Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

How to send 5 million spam emails without even noticing

spam-250

Before you read the article, see if you can guess, to the nearest million, how many spams a 10,000-strong botnet might realistically send each week.

Commit yourself first, and then read the story of the SophosLabs "honeybot"!

Facebook iPhone 6 scams - how NOT to get sucked in

free-stuff-250

We "do the math" to help you explain to your friends and family why they are NOT getting a free iPhone 6 for clicking Like!

"BadUSB" - what if you could never trust a USB device again?

usb-tangle-250

Imagine if you had to throw away your USB devices after letting someone else use them...

Security must come first! 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's 60 Second Security.

News you can learn from, in just one minute...

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

How anyone can hack your Instagram account

instagram-250

Should you write instructions that tell everyone how to hack Instagram accounts, including advice like "wait for someone to use the Instagram iOS app"?

This security researcher did, after he was denied a bug bounty for reporting the problem...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

1,000,000 lost credit cards = £150,000 fine

p-pii-250

A UK travel company has been fined £150,000 for putting an "internal only" parking database system on the internet without securing it first.

The vulnerable system was used as a stepping stone for a crook to steal more than 1M e-commerce records.

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

A Sysmas Carol - singing the praises of sysadmins everywhere!

sysmas-250

Ever felt as though there should be a song for system administrators?

Like a Sysmas Carol, perhaps, celebrating the 0x0C days of Sysmas?

Well, here it is!

Android "FBI Lock" malware - how to avoid paying the ransom

andr-cuff-250

The latest "FBI Lock" Android ransomware reported by SophosLabs follows a familiar theme.

But it has a slight sting in the tail to make it trickier to remove, so we thought we'd take you through the steps...

Android app market pirates busted by FBI

pirate-250

Six Americans charged with large-scale piracy of Android apps.

But what about their "customers"?

Is there really an increased risk of malware from unlawfully acquired apps?

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprises

fftb-250

Firefox 31 is out.

So is its updated conservative older brother, the Extended Support Release, now at 24.7.

And Firefox's email-oriented cousin Thunderbird gets updated, too.

Dirty Dozen Spampionship – which country is spewing the most spam?

The World Cup may be done and dusted, but the Spampionship continues!

Where did you come in our spam-sending league tables?

SoHo routers to get hacker-style scrutiny in return for "awesome" prizes

soho-250

Buy a $50 SoHo router, plug it in, press a couple of buttons.

Bingo! A connected household! What could possibly go wrong?

If history is any guide, quite a lot...

It's all about trust! 60 Sec Security [VIDEO]

60ss-video-250

Watch 60 Second Security for 19 July 2014 - it's all about trust!

Cisco warns of big remote management hole in tiny routers

cisco-250

Even little routers can have giant holes, as Cisco warns in a just-published security advisory.

Oracle's "Patch Tuesday" brings 113 patches across 13 product families

0-250

Oracle's July 2014 security patches are out, and there's a ton of them.

Literally and figuratively...