Security threats

(get it in RSS or Atom)

POODLEs, Sandworms and getting safe online - 60 Sec Security [VIDEO]

60ss-video-250

The week's security news, turned into an entertaining lesson, turned into a 1-minute video.

Enjoy...

Hackers who threaten national security could face life sentences

Hackers who threaten national security could face life sentences

Where damage to human welfare or national security is deemed serious enough, the proposed amendment to the UK's Computer Misuse Act 1990 could mean life in jail for hackers, and some experts believe the changes could be used to target whistleblowers.

Has the "Sandworm" zero-day exploit burrowed back to the surface?

sand-2-250

You may have noticed that Microsoft recently published a Security Advisory that sounds a lot like the "Sandworm" vulnerability all over again.

Paul Ducklin explains...

Twitter invites us to say goodbye to passwords, use Digits instead

Digits

Twitter's new credentials handling scheme is called Digits, and it's hoping that mobile app developers use it to enable their users to sign in with their phone numbers as identifiers, along with one-time passwords SMSed to the phones.

How to kill a troll

How to kill a troll

A new Pew study confirms what we already know: online harassment is a widespread disease afflicting the internet. Ignoring trolls and hoping they'll go away is actually quite effective, survey respondents said.

Then again, how about fighting back, instead? Change is possible, be it enabled by troll-blocking software, societal shift that sees trolling evolve into a stigma, or, if all else fails, calling their mothers.

Google goes beyond two-step verification with new USB Security Key

Google 2SV

Google's adding support for a physical USB second factor that will first verify the login site as being a true Google website, not a fake site pretending to be Google, before it hands over a cryptographic signature.

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

Is your phone line a '6-figure liability waiting to happen'?

The company telephone: A '6-figure liability waiting to happen'

Premium-rate service scams are sticking businesses - particularly small ones using local carriers - with outrageous phone bills, to the tune of $4.73 billion globally for 2013. Many businesses aren't even aware that they can be stuck paying the bill (or fighting it in court).

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.

Facebook prowls the internet looking for your password

Facebook prowls the internet looking for your password

Facebook explains that it's keeping its eye out for credentials - email, password combinations - dropped on sites after data breaches, running them against its own users' credentials to see if password reuse is going to land its users in trouble.

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

Apple kills the POODLE – also fixes Shellshock in case you forgot

poosdle-osx-250

Apple just shipped OS X 10.10 Yosemite - including a fix for the POODLE vulnerability.

Mavericks and Mountain Lion also got updates to kill the POODLE.

As for Lion, now three releases off the pace...bad news.

Average person has 19 passwords - but 1 in 3 don’t make them strong enough

Average person has 19 passwords - but 1 in 3 don’t make them strong enough

The vast majority of people are leaving themselves at risk of identity theft, fraud and extortion by not taking simple but necessary steps to protect themselves online, according to a new study.

'The Snappening’: stolen Snapchat photos site defaced, details of site owner published

Snappening fans deface Snapchat photos site after it comes down

Owner of TheSnappening.org photo site, Mudit Grover, took the stolen Snapchat images and the site down. But within hours, attackers identifying themselves as "Team Danny" allegedly took over the domain and published Grover's personal details.

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

Snapchat to address sketchy third-party apps with public API ... at some point

Snapchat logo

Oh, those darn third-party apps, their home-brewed APIs and their photo-leaking ways, Snapchat moaned on Wednesday morning, promising to cook up a public API to fix the situation... sooner or later.

South Korean ID system faces overhauls following 10 years of data thefts

South Korea flag. Image courtesy of Shutterstock

The South Korean government is considering reissuing national identity card ID numbers for every citizen over the age of 17, at the cost of billions of US dollars.

The "Sandworm" malware - what you need to know

sandworm-250

Fortunately, the Sandworm malware is a lot easier to deal with than the giant science fiction creature from which it takes its name.

In fact, in malware terms, it's not a worm at all.

Paul Ducklin takes a look...

Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn

Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn

A Facebook page set up to chronicle the extremely short life of a baby with the rare, terminal condition of anencephaly was hijacked within days of the infant's death and set to display lewd images. The parents, who had lost their child mere days before, fell for one of the most vile phishing attacks ever.