breach.
Crooks have apparently made off with data up to and including credit card numbers...but it sounds as though everything was encrypted, which is a silver lining.
SSCC 108 - WW2 crypto, Bitcoin mining, internet cameras, password breaches [PODCAST]
Chester calls home from Interop in Las Vegas to record the latest episode of the Sophos Security Chet Chat.
Join Chester and guest Paul Ducklin in their regular quarter-hour podcast as they laugh about (and lament) the latest goings-on in the world of computer security.
British cryptographic hacking from WW2 - how well would *you* have done?
If you were taken prisoner and wanted to send messages home under your captors' noses, what would you do?
Find out how a Royal Navy officer did just that during WW2, and have a go yourself at hiding a secret message in an innocent-sounding letter home!
IBM takes a big new step in cryptography: practical homomorphic encryption
IBM just released an open source software package called HELib.
HE stands for *homomorphic encryption*, and HELib is an important cryptographic milestone.
Paul Ducklin explains why...
Facebook introduces Trusted Contacts, makes you ask, "How much do I trust my friends?"
Losing access to your Facebook account is a big deal.
So Facebook has introduced "Trusted Contacts," where you combine recovery codes from three different friends to get yourself back in.
Paul Ducklin asks how well it's going to work...
Apple ships jolly uninteresting iOS 6.1.4 update
Apple just released iOS 6.1.4 for the iPhone 5.
Apparently, it improves speakerphone calls, but it doesn't fix the lock-screen bug in iOS 6.1.3...
Network gaming company uses its "cheat-prevention" client to build a Bitcoin botnet
One problem with network games: how do you trust the other people in the contest?
You could build a network that requires your customers to installed a special "cheat-blocker" client...
...and then use the client to mine Bitcoins.
US Department of Labor website hacked, serves malware, now fixed
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware.
Paul Ducklin takes a quick look at the attack...
Beware of encryption companies bearing gifts!
An iPhone messaging app that claims to be "totally secure" is offering a £10,000 prize to anyone who can intercept a message from it.
Paul Ducklin wonders how you are supposed to win the prize if the app really is "totally secure"...
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
