Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

Don't share your location with your friends on WhatsApp

wapp-loc-250

A group of budding security researchers at the University of New Haven in Connecticut recently taught themselves a handy lesson about the difference between *liking* WhatsApp and *trusting* it.

The Dirty Dozen Spampionship: Who's who in the global spam-sending league?

spampionship-purp-250

It's once again time for our quarterly Spampionship charts.

We looked at the sending countries for all our spam in the first three months of 2014, and turned the figures into a League Table - the sort of league you *don't* want to win!

SSCC 143 - Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]

sscc-thumb-250

From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week.

Be entertained as you learn from the news, all in our regular quarter-hour podcast format.

No Heartbleed holes in Java, but here comes a sea of patches anyway

hb-no-250

Oracle's quarterly Patch Tuesday updates are out.

Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".

The silver lining? No Heartbleed bug in Java Standard Edition...

Please vote for Sophos Naked Security in the European Security Blogger Awards 2014 !

vns-250

The second annual European Security Blogger Awards are coming up soon, and we're up for a prize in two categories.

We'd love you to vote for us!

(This time you don't have to vote in every category.)

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]

2014-04-12-thumb-250

How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed" - would 2FA have helped?

2fa-250

Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"

Paul Ducklin takes a look...

SSCC 142 - Heartbleed explained, Patches assessed, Apple chastised [PODCAST]

sscc-142-250

Chet and Duck explain what you can do about the big ticket security news items of the past week.

The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.

"Heartbleed heartache" - should you REALLY change all your passwords right away?

hb-250

There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

Anatomy of a data leakage bug - the OpenSSL "heartbleed" buffer overflow

openssl-250

An information disclosure vulnerability has been found, and promptly patched, in OpenSSL.

Paul Ducklin takes a look at what went wrong in the code...

Fancy a free upgrade from XP to Windows 8.1? Here's how...

winzero-250

Don't get too excited.

If you're one of those XP users who thinks that Microsoft should support you forever, for nothing, this isn't for you.

But there *are* free Windows licences up for grabs.

Patch Tuesday for April 2014 - it's Goodbye, Farewell and Amen for Windows XP

pt-2014-04-250

The date's been in our diaries since 2007.

But even with seven years to prepare for it, you'll be forgiven for approaching the April 2014 Patch Tuesday with a bit of a lump in your throat.

Adieu, XP.

Apple patch out, Fake support bust, Liquor store leak - 60 Sec Security [VIDEO]

2014-04-05-justice-250

How long did Apple leave holes in Safari? What punishment can a convicted support call scammer expect? And what happens when a liquor store springs a leak?

Find out in 60 Second Security. the security news video that only takes a minute...

Apple updates OS X Safari - patches a year's worth of holes, but not on Snow Leopard

safari-250

In all the excitement over the End of Windows XP and next Tuesday's Ultimate Update...

...we sort of forgot to write about Apple.

Here's the scoop on the lates OS X Safari browser update, patching 27 vulnerabilities.

Revealed - the most eclectic spam in the world!

spam-250

When we write about spams and spammers, it's usually as part of a security warning.

But from time to time, we write about them simply because they've made us laugh.

This is one of those times...

Is Amazon hacking our apps? Or doing us all a security favour?

aws-1-250

A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth.

It seems that Amazon is checking mobile apps for security risks, and heaping advice on developers who have wandered off the straight and narrow...

SSCC 141 - Adobe revisited, MS-DOS, Word, XP, Snapchat and backup [PODCAST]

sscc-141-thumb-250

Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....

Take a listen to the latest episode of our weekly quarter-hour podcast!

42 days to go for XP - 8 tips if you aren't going to make it

42-250

A. 42.

Q. How many days left in Windows XP?

Bitcoin, Snapchat and XP as you've never heard them before - special coverage for April the First!

naksec-verse-250

Instead of doing an April Fool, we've gone for some April Fun.

We took three recent computer security stories, and turned them into poems!