Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

OS X Yosemite Wi-Fi problems - can you help us solve them?

yos-wifi-250

Most early adopters of OS X Yosemite are enjoying a refreshingly clean new look with a bunch of updated applications.

But for a few, it's a Wi-Fi network merry-go-round...

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.

Four online romance scammers jailed - don't get sucked in to Advance Fee Fraud!

Advance Fee Fraud, or AFF, is an age-old scam that goes back at least to the 16th century.

Here are some resources you can use to help vulnerable friends and family keep out of the clutches of online romance scammers...

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

Apple kills the POODLE – also fixes Shellshock in case you forgot

poosdle-osx-250

Apple just shipped OS X 10.10 Yosemite - including a fix for the POODLE vulnerability.

Mavericks and Mountain Lion also got updates to kill the POODLE.

As for Lion, now three releases off the pace...bad news.

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

The "Sandworm" malware - what you need to know

sandworm-250

Fortunately, the Sandworm malware is a lot easier to deal with than the giant science fiction creature from which it takes its name.

In fact, in malware terms, it's not a worm at all.

Paul Ducklin takes a look...

Patch Tuesday for October 2014 - bigger than usual as Microsoft, Adobe and Oracle align

Oracle, Adobe and Microsoft patches are all arriving together on Tuesday 14 October 2014.

Paul Ducklin looks at what to expect...

Mummy, my schoolbooks are spying on me! 60 Sec Security [VIDEO]

60ss-video-250

Here's our latest 60 Second Security video for your viewing pleasure.

The wry side of the week's news, in just a minute...

Return of the Android SMS virus - self-spreading "Selfmite" worm comes back for more

slfm-250

Back in June 2014, we wrote about an Android virus that worked a bit like the email worms of the early 2000s.

Well, that Android virus has made a comeback, and this variant is both pushier and more flexible than before...

SSCC 168 - Amaze your friends by ruining all their USB drives! [PODCAST]

chet-chat-logo-featured-250

Here's the latest Chet Chat security podcast for your listening pleasure.

Sophos experts Chester Wisniewski and Paul Ducklin take apart the latest computer security stories to turn them into news you can use.

Bugzilla bug tracker fixes zero-day bug revealing bug

bugzilla-250

If we are allowed to smile at security holes, this bug-revealing bug in Bugzilla is wryly amusing...

BadUSB - now with Do-It-Yourself instructions

usb-tangle-250

Many fimware hacks are benign or even beneficial, like tweaking the ISO range on your digital camera or removing the bloatware from your mobile phone.

But what if even a humble USB flash drive could be turned into a delinquent diddler of your data, or a vindictive vector for viruses?

It's only logical - the BIGGER the bank, the BIGGER the breach! 60 Sec Security [VIDEO]

60ss-video-250

Here's the latest 60 Second Security for your viewing pleasure.

News, advice, opinion and research - and it only takes a minute...

SSCC 167 - Avoiding the shock of Shellshock (and more!) [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly Chet Chat podcast!

Shellshock leads the list, of course, but Snapchat, cybersecurity awareness and the iPhone 6 all get a look in too...

SSCC 166.5 - Special edition from the Virus Bulletin 2014 conference [PODCAST]

chet-chat-logo-featured-250

Sophos security expert Chester Wisniewski was at the Virus Bulletin 2014 conference in Seattle.

In this special edition of the Chet Chat, Paul Ducklin puts Chet on the other side of the mic to find out more about both the technology and the ethics of anti-malware research.

How to pick a proper password [VIDEO]

HTPaPP-250

Here's a short and straight-talking video that not only shows you how to pick a proper password, but also explains why you should bother...

Apple patches OS X against Shellshock

apple-bash-250

If you're a Mac user, you may have felt wrongfully left out of all the Shellshock kerfuffle over the past few days.

Not any more!