Latest Articles

Microsoft pulls Patch Tuesday kernel update - MS14-045 can cause Blue Screen of Death

bsod-8-250

MS14-045, which fixes various security holes in the Windows kernel, can cause a BSoD and leave you stuck in a reboot loop.

Here's how to escape...

The EPIC edition - 60 Sec Security [VIDEO]

60ss-video-250

One less opt-in app, one more Android virus, and a bunch of EPIC failures...

All in this week's 60 Second Security.

Google adds deceptive software warnings to Safe Browsing service

Warning sing. Image courtesy of Shutterstock.

The days of having your homepage switched or suddenly discovering a mysterious toolbar in your browser may be set to come to an end following an announcement from Google yesterday. From next week, Chrome will display a message whenever a piece of software attempts to do anything sneaky or unexpected with your browser or computer.

Thousands of computers open to eavesdropping and hijacking

Thousands of computers open to eavesdropping and hijacking

Many, many people and businesses are running a remote access tool, Virtual Network Computing, without a password. The tool lets people see everything we do online or reach through and take over our systems. The list of exposed sites is astonishing: everything from power stations to pharmacies to people watching porn.

Snowden: NSA working on 'MonsterMind' cyberwar bot

Snowden: NSA working on 'MonsterMind' cyberwar bot

The cyber defense system would instantly and autonomously neutralize foreign cyberattacks against the US and could also be used to launch retaliatory strikes. To do so, it would have to control and analyze all traffic entering the US - a chilling prospect that was the last straw, the whistleblower says.

The top 5 privacy failures - what's the most epic fail of all? [POLL]

Epic privacy fails

The list of culprits in our eroding privacy is long, but some privacy fails stand out above the rest. So we're calling out five privacy killers that deserve an extra level of shaming.

Take our poll, and help us crown the most epic privacy fail of all ...

Apple Safari for OS X gets "click-to-own" security holes patched

safari-250

The 6th Safari security update in 10 months is out.

With fixes for 7 potential remote code execution holes, get it while it's hot...

Good bot, bad bot? 23 million Twitter accounts are automated

Good bot, bad bot? 23 million Twitter accounts may be automated

Its latest SEC filing says that 8.5% of active monthly users are automatons, which could mean there are a boatload of bots on the service. Some are spam, some are useful, some are just publications' own, automated Twitter feeds.

Facial recognition software leads to arrest after 14-year manhunt

Facial recognition software leads to FBI success in 14-year manhunt

A former US resident from New Mexico was captured in Nepal after 14 years on the run. The fugitive's passport photo matched up with a newly issued wanted poster. Does the capture of a suspected child abuser justify the use of a technology that hasn't yet had privacy implications ironed out?

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

chet-chat-logo-featured-250

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Gmail introduces filters for non-Latin characters, weeding out more phishing emails

Using non-Latin characters that look very similar to their ASCII counterparts helps scammers, spammers and phishing crooks send emails from legitimate-looking addresses. Now Google's putting a stop to that with a set of new spam filters.

Patch Tuesday wrap-up, August 2014: RCE + ASLR bypass + EoP == patch early, patch all!

pt-250

Patch Tuesday is here again.

Paul Ducklin explains how this month's vulnerabilities can work together for harm, and why *all* the updates matter, not just the ones that ended up with a "critical" or "severe" tag...

DEA paid out $854,460 for free Amtrak passenger data

Amtrak secretary cons $854,460 out of the DEA by selling 'free' passenger data

Since 1995, a former Amtrak employee has been selling passenger data to the US Drug Enforcement Administration - information that cost the DEA $854,460, but which it could have gotten for free.

Facebook ordered to disclose records on underage users

Facebook ordered to disclose records on underage users

Facebook says it doesn't keep them longer than six months, but a court in Belfast is nonetheless ordering it to hand over any records it might have or control about its underage users. The case concerns a girl who, starting at the age of 11, took out four Facebook accounts and used them to post sexually suggestive photos.

Why the Facebook Messenger app is not the privacy nightmare people think it is

Facebook Messenger

There's good reason to be skeptical of Facebook when it comes to privacy, but the Facebook Messenger app isn't the privacy nightmare that some people think it is. Here's why ...

War Kitteh hunts out your unsecured Wi-Fi

Coco the wardriving cat reminds you to secure your Wi-Fi

Coco the cat was outfitted with Wi-Fi sniffing equipment in his collar, enabling him to map out 23 unique Wi-Fi hotspots, 4 of which used feeble WEP encryption, 4 of which were wide open, requiring no password. He also caught a mouse, showing him to be adroit in both analog and digital media.

Most people think public Wi-Fi is safe. Seriously?

Most people think public Wi-Fi is safe. Seriously?

Talk about dismaying numbers! In Ofcom's recent report, three quarters of the public were unconcerned about security when accessing Wi-Fi outside of their homes, and were quite happy to do *anything* on public Wi-Fi. Help us educate them, please!

Android "Heart App" virus spreads quickly, author arrested within 17 hours

Q. How to attract the attention of the police if you're a bored student on summer vacation?

A. Write a virus that unleashes 20,000,000 SMSes, infects 100,000 devices, and steals personal data...

Pwnie Awards for Heartbleed, "goto fail", Mt. Gox

Pwnie Awards

The golden My Little Pony statuettes have been passed out at the Black Hat Security 2014 conference, commemorating select infosec glories and groans. Best song: the haunting "SSL Smiley Song", sung to the tune of "Jingle Bells".

Apple iPads and MacBook Pros banned for Chinese government use

noapple-250

China has banned government officials from buying Apple products, reportedly to avoid the possibility of the US hijacking the technology to spy on Beijing.