Organisations

(get it in RSS or Atom)

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

pt-250

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...

Why the Facebook Messenger app is not the privacy nightmare people think it is

Facebook Messenger

There's good reason to be skeptical of Facebook when it comes to privacy, but the Facebook Messenger app isn't the privacy nightmare that some people think it is. Here's why ...

Android "Heart App" virus spreads quickly, author arrested within 17 hours

Q. How to attract the attention of the police if you're a bored student on summer vacation?

A. Write a virus that unleashes 20,000,000 SMSes, infects 100,000 devices, and steals personal data...

Apple iPads and MacBook Pros banned for Chinese government use

noapple-250

China has banned government officials from buying Apple products, reportedly to avoid the possibility of the US hijacking the technology to spy on Beijing.

Monday review - the hot 20 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Microsoft scans email for child abuse images, leads to arrest‏

Microsoft scans email for child porn images

Microsoft detected two illicit images of a young girl when they were uploaded to a Pennsylvanian man's OneDrive cloud storage account. Before anybody starts worrying about snooping, be assured that humans weren't involved in looking at the email; rather, Microsoft's own PhotoDNA matched the images to those of known child abuse images.

Microsoft brings Internet Explorer's security into the 21st century

Microsoft brings Internet Explorer's security into the 21st century

Internet Explorer (IE) will finally catch up with rival browsers next week when it begins blocking out-of-date ActiveX controls.

How Google plans to encrypt the web

Google HTTPS

This could be an inflection point for web security. By making HTTPS something that impacts search results Google are applying the stick to an enormous security push that's been all carrots up to now.

Potato chips: Big Brother's next eavesdropping tool?

Potato chips: Big Brother's next eavesdropping tool?

A team of researchers from MIT, Microsoft and Adobe have figured out how to use sound vibrations in objects that are quivering too imperceptibly for the naked eye to discern, but when captured on video can be used to decipher intelligible speech.

Apple faces class action suit for tracking users without consent

Apple faces class action suit over location tracking

A Californian plaintiff says that nobody at Apple ever told her about tracking her whereabouts, nor did anybody ever ask for her permission. She says she only found out about it by watching a recent Chinese state TV report about iPhone being a security risk to the state.

Monday review - the hot 22 stories of the week

dow-250

Make sure you're up to date with everything we wrote in the last seven days - it's weekly roundup time.

Google tips off cops after spotting child abuse images in email

Google tips off cops after spotting child abuse images in email

A 41-year-old resident of Houston, Texas has been arrested after Google tipped off police that they had spotted child abuse images in his emails.

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Anatomy of an iTunes phish - tips to avoid getting caught out

Even if you'd back yourself to spot a phish every time, here's a step-by-step account that might help to save your friends and family in the future...

Hacking, spamming, rogue SMSes and browsers - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-min video...

60 Sec Security, 26 July 2014

Sony offers games as part of $15m Playstation Network breach settlement

Sony hacking suspect smashes computers to get out of prosecution

Sony has offered gamers digital goods as part of a $15m settlement in the 2011 PlayStation Network (PSN) data breach case.

Firefox slams Chrome again in our trustworthy browser poll

Our poll says Firefox is the most trusted browser, but there's a lot of distrust too

Firefox once again outpaced Chrome, IE, Safari and Opera as the most trusted web browser. But many are not happy with their browser choices when it comes to privacy.

Read on for some of the interesting comments our readers submitted ...

Android "FBI Lock" malware - how to avoid paying the ransom

andr-cuff-250

The latest "FBI Lock" Android ransomware reported by SophosLabs follows a familiar theme.

But it has a slight sting in the tail to make it trickier to remove, so we thought we'd take you through the steps...

Android app market pirates busted by FBI

pirate-250

Six Americans charged with large-scale piracy of Android apps.

But what about their "customers"?

Is there really an increased risk of malware from unlawfully acquired apps?