Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

Forget trick-or-treating – Kill a Zombie this Halloween

kaz-250

The crooks can't have a botnet without the bots to join it.

So let's take their bots away!

Killing computer zombies is the perfect sort of altruism: you help the global internet community simply by helping yourself.

How bots and zombies work, and why you should care

zombie-250

You probably have a firewall that blocks inbound network connections by default.

So how come cybercrooks can send commands to your computer if it's infected with a bot or zombie?

The "Dirty Dozen" SPAMPIONSHIP - who's got the biggest zombie problem?

Our latest quarterly SPAMPIONSHIP charts are out, showing which countries have the most zombies, and therefore send the most spam.

Take a look, and then ask yourself, "What can I do to help?"

Simple: Kill a Zombie today!

SSCC 171 - Are you SURE that "1234" is a bad password? [PODCAST]

chet-chat-logo-featured-250

Here's the latest Chet Chat podcast for your listening pleasure...

Enjoy.

Adobe updates its e-reader - DRM data no longer transmitted insecurely

adobe-250

Adobe's e-reader software now has "enhanced security" for uploading metadata about what you read.

Or, as you might say, "no longer uploads that data insecurely"...

FTC takes down fake support scammers, upbeat about "getting consumers’ money back" [POLL]

fakecall-250

Just paying the money back isn't really a punishment for fake support call scammers.

So, what do *you* think the courts should do to punish these guys?

Have your say in our poll...

POODLEs, Sandworms and getting safe online - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-minute video.

Enjoy...

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

OS X Yosemite Wi-Fi problems - can you help us solve them?

yos-wifi-250

Most early adopters of OS X Yosemite are enjoying a refreshingly clean new look with a bunch of updated applications.

But for a few, it's a Wi-Fi network merry-go-round...

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.

Four online romance scammers jailed - don't get sucked in to Advance Fee Fraud!

Advance Fee Fraud, or AFF, is an age-old scam that goes back at least to the 16th century.

Here are some resources you can use to help vulnerable friends and family keep out of the clutches of online romance scammers...

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

Apple kills the POODLE – also fixes Shellshock in case you forgot

poosdle-osx-250

Apple just shipped OS X 10.10 Yosemite - including a fix for the POODLE vulnerability.

Mavericks and Mountain Lion also got updates to kill the POODLE.

As for Lion, now three releases off the pace...bad news.

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

The "Sandworm" malware - what you need to know

sandworm-250

Fortunately, the Sandworm malware is a lot easier to deal with than the giant science fiction creature from which it takes its name.

In fact, in malware terms, it's not a worm at all.

Paul Ducklin takes a look...

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

Mummy, my schoolbooks are spying on me! 60 Sec Security [VIDEO]

60ss-video-250

Here's our latest 60 Second Security video for your viewing pleasure.

The wry side of the week's news, in just a minute...

Return of the Android SMS virus - self-spreading "Selfmite" worm comes back for more

slfm-250

Back in June 2014, we wrote about an Android virus that worked a bit like the email worms of the early 2000s.

Well, that Android virus has made a comeback, and this variant is both pushier and more flexible than before...