Organisations

(get it in RSS or Atom)

Is Apple slack at security on iOS? 60 Sec Security [VIDEO]

60ss-video-250

What went wrong with PayPal's 2FA? Why did Microsoft do an email U-turn? Is Apple slack at security on iOS?

It'll only take a minute to find out...

SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]

chet-chat-logo-featured-250

Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google's End-To-End email encryption plugin save the world?

Find out with Chet and Duck in this week's Chet Chat podcast...

Microsoft takes down No-IP DNS domains in cybercrime fight - right or wrong? [POLL]

noip-250

Vote in our poll!

Was Microsoft's takeover of 23 of another company's domain names a justifiable step in dealing with cybercrime, or a disruptive step too far?

Anatomy of a buffer overflow - Google's "KeyStore" security module for Android

ks-250

Here's a cautionary tale about a bug, courtesy of IBM.

Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.

Supreme Court refuses to drag Google out of its Street View privacy wreckage

Supreme Court won't drag Google out of its Street View privacy wreckage

Google's planning to slurp up ever more data, from wearables, fitness apps and more. It sure would be nice for Google if the Street View fiasco would fade away and stop reminding people of how they snooped on data and then lied about it, but the Supreme Court isn't disposed to helping it out on this one.

Microsoft stops Patch Tuesday emails, blames Canada, then does U-turn

Email ban. Image courtesy of Shutterstock

The decree mentions "changing governmental policies concerning the issuance of automated electronic messaging" - a head-scratcher that Microsoft spokespeople subsequently clarified by pointing to a new Canadian anti-spam law that takes effect today.

Google looks to make OpenPGP easier for Gmail users

Google switches Gmail to HTTPS only

In early June Google announced a new project designed to create a Chrome plugin to allow end-to-end encryption of web-based emails using OpenPGP. We take a look at its current state and explain how it works.

Apple ships updates, including Snow Leopard (ONLY KIDDING!)‏

apple-250

Apple just published its latest round of updates for iOS, Apple TV, Safari and OS X, including dozens of security fixes.

OS X Snow Leopard users...we're afraid you missed out once again.

Anatomy of an Android SMS virus - watch out for text messages, even from your friends!

slf-logo-250

Paul Ducklin looks into "Andr/SlfMite-A", an Android SMS virus.

The malware sends itself to your top 20 contacts and foists an third party app for an alternative Android software market onto your device...

"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids...

towels-250

Galaxy S5 users will be cheering. System administrators are probably groaning.

Paul Ducklin looks at an Android-era variant of Hamlet's dilemma: "To root or not to root, that is the question."

Is that Google Glass wearer stealing your iPad passcode?

Tablet. Image courtesy of Shutterstock.

What about the one with a smartwatch? Snoopers can catch your code from nearly 10 feet away with Google Glass or Samsung's smartwatch and from almost 150 away using a HD camcorder, thanks to researchers' custom-coded, shadow-tracking recognition algorithm.

SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]

chet-chat-logo-featured-250

Chester Wisniewski and Paul Ducklin present this week's edition of the regular Sophos security podcast, the "Chet Chat."

In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada's long, long, long-awaited anti-spam law.

BoringSSL wants to kill the excitement that led to Heartbleed

Bored girl

Some things just aren't meant to be exciting. In fact some things are supposed to be so far from novelty, surprise and frivolity that any whiff of excitement at all is a bad sign indeed. Introducing Boring SSL...

Google and Microsoft want to kill your phone if it's stolen. Do you feel safer?

Kill switch

The law enforcement group Secure Our Smartphones is claiming victory after Google and Microsoft announced they will add a "kill switch" to their mobile operating systems.

Google forced to e-forget a company worldwide

Google forced to e-forget a company worldwide

Perhaps inspired by Europeans winning the right to be forgotten in Google search results last month, a Canadian court has ruled that Google has to remove search results for a Canadian company's competitor, not just in Canada but around the world.

Domino's Pizza hacked, customer database held to ransom

Domino's Pizza database stolen, passwords and toppings held for ransom

Hacker group, Rex Mundi, who claim to have cracked a Domino's Pizza database say they have stolen the details of more than 650,000 dough-loving customers. It says the data will be released later today if the pizza chain fails to pay a ransom of €30,000.

Google's after your health data with 'Google Fit' service

Dumbbells. Image courtesy of Shutterstock

Google's reportedly about to jump into the growing fitness data marketplace - a mosh pit that consumer advocates are already calling a privacy nightmare - to wrestle with Apple and Samsung for the data getting created by fitness trackers and health-related apps.

59 vulns in IE, teenager versus Turing, and Twitter gets wormed - 60 Sec Security [VIDEO]

60ss-video-250

Is 59 vulns in IE some kind of record? Did a computer really pass the Turing Test? Can a network worm ever be a joke?

Find out in one minute!

Has Apple killed off location analytics with this simple privacy enhancement?

wifi-location-iphone-250

A small change in iOS 8 will make privacy advocates happy, although it's going to be a tough pill to swallow for mobile marketers.

Here's what bugging your own office NSA-style can reveal

Eavesdropping. Image courtesy of Shutterstock.

A US reporter for National Public Radio found that NSA-style broad surveillance enabled by a pen-testing device and software crunching picked up on his research (in spite of Google's default search encryption), intercepted uncut interview tape, ferreted out his interview subjects' phone numbers and email addresses, and more.