Vulnerability

(get it in RSS or Atom)

Monday review - the hot 20 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Microsoft brings Internet Explorer's security into the 21st century

Microsoft brings Internet Explorer's security into the 21st century

Internet Explorer (IE) will finally catch up with rival browsers next week when it begins blocking out-of-date ActiveX controls.

Sophos Techknow - Firewalls Demystified [PODCAST]

techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

HP finds that "Internet of Things" gadgets are sitting ducks

70% of internet gadgets are sitting ducks for attackers

TVs, webcams, thermostats, remote power outlets, sprinkler controllers, door locks, home alarms, scales and garage door openers: they're all flunking Security 101, with issues as bad as "Sure, go ahead, we consider '1234' to be a perfectly acceptable password."

Security must come first! 60 Sec Security [VIDEO]

60ss-video-250

Here's this week's 60 Second Security.

News you can learn from, in just one minute...

Tor attack may have unmasked anonymous users

Freedom Hosting arrest and takedown linked to Tor privacy compromise

Two Carnegie-Mellon researchers had planned a highly anticipated talk at next week's Black Hat security conference - a talk that was cancelled when the university's lawyers freaked out - about how easy it is to break Tor anonymity. They're innocent until proved guilty, but The Tor Project says it was likely the two researchers are behind the attack.

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Hacker claims breach of Wall Street Journal and Vice

Malicious hacker claims breach of Wall Street Journal, Vice

W0rm's been quite busy and has already pulled this on CNET, and likewise is again offering to sell user data and server credentials for one Bitcoin.

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprises

fftb-250

Firefox 31 is out.

So is its updated conservative older brother, the Extended Support Release, now at 24.7.

And Firefox's email-oriented cousin Thunderbird gets updated, too.

Car hackers build anti-car-hacking gadget

Cars. Image courtesy of Shutterstock.

Besides yet more white-knuckled car-jacking stunts, security researchers Charlie Miller and Chris Valasek also plan to unveil at next month's Black Hat conference a prototype device meant to foil the type of hacks they've been throwing at cars.

SoHo routers to get hacker-style scrutiny in return for "awesome" prizes

soho-250

Buy a $50 SoHo router, plug it in, press a couple of buttons.

Bingo! A connected household! What could possibly go wrong?

If history is any guide, quite a lot...

It's all about trust! 60 Sec Security [VIDEO]

60ss-video-250

Watch 60 Second Security for 19 July 2014 - it's all about trust!

Cisco warns of big remote management hole in tiny routers

cisco-250

Even little routers can have giant holes, as Cisco warns in a just-published security advisory.

Oracle's "Patch Tuesday" brings 113 patches across 13 product families

0-250

Oracle's July 2014 security patches are out, and there's a ton of them.

Literally and figuratively...

LibreSSL ships first portable version, now up to 48% less huge!

LibreSSL, OpenBSD's drop-in replacement for OpenSSL started after the pain of Heartbleed, has just published its first "portable" version.

If you're a coder and you're interested in security, why not try it and see what you think?

SSCC 155 - cybercrime bust, cloud laws, phishing and malware back from extinction [PODCAST]

chet-chat-logo-featured-250

In this episode, Sophos experts John Shier and Paul Ducklin tackle the week's interesting security stories.

John and Duck get stuck into: a high-profile cybercrime arrest; how mainstream brands help phishers; and why macro malware is making a comeback.

Google Drive security hole leaks users' files

Google Drive security hole leaks users' files

The flaw, which Google recently patched, was giving out original documents to unauthorized users via embedded links. It's yet another example of how storing documents "in the cloud" means "heaven knows with whom".

Patch Tuesday wrap-up, July 2014 - Adobe fixes "Rosetta", plus a new risky file type on Windows...

patch-tuesday-denim-250

Patch Tuesday for July 2014 is just behind us in the case of Microsoft and Adobe, and just ahead of us in the case of Oracle.

Paul Ducklin tells you what you need to know...