Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

Word zero-day, Snapchat blasted, MS-DOS released - 60 Sec Security [VIDEO]

2014-03-29-hiding-250

What should you do about the latest Word zero-day? What does Mr Rockefeller think of SnapChat? And is that MS-DOS I see before me?

Watch 60 Sec Security for 29 March 2014, and find out!

MS-DOS and MS-Word source code released for review - get it while it's new!

dos-welcome-250

You have GOT to see this! Early MS-DOS and Word for Windows source code, ready for security review!

Paul Ducklin and Gabor Szappanos take a bit of a trip down memory lane, and muse, "How different the 1990s might have been."

SSCC 140 - Does Windows have more holes than OS X? Whither messaging privacy? [PODCAST]

sscc-140-thumb-250

How bad is the latest Microsoft Word 0-day? Does OS X really need patching less often than Windows? What does Gmail's move to HTTPS-only really mean? And if WhatsApp has privacy coded into its DNA, is it coded into its app, too?

Chet and Duck get stuck in...

Microsoft issues alert for Word zero-day - booby-trapped RTF files already used in attacks

wordhazard-250

Booby-trapped RTF files have been found in the wild, exploiting a zero-day hole in Microsoft Word.

Microsoft has issued an alert.

Paul Ducklin gives you four tips for long-term safety against this sort of attack...

Bitcoin user loses $10K to typosquatters - tips to avoid opening your wallet to imposters

bc-logo-250

Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.

This week, it's a Bitcoin phish that relies on typosquatting.

Paul Ducklin offers some tips to keep you safe...

Phone spyware, Mac security, and WhatsApp privacy - 60 Sec Security [VIDEO]

2014-03-22-respect-250

How do you get spyware on your victim, er, target's phone? Have Mac users changed their attitude to security? And how deep does privacy run at WhatsApp?

Find out in 60 seconds!

SSCC 139 - PWN2OWN, browser updates, Target alerts, PCI DSS and phishing [PODCAST]

sscc-139-thumb-250

Is a browser less secure if more people like to hack it? Is it OK to ignore alerts simply because you get too many? Do you back yourself to spot every single phish? And just how smart is the Google Play Store?

Chester and Duck dissect these issues with their usual style in this week's Chet Chat podcast...

WhatsApp and privacy - will Facebook make things better, worse, or both?

wa-padlock-250

WhatsApp, the super-popular SMS replacement acquired by Facebook for $19 billion, continues to wrestle with a thorny problem.

How can it tame the public's attitude to its own attitude to privacy?

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Advice on getting the most from Windows XP, courtesy of the Google Play Store

doitall-250

Google Play just recommended some technical books I might like.

To help me get the most out of Windows XP...

Anatomy of a Bitcoin phish - don't be too quick before you click!

bc-250

Paul Ducklin looks at a recent Bitcoin phish, and offers some tips on how not to get suckered in just because things look familiar...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

PWN2OWN Day Two - Chrome and Safari join the losers

p2o-d2-250

Here are the PWN2OWN results from Day Two, and an overview of the final payouts.

Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....

PWN2OWN Day One - Reader, IE, Flash and Firefox felled, Java left standing

p2o-250

PWN2OWN Day One results are in!

The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...

SSCC 138 - Patching, zero-days, XP, APTs and CryptoLocker [PODCAST]

sscc-138-thumb-250

Join the dynamic duo for another entertaining quarter-hour on security.

There's Patch Tuesday, the impending end of XP, Advanced Persistent Threatitis, and some astonishing statistics about CryptoLocker.

Patch Tuesday wrap-up, March 2014 - critical from Microsoft, important from Adobe

tuesday-250

Five updates from Microsoft, with two of them critical, including an APB for Internet Explorer users.

One important from Adobe, making that three Flash fixes in just over a month.

Don't delay. Patch today!

On the trail of Advanced Persistent Threats...

apt-article-250

SophosLabs expert Gabor Szappanos has written a highly-recommended report entitled "Advanced Persistent Threats - the new normal?"

Szappi explains how exploits once seen only in APTs are appearing ever more widely in money-making malware, and why that puts us all at ever greater risk.

Microsoft Patch Tuesday - 5 bulletins, 2 critical, 1 for Mac users!

Microsoft's Patch Tuesday for March 2014, the second-to-last scheduled patch that Windows XP users are ever going to see, will fix critical holes in all versions of Windows.

OK, not quite all: Server Core installations will receive updates, but not critical ones.

Final countdown, CryptoLocker payout and Full Disk Encryption - 60 Sec Security [VIDEO]

2014-03-08-locked-250

XP is counting down - are you ready? Would you pay the CryptoLocker crooks? And should you use Full Disk Encryption?

Find out in just a minute...watch 60 Sec Security for 08 March 2014!

The Final Countdown - Windows XP end of support popup has started

countdown-250

Microsoft has announced that from Saturday 08 March 2014, Windows XP will openly start talking itself out of a job on your PC.

Watch out for unsolicited invitations to help you install the latest version of Windows in its place...