Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

Are you tired of weak or fake zero-day exploits? 60 Sec Security [VIDEO]

60ss-video-250

Watch our latest 60 Second Security video!

An entertaining but insightful look at the week's security woes - in just one minute...

SSCC 166 - A sleeping bag and a camping stove to queue for an iPhone? [PODCAST]

chet-chat-logo-featured-250

For your listening pleasure!

Here's the latest episode in our weekly podcast series...

Bash “Shellshock” vulnerability – what you need to know

shellshock-250

Shellshock is the media-friendly name for a remote code execution hole in Bash, a command shell commonly used on Linux and UNIX systems.

Paul Ducklin explains...

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

moz-250

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

Is it *really* such a bad idea to use a password twice?

reuse-250

We regularly warn you against using the same password for multiple accounts.

But if you memorise one really long and complex password, isn't that enough?

No! Here's why...

10 security holes that cybercrooks dream about - 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's episode of 60 Second Security.

Enjoy the latest security news in just one minute...

Apple ships a sevenfold security surprise, including iOS 8 and OS X 10.9.5

apple-upd-250

Apple doesn't have Patch Tuesdays, but it does have Update Surprisedays.

We just had one of them, with brand new and more secure versions of iOS, OS X and Safari.

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

chet-chat-logo-featured-250

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Apple adds two-step verification for iCloud, effective immediately

icloud-250

Apple has listened, and extended its two-step verification system to iCloud.

It's a great start...but does it go far enough?

Apple relents, lets you "depurchase" that U2 album you never bought in the first place‏

u2-250

Apple has listened!

The company has come up with a free Album Removal Tool that allows you to "unbuy" the U2 album that recently showed up in your iTunes account...

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it

browser-250

The Metasploit crew is calling this Android Browser bug a "privacy disaster.”

Here's what you can do to avoid trouble...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Why would we let you say "No" to something that's free? 60 Sec Security [VIDEO]

60ss-video-250

Here's our latest 60 Second Security video for your viewing pleasure.

Enjoy...

Apple's free gift: Did U get the album 2?

apple-u2-250

Apple's gift of a free U2 album for iTunes users?

Turns out it's "free" as in "compulsory"...

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

Apple Pay - just how safe is it going to be?‏

ap-watch-250

Apple Live 2014 saw the announcement of the Apple Watch, a free U2 album for all iTunes users, and the iPhone 6/6 Plus.

But perhaps of most interest to security watchers was "Apple Pay", Cupertino's guns-blazing answer to Google Wallet...

Patch Tuesday wrap-up, September 2014 - why even a single-bit data leak is worth fixing

patch-tuesday-denim-250

Here's what you need to know about the September 2014 Patch Tuesday updates from Microsoft and Adobe...

Home Depot says, "Er, yes, we did have a breach actually"‏

Home Depot

Just how big and bad it will turn out to be is still unknown...all we know so far is that Home Depot has officially confirmed that, yes, there was indeed a breach.

Tim Cook says Apple *does* care about iCloud Security. But is that enough? [POLL]

2sv-cloud-250

Tim Cook told the WSJ that, yes Apple *does* care about iCloud security, and will take steps to make it more secure.

Really?

How far would your sysadmins go to fix a problem? 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...