data leakage

Important Apple security updates for Snow Leopard and Lion - get 'em today!

by Paul Ducklin on May 10, 2012 | 12 Comments
Important Apple security updates for Snow Leopard and Lion - get 'em today!

Hot on the heels of the iOS 5.1.1 release, Apple has pumped out a raft of security updates for Snow Leopard (OS X 10.6) and Lion (OS X 10.7) users.

Many vulnerabilities have been fixed, and Safari gets a really cool new safety feature. Find out more.

Share

FCC to Google - "We asked you nicely FIVE times, but now we are SERIOUS"

by Paul Ducklin on April 16, 2012 | 35 Comments
big-g-250

It looked as though Google had got away with its Street View WiFi data collection fiasco in the USA.

Until last Friday, when the FCC issued a resounding-sounding Notice of Apparent Liability for Forfeiture against the search giant.

Share

Have you seen this parrot?

by Paul Ducklin on April 10, 2012 | 10 Comments
Have you seen this parrot?

An escaped parrot teaches us all a couple of useful security lessons.

Find out how...

Share

SSCC 86 - online elections, "total internet disconnection", Facebook/privacy and PII for just 3c

by Paul Ducklin on April 3, 2012 | Leave a comment
SSCC 86 - on-line elections, "total internet disconnection", Facebook/privacy and PII for just 3c

In this week's episode, Paul Ducklin joins Chet to discuss online elections, "total internet disconnection", Facebook's new take on privacy, and PII at just 3c a hit.

As usual, Chet and Duck express strong opinions, with Duck even calling on those who are concerned about the erosion of online privacy "not to go quietly"...

Share

"Anti-virus is no good" - discuss

by Paul Ducklin on April 2, 2012 | 14 Comments
Anti-virus - is the glass half-empty, or half-full?

Security professionals, analysts, journalists and people in the pub: there's a vocal minority in all those groups which likes to be heard to say, "Anti-virus isn't good enough for today's threats".

But is it true? Paul Ducklin has his say.

Share

Telstra Bigpond users targeted in post-data-breach phishing campaign

by Paul Ducklin on December 14, 2011 | 2 Comments
at-on-hook-250

A phishing campaign targeting users of Telstra Bigpond, Australia's largest ISP, is urging users to confirm their billing information or risk suspension.

All pretty run-of-the-mill, but neatly timed given that Telstra suffered a data breach of customer information last Friday.

Share

Lost USB keys have 66% chance of malware

by Paul Ducklin on December 7, 2011 | 42 Comments
Lost USB keys have 66% chance of malware

We bought a stash of USB keys at a major transit authority's Lost Property auction, and took a look at the sort of information people leave on the train.

Two-thirds of the keys were infected with malware, and nothing on any of the keys was encrypted...

Share

Steam goes public on data breach - but will it delay the launch of Skyrim?

by Paul Ducklin on November 11, 2011 | 8 Comments
steaming-pot-250

Steam, the online empire of computer game behemoth Valve Corporation, has issued details of the hack it suffered last weekend.

If you're a Steam user, find out what you should be doing next...

Share

Android keylogging with no access to keystrokes?

by Paul Ducklin on August 26, 2011 | Leave a comment
typemotionsensor-square

July and August often produce some intriguing and unusual computer security research.

We've already written about BlackHat and DEFCON. Here's something from the USENIX HotSec workshop to pique your interest.

Share

Viral marketing company sets new security lows with 'frame a friend' campaign

by Paul Ducklin on August 23, 2011 | 9 Comments
mugshot-square

Aussie-headquartered voicemail company Messages On Hold is no stranger to guerilla marketing campaigns.

But the company's latest effort at viral marketing is surely one of the most irresponsible yet: you're invited to 'frame' a friend for a crime.

Share

Juicejacking - an emergency phone charge can be a security risk

by Paul Ducklin on August 19, 2011 | 27 Comments
prohibition-square

You've heard of hijacking. And carjacking, truckjacking and shipjacking. You've probably also heard of sidejacking, sheepjacking and clickjacking.

That's nothing. Here comes juicejacking!

Share

Canada mulls warrantless internet info-gathering powers for police

by Paul Ducklin on August 18, 2011 | 7 Comments
billc52-square

A bill before the Canadian parliament includes two clauses specifically to reduce the 'due process' imposed when the cops need information from ISPs.

It's obvious how this would help law enforcement. But it might help the cybercrooks, too.

Share

Another Korean data breach - GOMTV.NET spills user account data, including passwords

by Paul Ducklin on August 15, 2011 | Leave a comment
gomtv-square-200

GOMTV.NET, a global operation of South Korean streaming media provider Gretech, has reported a large-scale data breach. Poor password handling by Gretech made a bad thing worse.

Learn how to avoid making this sort of mistake with your own customers' data.

Share

Macbooks, Korea, Spamford busted, phones lost, Anonymous threat - 60 Sec Security

by Paul Ducklin on August 14, 2011 | 1 Comment
facebook-aflame-square

No, the headline isn't a misprint. 90 Second News is now 60 Second Security!

Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month. So here you go. 60 Second Security, once every two weeks.

Share

Undercover Facebook investigator highlights dilemmas in keeping children safe online

by Paul Ducklin on August 8, 2011 | 7 Comments
Undercover Facebook investigator highlights dilemmas in keeping children safe online

When it comes to looking out for your children online, it seems you're damned if you do, and damned if you don't.

Should you go digging into online adolescent cesspits yourself so you can better advise your kids? Or is that a creepy betrayal of trust?

Share

Bizarre Apple Safari cookie bug perplexes users

by Paul Ducklin on July 30, 2011 | 28 Comments
Bizarre Apple Safari cookie bug perplexes users

For the past few weeks, it looks as though Safari on OS X 10.6.8 has not been handling website cookies correctly.

This is a worrying flaw. If you're on 10.6.8, why not report the bug to Apple to get it fixed?

Share

Dear Earth, Last month I took a paternity test!

by Paul Ducklin on July 18, 2011 | 1 Comment
Dear Earth, Last month I took a paternity/drug test!

Of all the information you've entrusted to others, which would you consider the most embarrassing to see popping up on the internet?

How about the date of your latest paternity test?

Share

Dropbox lets anyone log in as anyone - so check your files now!

by Paul Ducklin on June 21, 2011 | 11 Comments
dropbox-square

Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they've entrusted to the service, following the company's admission that it messed up its access controls for several hours.

Share

Sony, Facebook controversy, FBI bust, Armenia cut off - 90 Sec News - April 2011

by Paul Ducklin on May 10, 2011 | 3 Comments
thumbnail-250

Don't just read the latest computer security news - watch it in 90 seconds!

This month: Sony suffers a cloudburst, Facebook courts controversy (again), the FBI busts Coreflood and Armenia gets cut off.

Share

Tom Tom sounds the privacy drum - road safety or no road safety!

by Paul Ducklin on May 2, 2011 | 3 Comments
Tom Tom sounds the privacy drum - road safety or no road safety!

Dutch GPS and navigation software giant, Tom Tom, recently took what I consider to be a small privacy step for the company, but a giant privacy step for mankind.

Is this the start of something new?

Share