Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.
Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)
Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...
It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.
But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...
Apple users are updating to OS X Mavericks in large numbers, but not fast enough. Corporate users in particular have been slow to upgrade, which could have serious security implications.
November's Patch Tuesday includes updates not just from Microsoft, but Adobe and Google as well. Critical patches for Internet Explorer, Chrome and Adobe Flash Player lead the way this month.
Researcher Vladimir Katalov explained how documents and backups stored in Apple's iCloud can be accessed bypassing Apple's two-factor authentication, even when enabled, last week at the Hack in the Box conference in Malaysia.
Apple's OS X 10.9, better known as Mavericks, is officially out.
The burning question for OS X fans everywhere, of course, is, "Should I or shouldn't I?"
How do you copy fingerprints? Which is the most trustworthy browser? Who will use Facebook for payments? How long does an email address live?
Satisfy your curiosity with this week's 60 Second Security!
About a month ago I asked Naked Security readers: Which web browser do you trust? Your answer was emphatic: it's Firefox, and it accrued almost twice the number of votes of its nearest rival, Google Chrome.
We no longer choose our web browsers based on bells and whistles. These days its all about privacy and security and we'd like to know which browser (and which vendor) you trust to be your companion on the web.
An ongoing catfight has boiled up regarding whether these are features or security fright-fests, particularly given that the nontechnical masses aren't liable to know that they can, for example, tell Google not to store passwords or set up a master password in Firefox.
Apple has published updates for all supported versions of OS X and for Safari version 6.
A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes.
Are you an IT administrator still caring for Windows XP computers that are running Internet Explorer?
Google's latest announcement brings another good reason to upgrade your systems or switch to an alternative browser.
Apple released the latest update to iTunes today, version 11.0.3, fixing 41 vulnerabilities in the Windows version and 1 in the OS X version. Many of these flaws are rated critical and we advise you update as soon as possible.
Here's the latest episode in the popular "Chet Chat" series.
Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.
Apple has pushed out a Safari update to go along with this week's "Java Tuesday" fix.
It's supposed to give you finer-grained control over Java in your browser.
Paul Ducklin puts it through its paces...
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.