Articles by Paul Ducklin
Microsoft has announced that from Saturday 08 March 2014, Windows XP will openly start talking itself out of a job on your PC.
Watch out for unsolicited invitations to help you install the latest version of Windows in its place...
The Bitcoin infrastructure isn't perfect - for example, it has a cryptographic problem known euphemistically as "transaction malleability."
But can this alone explain missing Bitcoins to the tune of $500,000,000?
What about support for OS X Lion and Mountain Lion? Can a rootkit be a blessing in disguise? Will federal US data breach laws make things better or worse?
Chester and Duck once again aim their entertaining expertise at the security news of the week...
The "Girl killed herself video" bait-and-switch scam on Facebook, now in its fifth year, is back.
Here are three tips to help us stamp these scams out at last.
Be aware before you Share!
A tiny but intriguing open source project entitled iCloudHacker attracted interest over the weekend.
It claims to "bypass Apple's theft protection" - and although that's streching the truth a bit, it has some lessons to teach us about encryption...
How harmless is that "Facebook shutting down on 29 February" hoax?
Is system reimaging really a security tool?
Find out this and more! 60 Sec Security - 01 Mar 2014
Paul Ducklin hooks up "live at RSA" with Chester Wisniewski and John Shier for a Conference Special podcast.
Find out what was good, weird, interesting, or all of the above, at this year's RSA 2014 event!
Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.
From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.
To everyone who voted for us to win in this year's Security Blogger Awards in San Francisco, "Thanks!"
We're now officially The Blog That Best Represents The Security Industry.
Do you use a mobile device? (Of course you do!)
Read Sophos researcher Vanja Svajcer's paper, "Mobile Security Threat Report," and check out our expert tips for keeping the crooks away...
Forget my unofficial patch for OS X!
Apple has done what it said, and delivered the latest update to Mavericks, numbered OS X 10.9.2, "very soon."
Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.
Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)
Another Flash emergency already? More SEA hacking? Why have the password "changeme" if you don't? How big a fine for a 20,000,000 record breach?
It'll only take you a minute to find out!
Adobe has just updated its Flash product for the second time this month, pushing out an emergency patch for an attack that has been seen in the wild.
It's nearly time for the annual RSA conference in San Francisco.
If you'll be in the area, why not grab a free Expo pass and drop by to say "Hello"?
What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?
Which webmail service has the smartest users? And are they getting smarter over time?
Paul Ducklin tries to use the password data from the Forbes hack to find the answers...
The SEA made off with more than a million records from the Forbes user database - perhaps including yours! - and published them online.
We already "cracked" a quarter of the Forbes staffer's accounts...Paul Ducklin looks at how well everyone else's password might hold up.
Did you really think XP would go patch-free? Is Flappy Bird really dead? Did you really use the same password on more than one site?
60 Sec Security - 15 Feb 2014
The "Talking Angela" chain letter, which tells a scary but unsubstantiated security story about a popular game, is spreading again.
Here are three tips to help you steer clear of security hoaxes on Facebook...