(get it in RSS or Atom)

Patch Tuesday April 2014 - XP's last breath


Patch Tuesday for April 2014 is here. In addition to being the final Windows XP fix released by Microsoft we have fixes for all versions of Windows, Office and even an Adobe Flash update.

Online clothing store Witchery lets customers view - and edit! - each other's personal information

According to a News Limited report, customers visiting clothing retailer Witchery's mobile website were able to get at the PII of other users via a feature called "track my order."

Customers could also view every order currently being processed, not just their own...

US local police department pays CryptoLocker ransom

Police advice if you are hit by CryptoLocker is to take it on the chin, and not to pay up.

That's a pretty hard demand to make of anyone, and all but impossible to insist on for everybody, but you would at least expect the police themselves to follow it...

Please don't spread the Facebook "giraffe picture" hoax!


A bizarre warning is circulating on Facebook urging you not to change your profile picture to a giraffe.

It's a hoax - so please don't spread it, even if you think it's amusing: false alarms just make us collectively less likely to react when there really is a problem.

Good morning, Las Vegas! Some genuinely serious hints to finish the #sophospuzzle in time!


C'mon BlackHatters! You're way behind the Rest Of World in solving the #sophospuzzle.

There's still time to win that 3D printer!

With these hints, there is no excuse...

Sysadmin day? *SYSADMIN DAY*? Angry techie takes against Naked Security...


No sooner had we launched our "Worst things to ask a sysadmin" poll than we received an anonymous email from a disgruntled sysadmin called Simon Oliver Meone.

He questioned the relevance of the questions in the poll...

AT&T hacker and internet troll 'Weev' appeals 41-month prison sentence

AT&T hacker/Internet troll 'Weev' appeals 41-month prison sentence

The EFF has filed an appeal seeking to free the hacker and self-described internet troll, who exploited a hole in AT&T's publicly facing website to siphon the personal data of more than 100,000 iPad owners.

Monday review - the hot 15 stories of the week

Monday review

It's weekly roundup time. Here's all the great stuff we've written in the past seven days.

Beware Twitter "password check" sites - there are fakes, and there are fake fakes!


After a widely publicised hack or data breach, you'll often find "password check" sites springing up.

Some of them are legitimate, but other password check sites are as bogus as they sound on the surface...

Monday review - the hot 31 stories of the week

Here you go.

All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

Sophos staff win Movember contest while raising money for prostate cancer research

Onur Komili from Team Mophos

Sophos Vancouver steps up to raise funds for men's health research and wins some contests in the process.

Shh/Updater-B false positive by Sophos anti-virus products

Default image

Some Sophos customers have reported detections today of Shh/Updater-B. Sophos would like to reassure users that these are false positives and are not a malware outbreak.

SKA - no longer a troublesome mass-mailing computer virus

SKA - no longer a troublesome mass-mailing computer virus

In computer security history, the word Ska is most notably associated with a widespread mass-mailing virus also known as Happy99.

Happily, that association has recently been subsumed by an ambitious astronomical project - one which brings astonishing computer science challenges all of its own.

Motorists warned of Dalek invasion by hacked road sign

Daleks hack road sign

First there was a warning that there were zombies on the road ahead..

Now it's the turn of the Daleks.

The full AusCERT 2012 #sophospuzzle - cut, paste, solve, NERF!


Here is the full text of the #sophospuzzle from this year's AusCERT T-shirt.

Cut, paste, solve and get in the running to win a NERF gun.

US Army warns about the risks of geotagging


With the dangers of geotagging more than obvious for soldiers, the US Army is also warning civilians against tagging their every move.

Best Corporate Security Blog awarded to Naked Security at RSA


The Social Security Blogger Awards was held once again at RSA in San Francisco last week and Naked Security is proud to have taken home another trophy.

MegaUpload data could be deleted by Thursday

delete button

According to reports, hosting companies may start deleting MegaUpload users' content from their servers as soon as Thursday - regardless of whether or not the content is legal.

US Police use games consoles in crime investigations

xbox console

Police in the US use XBox 360 and PS3s as key parts of investigations. With police now cooperating more closely with companies like Microsoft, is it time to ask for greater transparency about their relationships?

Join us for the Sophos Security Threat Report webcast January 26th


Join Chester Wisniewski and James Hilliard for a webcast covering the latest security developments from the second half of 2011 on January 26th, 2012 at 19:00 UTC/2PM Eastern time.