Tag Archives: data leakage

Telstra Bigpond users targeted in post-data-breach phishing campaign

by Paul Ducklin on December 14, 2011 | 2 Comments
at-on-hook-250

A phishing campaign targeting users of Telstra Bigpond, Australia's largest ISP, is urging users to confirm their billing information or risk suspension.

All pretty run-of-the-mill, but neatly timed given that Telstra suffered a data breach of customer information last Friday.

Share

Lost USB keys have 66% chance of malware

by Paul Ducklin on December 7, 2011 | 41 Comments
Lost USB keys have 66% chance of malware

We bought a stash of USB keys at a major transit authority's Lost Property auction, and took a look at the sort of information people leave on the train.

Two-thirds of the keys were infected with malware, and nothing on any of the keys was encrypted...

Share

Steam goes public on data breach - but will it delay the launch of Skyrim?

by Paul Ducklin on November 11, 2011 | 8 Comments
steaming-pot-250

Steam, the online empire of computer game behemoth Valve Corporation, has issued details of the hack it suffered last weekend.

If you're a Steam user, find out what you should be doing next...

Share

Android keylogging with no access to keystrokes?

by Paul Ducklin on August 26, 2011 | Leave a comment
typemotionsensor-square

July and August often produce some intriguing and unusual computer security research.

We've already written about BlackHat and DEFCON. Here's something from the USENIX HotSec workshop to pique your interest.

Share

Viral marketing company sets new security lows with 'frame a friend' campaign

by Paul Ducklin on August 23, 2011 | 9 Comments
mugshot-square

Aussie-headquartered voicemail company Messages On Hold is no stranger to guerilla marketing campaigns.

But the company's latest effort at viral marketing is surely one of the most irresponsible yet: you're invited to 'frame' a friend for a crime.

Share

Juicejacking - an emergency phone charge can be a security risk

by Paul Ducklin on August 19, 2011 | 27 Comments
prohibition-square

You've heard of hijacking. And carjacking, truckjacking and shipjacking. You've probably also heard of sidejacking, sheepjacking and clickjacking.

That's nothing. Here comes juicejacking!

Share

Canada mulls warrantless internet info-gathering powers for police

by Paul Ducklin on August 18, 2011 | 6 Comments
billc52-square

A bill before the Canadian parliament includes two clauses specifically to reduce the 'due process' imposed when the cops need information from ISPs.

It's obvious how this would help law enforcement. But it might help the cybercrooks, too.

Share

Another Korean data breach - GOMTV.NET spills user account data, including passwords

by Paul Ducklin on August 15, 2011 | Leave a comment
gomtv-square-200

GOMTV.NET, a global operation of South Korean streaming media provider Gretech, has reported a large-scale data breach. Poor password handling by Gretech made a bad thing worse.

Learn how to avoid making this sort of mistake with your own customers' data.

Share

Macbooks, Korea, Spamford busted, phones lost, Anonymous threat - 60 Sec Security

by Paul Ducklin on August 14, 2011 | 1 Comment
facebook-aflame-square

No, the headline isn't a misprint. 90 Second News is now 60 Second Security!

Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month. So here you go. 60 Second Security, once every two weeks.

Share

Undercover Facebook investigator highlights dilemmas in keeping children safe online

by Paul Ducklin on August 8, 2011 | 7 Comments
Undercover Facebook investigator highlights dilemmas in keeping children safe online

When it comes to looking out for your children online, it seems you're damned if you do, and damned if you don't.

Should you go digging into online adolescent cesspits yourself so you can better advise your kids? Or is that a creepy betrayal of trust?

Share

Bizarre Apple Safari cookie bug perplexes users

by Paul Ducklin on July 30, 2011 | 26 Comments
Bizarre Apple Safari cookie bug perplexes users

For the past few weeks, it looks as though Safari on OS X 10.6.8 has not been handling website cookies correctly.

This is a worrying flaw. If you're on 10.6.8, why not report the bug to Apple to get it fixed?

Share

Dear Earth, Last month I took a paternity test!

by Paul Ducklin on July 18, 2011 | 1 Comment
Dear Earth, Last month I took a paternity/drug test!

Of all the information you've entrusted to others, which would you consider the most embarrassing to see popping up on the internet?

How about the date of your latest paternity test?

Share

Dropbox lets anyone log in as anyone - so check your files now!

by Paul Ducklin on June 21, 2011 | 11 Comments
dropbox-square

Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they've entrusted to the service, following the company's admission that it messed up its access controls for several hours.

Share

Sony, Facebook controversy, FBI bust, Armenia cut off - 90 Sec News - April 2011

by Paul Ducklin on May 10, 2011 | 3 Comments
thumbnail-250

Don't just read the latest computer security news - watch it in 90 seconds!

This month: Sony suffers a cloudburst, Facebook courts controversy (again), the FBI busts Coreflood and Armenia gets cut off.

Share

Tom Tom sounds the privacy drum - road safety or no road safety!

by Paul Ducklin on May 2, 2011 | 3 Comments
Tom Tom sounds the privacy drum - road safety or no road safety!

Dutch GPS and navigation software giant, Tom Tom, recently took what I consider to be a small privacy step for the company, but a giant privacy step for mankind.

Is this the start of something new?

Share

Skype for Android leaks sensitive data

by Chester Wisniewski on April 17, 2011 | 7 Comments
androidfeaturedskype

The Skype application for Android devices has been shown to insecurely store sensitive information. This information even includes private chat logs, phone numbers and addresses of your contacts.

Share

April Fool: Apple iPad and other popular devices vulnerable to data loss through "substrate hack"

by Paul Ducklin on April 1, 2011 | 37 Comments
Apple iPad and other devices vulnerable to data loss through "substrate hack"

SophosLabs has found an alarming vector by which personal and private data can leak from smartphones and portable computing devices such as the Apple iPad and iPad 2.

Share

Data leakage and dictionary attack stories from RSA

by Paul Ducklin on February 19, 2011 | 8 Comments
pass-250

Duck is now on his way back from the RSA conference in San Francisco - from where he can tell you that the WiFi Terms and Conditions at the airport are still as onerous as they were last year - with an amusing fifth anecdote to add to his Travellers Beware series.

Share

What can you learn from the deluge of data leakage news?

by Chester Wisniewski on January 19, 2011 | Leave a comment
HandcuffedDrive250

Scottish courts lose sensitive documents at the recycling center, hospital insiders spy on high-profile patient records and Call of Duty: Black Ops. What? Yes, health care system exposes patient records on a server that was commandeered to serve as a first person shooter gaming server.

Share

Sophos Security Chet Chats 42 and 43

by Chester Wisniewski on January 14, 2011 | Leave a comment
Sophos Security Chet Chat 41

Sophos Security Chet Chat 42 features Tony Ross discussing the news and a advanced fee fraud scam he investigated originating in Ghana. In Chet Chat 43 Paul Ducklin of Sophos Australia is our guest bringing his perspective from down under about Patch Tuesday, Vodafone, this quarter's Dirty Dozen and the new Mac App Store

Share