data leakage

(get it in RSS or Atom)

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

chet-chat-logo-featured-250

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Privacy and iOS 8, USMS blunder and Cryptowall ransomware - 60 Sec Security [VIDEO]

60ss-video-250

One minute of fun with a serious side...

60 Second Security - 21 June 2014

Patch Tuesday for June 2014 - 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole

pt-june-2104-250

You'll be patching and rebooting everything this month.

Paul Ducklin gives you a brief overview to help you prepare.

He also explains some vulnerability terminology you might not have heard before...

SSCC 147 - Why Snapchat will have to tell you the truth about security now [PODCAST]

sscc-147-250

As usual, Chester Wisniewski and Paul Ducklin turn their insightful and entertaining gaze on the security lessons we can learn from the past few days.

Give it a listen - it's our weekly quarter-hour security podcast...

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Is Apple finally getting real about security? 60 Sec Security [VIDEO]

2014-05-10-thumb-0250

Where does the data breach buck stop? Why do they call them "secret" links? And is Apple finally getting real about security?

Find out in "60 Second Security" for 10 May 2014

SSCC 146 - Target, Microsoft, Dropbox and the mysterious "Webdriver Torso" [PODCAST]

sscc-146-thumb-250

Have a listen to the latest episode of our weekly security podcast.

Sophos security experts Chester Wisniewski and Paul Ducklin look at what we can learn from the latest news.

Dropbox stumbles over security and privacy of secret links

shutterstock_womandroppingbox250

Another flaw in Dropbox has been discovered. Users sharing documents using a secret link may have inadvertently been sharing the secret link with sites they linked to from shared files.

Can we trust anyone with our personal info?

badge-250

Two very different criminal cases have just concluded on opposite sides of the Atlantic, showing how vulnerable our personal information is.

John Hawes explains why it's not just the Target-type megabreaches that are cause for concern...

The internet of everything - bringing more risk to more places

iot-250

The Internet of Things (IoT) is a ubiquitous buzz-phrase these days. The idea is that just about everything we make or use could be connected, allowing anything to be remotely controlled or monitored.

What could possibly go wrong?

SSCC 144 - iOS malware, fingerprint security, WhatsApp privacy, hacking the taxman [PODCAST]

sscc-144-thumb-250

How bad is the risk from iOS malware? What's the state of play in fingerprint security? Should you trust mobile apps? Is it wise to hack the taxman? What if Brian Krebs calls to warn you've been pwned?

Chet and Duck turn their wit and insight on the week's news...

Heartbleed bust, Fingerprint fakery, WhatsApp privacy SNAFU - 60 Sec Security [VIDEO]

fb-60ss-250

What happens if you hack your local tax office? Can you trust the Samsung Galaxy S5's fingerprint security? Did WhatsApp finally get security right in its app?

Find out the answers in one entertaining minute of video - it's 60 Second Security!

Don't share your location with your friends on WhatsApp

wapp-loc-250

A group of budding security researchers at the University of New Haven in Connecticut recently taught themselves a handy lesson about the difference between *liking* WhatsApp and *trusting* it.

Heartbleed sees first arrest in wake of Canada Revenue Agency breach

Heartbleed sees first arrest in wake of Canada Revenue Agency hack

The arrest of Stephen Arthuro Solis-Reyes, who is alleged to have grabbed 900 Social Insurance Numbers from the Canadian tax authorities over a period of six hours, marks the first time that authorities have apprehended someone in relation to the "heartbleed" bug in OpenSSL.

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]

2014-04-12-thumb-250

How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed heartache" - should you REALLY change all your passwords right away?

hb-250

There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

8 charged in AT&T ID theft fraud case, including outsourced contractor

8 charged in AT&T ID theft fraud case

"Authorized users" were added to customers' bank accounts, allowing the alleged fraudsters to request new cards in their names to make purchases and withdraw cash. As with other recent cases, the weak link was supposedly working for AT&T in an outsourced job function.

Word zero-day, Snapchat blasted, MS-DOS released - 60 Sec Security [VIDEO]

2014-03-29-hiding-250

What should you do about the latest Word zero-day? What does Mr Rockefeller think of SnapChat? And is that MS-DOS I see before me?

Watch 60 Sec Security for 29 March 2014, and find out!

Patch Tuesday - no critical updates for XP...then Microsoft adds two XP fixes after all

pt-feb-2014-250

Here's a quick run-down of what you'll face in the February 2014 Patch Tuesday update from Microsoft, which comes out tomorrow.