Articles by Paul Ducklin
Can you believe that a brand loyalty company would take two weeks to tell its loyal customers their data had been stolen? Oh, and that it wasn't encrypted, either?
What does this tell us about security? Find out in the latest episode of the Chet Chat...
GitHub, one of the world's biggest online repositories of software source code, is warning users to jolly well shape up when it comes to login security.
Of course, GitHub isn't saying it quite like that (it is being more polite)...but we are!
Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"
Here you are...
Forum software vendor vBulletin has owned up to a username-and-password breach on its forum.
Guess which forum software the company uses?
Apple pushed out iOS 7.0.4 last week, the fourth patch in two months.
Is iOS getting buggier, or is Apple simply publishing security fixes more promptly?
The UK's National Crime Agency has put out a CryptoLocker ransomware alert - the malware is still a huge problem, even after weeks of high profile coverage.
Here's what YOU can do to help prevent it...
Firefox just pushed out a minor browser update, bumping its version number from 25.0 to 25.0.1.
Paul Ducklin saw Mozilla's advice that this was "a security and stability update", and went looking for the security fixes...
Why shouldn't you store unencrypted credit card numbers? How can you squeeze a positive result from a password breach? What sort of pressure was on the cryptanalysts at Bletchley Park?
Find out the answers in just one minute!
Mavis Batey MBE, codebreaker extraordinaire at Bletchley Park during World War II, died this week at the age of 92.
Batey's big breakthrough against the Italian military's Enigma encryption machine gives us an fascinating insight into how cryptanalysts think.
Welcome to Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.
In "The End of XP", Duck and Chet investigate the what, the why and the how of dealing with the impending end of support for Windows XP in 2014.
Chet and Duck are here with their weekly roundup of news, opinion, advice and research.
Take a listen to our weekly 15-minute podcast on computer security - Chet Chat Episode 123.
Singapore police have arrested a man they claim is "The Messiah."
They allege he's responsible for recent hacks against websites in Singapore, including the blog of a journalist who didn't report his original hacking threats as precisely as he liked.
Every time we've written about the Google Wi-Spy saga, we've said, "Betcha this won't be the last of it."
Still isn't...Brazil is the latest country to put the hard word on Google.
November's patch Tuesday is coming up this week, and Microsoft's usual "announcement that doesn't say an awful lot" is out to help us prepare.
What we do know is that the latest TIFF image zero-day vulnerability *isn't* fixed yet...
Potential remote code execution bugs in OpenSSH, probably the most widely-used remote access security system on the internet, are the stuff of nightmares for system administrators.
Paul Ducklin takes a look at the bug and the patch...
Which pets make the best/worst passwords?
How many times did Google make the same coding blunder?
Find out this and more in our one-minute wrapup of the week's security lessons!
What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.
Chet and Duck talk you through the latest news...
Microsoft is warning about a brand new security hole that could let criminals get control of your computer through booby-trapped image files.
Four months ago, the Android platform was stirred, if not shaken, by a pair of code verification holes.
Turns out there was a third one, now fixed in Android 4.4, better known as Kit Kat.
Paul Ducklin looks at what we can learn from it...
Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.
Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...