Latest Articles

Monday review - the hot 20 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]


How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed" - would 2FA have helped?


Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"

Paul Ducklin takes a look...

$50 million thief pleads guilty

$50 million thief pleads guilty

Cameron Harrison of Georgia, US, was part of a large credit card fraud gang associated with the website, believed to be responsible for around $50 million in losses around the globe.

In-flight WiFi providers go above and beyond to help feds spy on us

In-flight WiFi providers go above and beyond to help feds spy on us

Documents have come to light in which Gogo brags about how it not only complies with a federal law for compliance with law enforcement; it actually goes above and beyond requirements to give law enforcement extra special surveillance sauce, it says. And it's not the only one...

SSCC 142 - Heartbleed explained, Patches assessed, Apple chastised [PODCAST]


Chet and Duck explain what you can do about the big ticket security news items of the past week.

The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.

Proposed law seeks to make retailers financially responsible for data breaches

Money. Image courtesy of Shutterstock.

Fallout from the epic Target data breach continues, as state lawmakers seek to hold retailers liable for financial damages caused by breaches spawned by their businesses, rather than financial institutions who issue credit and payment cards.

"Heartbleed heartache" - should you REALLY change all your passwords right away?


There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

Facebook will show more on-screen privacy setting explanations

Facebook will show more on-screen privacy setting explanations

Facebook admitted that users are confused about privacy. Between a blue privacy dinosaur who's already popping up to remind us to check privacy settings and upcoming on-screen explanations of who's seeing what when we share, we'll all be a bit less muddled.

"David vs Goliath & Godzilla" - Hollywood files lawsuit against Megaupload

Cinema. Image courtesy of Shutterstock.

The Kim Dotcom/Megaupload mega-saga continues, with six mammoth movie studios filing suit against what they say is the former file-sharing site's mega-monster-mind-numbingly-massive copyright infringement.

Google takes down fake anti-virus app that duped 10,000 users on Play Store


The Virus Shield app cost $3.99 and claimed to be a scanner that protected Android devices from viruses, while promising to never annoy users with pop-up ads found on many free apps.

Too bad for the 10,000 people who paid for it - Virus Shield was a fake.

Facebook data scraped, people profiled as "jerks" and scammed by, FTC says

Jerk. Image courtesy of Shutterstock. allegedly scraped content from people's Facebook listings, put it up on its site, invited the world to throw rotten fruit at by clicking on a "jerk" or "not a jerk" button, and then had the outrageously uber-jerky jerkiness to charge people $30 to be able to (supposedly but not really) dispute.

Patch Tuesday April 2014 - XP's last breath


Patch Tuesday for April 2014 is here. In addition to being the final Windows XP fix released by Microsoft we have fixes for all versions of Windows, Office and even an Adobe Flash update.

Anatomy of a data leakage bug - the OpenSSL "heartbleed" buffer overflow


An information disclosure vulnerability has been found, and promptly patched, in OpenSSL.

Paul Ducklin takes a look at what went wrong in the code... Lothario cons woman out of her retirement savings Lothario bilks woman out of her retirement savings

A New Jersey, USA, woman lost her retirement savings after she fell for a phony cutie. Here's some advice for internet romancers.

Triathlon camera drone falls out of the sky, owner claims it was hacked

Triathlon camera drone falls out of the sky, owner claims it was hacked

A drone that was supposed to be filming an Australian triathlon fell out of the air and struck a triathlete in the head, sending her to hospital on Sunday. The drone's operator is suggesting hacking via wireless channel-hopping, while others are questioning why the drone was put into use in the race after it had already acted out earlier that day.

Fancy a free upgrade from XP to Windows 8.1? Here's how...


Don't get too excited.

If you're one of those XP users who thinks that Microsoft should support you forever, for nothing, this isn't for you.

But there *are* free Windows licences up for grabs.

The 'Privacy Dinosaur' urges Facebook users to check their privacy settings

The 'Privacy Dinosaur' urges Facebook users to check their privacy settings

Users who haven't adjusted their privacy settings will see the experimental dino-message whenever they attempt to share a status update, link or photo that would otherwise be visible to everyone, hopefully eliminating accidental public postings.

8 charged in AT&T ID theft fraud case, including outsourced contractor

8 charged in AT&T ID theft fraud case

"Authorized users" were added to customers' bank accounts, allowing the alleged fraudsters to request new cards in their names to make purchases and withdraw cash. As with other recent cases, the weak link was supposedly working for AT&T in an outsourced job function.