Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

Is Amazon hacking our apps? Or doing us all a security favour?

aws-1-250

A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth.

It seems that Amazon is checking mobile apps for security risks, and heaping advice on developers who have wandered off the straight and narrow...

SSCC 141 - Adobe revisited, MS-DOS, Word, XP, Snapchat and backup [PODCAST]

sscc-141-thumb-250

Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....

Take a listen to the latest episode of our weekly quarter-hour podcast!

42 days to go for XP - 8 tips if you aren't going to make it

42-250

A. 42.

Q. How many days left in Windows XP?

Bitcoin, Snapchat and XP as you've never heard them before - special coverage for April the First!

naksec-verse-250

Instead of doing an April Fool, we've gone for some April Fun.

We took three recent computer security stories, and turned them into poems!

Google reports new shenanigans in ongoing Turkish internet blockade

tf-no-this-that-tother-250

Turkey recently blocked Twitter and YouTube, as well as Google's free Public DNS servers that many people used to get around the blockade.

Now Google reports another layer of "active intervention" by Turkish ISPs...

Word zero-day, Snapchat blasted, MS-DOS released - 60 Sec Security [VIDEO]

2014-03-29-hiding-250

What should you do about the latest Word zero-day? What does Mr Rockefeller think of SnapChat? And is that MS-DOS I see before me?

Watch 60 Sec Security for 29 March 2014, and find out!

MS-DOS and MS-Word source code released for review - get it while it's new!

dos-welcome-250

You have GOT to see this! Early MS-DOS and Word for Windows source code, ready for security review!

Paul Ducklin and Gabor Szappanos take a bit of a trip down memory lane, and muse, "How different the 1990s might have been."

SSCC 140 - Does Windows have more holes than OS X? Whither messaging privacy? [PODCAST]

sscc-140-thumb-250

How bad is the latest Microsoft Word 0-day? Does OS X really need patching less often than Windows? What does Gmail's move to HTTPS-only really mean? And if WhatsApp has privacy coded into its DNA, is it coded into its app, too?

Chet and Duck get stuck in...

Microsoft issues alert for Word zero-day - booby-trapped RTF files already used in attacks

wordhazard-250

Booby-trapped RTF files have been found in the wild, exploiting a zero-day hole in Microsoft Word.

Microsoft has issued an alert.

Paul Ducklin gives you four tips for long-term safety against this sort of attack...

Bitcoin user loses $10K to typosquatters - tips to avoid opening your wallet to imposters

bc-logo-250

Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.

This week, it's a Bitcoin phish that relies on typosquatting.

Paul Ducklin offers some tips to keep you safe...

Phone spyware, Mac security, and WhatsApp privacy - 60 Sec Security [VIDEO]

2014-03-22-respect-250

How do you get spyware on your victim, er, target's phone? Have Mac users changed their attitude to security? And how deep does privacy run at WhatsApp?

Find out in 60 seconds!

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

WhatsApp and privacy - will Facebook make things better, worse, or both?

wa-padlock-250

WhatsApp, the super-popular SMS replacement acquired by Facebook for $19 billion, continues to wrestle with a thorny problem.

How can it tame the public's attitude to its own attitude to privacy?

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Advice on getting the most from Windows XP, courtesy of the Google Play Store

doitall-250

Google Play just recommended some technical books I might like.

To help me get the most out of Windows XP...

Anatomy of a Bitcoin phish - don't be too quick before you click!

bc-250

Paul Ducklin looks at a recent Bitcoin phish, and offers some tips on how not to get suckered in just because things look familiar...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

PWN2OWN Day Two - Chrome and Safari join the losers

p2o-d2-250

Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing

p2o-250

PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

SSCC 138 - Patching, zero-days, XP, APTs and CryptoLocker [PODCAST]

sscc-138-thumb-250

Join the dynamic duo for another entertaining quarter-hour on security.

There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about CryptoLocker.