Exploit

(get it in RSS or Atom)

SSCC 157 - Routers, Browsers, Zombies and Sysadmins [PODCAST]

chet-chat-logo-featured-250

Here it is...this week's Chet Chat security podcast.

In this episode: fixing routers, trusting browsers, killing zombies and showing TLC to sysadmins.

Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprises

fftb-250

Firefox 31 is out.

So is its updated conservative older brother, the Extended Support Release, now at 24.7.

And Firefox's email-oriented cousin Thunderbird gets updated, too.

SoHo routers to get hacker-style scrutiny in return for "awesome" prizes

soho-250

Buy a $50 SoHo router, plug it in, press a couple of buttons.

Bingo! A connected household! What could possibly go wrong?

If history is any guide, quite a lot...

It's all about trust! 60 Sec Security [VIDEO]

60ss-video-250

Watch 60 Second Security for 19 July 2014 - it's all about trust!

Cisco warns of big remote management hole in tiny routers

cisco-250

Even little routers can have giant holes, as Cisco warns in a just-published security advisory.

Oracle's "Patch Tuesday" brings 113 patches across 13 product families

0-250

Oracle's July 2014 security patches are out, and there's a ton of them.

Literally and figuratively...

LibreSSL ships first portable version, now up to 48% less huge!

LibreSSL, OpenBSD's drop-in replacement for OpenSSL started after the pain of Heartbleed, has just published its first "portable" version.

If you're a coder and you're interested in security, why not try it and see what you think?

Patch Tuesday wrap-up, July 2014 - Adobe fixes "Rosetta", plus a new risky file type on Windows...

pt-250

Patch Tuesday for July 2014 is just behind us in the case of Microsoft and Adobe, and just ahead of us in the case of Oracle.

Paul Ducklin tells you what you need to know...

Monday review - the hot 22 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Patch Tuesday for July 2014 - 6 bulletins, 2 RCEs, 3 EoPs and get ready to reboot

pt-2014-07-250

Here's what to expect from Microsoft in the July 2014 edition of Patch Tuesday, scheduled to ship on Tuesday 08 July 2014...

Is Apple slack at security on iOS? 60 Sec Security [VIDEO]

60ss-video-250

What went wrong with PayPal's 2FA? Why did Microsoft do an email U-turn? Is Apple slack at security on iOS?

It'll only take a minute to find out...

SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]

chet-chat-logo-featured-250

Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google's End-To-End email encryption plugin save the world?

Find out with Chet and Duck in this week's Chet Chat podcast...

Anatomy of a buffer overflow - Google's "KeyStore" security module for Android

ks-250

Here's a cautionary tale about a bug, courtesy of IBM.

Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.

Apple ships updates, including Snow Leopard (ONLY KIDDING!)‏

apple-250

Apple just published its latest round of updates for iOS, Apple TV, Safari and OS X, including dozens of security fixes.

OS X Snow Leopard users...we're afraid you missed out once again.

TimThumb plugin for WordPress - zero-day remote code execution hole disclosed, quickly fixed

thumb-250

WordPress sites with the TimThumb image thumbnailing plugin could be taken over by attackers.

Paul Ducklin looks at what went wrong and explains how to fix the hole...

"Towelroot" app makes it easy to root Galaxy S5 and other locked Androids...

towels-250

Galaxy S5 users will be cheering. System administrators are probably groaning.

Paul Ducklin looks at an Android-era variant of Hamlet's dilemma: "To root or not to root, that is the question."

SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]

chet-chat-logo-featured-250

Chester Wisniewski and Paul Ducklin present this week's edition of the regular Sophos security podcast, the "Chet Chat."

In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada's long, long, long-awaited anti-spam law.

59 vulns in IE, teenager versus Turing, and Twitter gets wormed - 60 Sec Security [VIDEO]

60ss-video-250

Is 59 vulns in IE some kind of record? Did a computer really pass the Turing Test? Can a network worm ever be a joke?

Find out in one minute!

Patch Tuesday wrap-up, June 2014 - both Adobe and Microsoft close "remotable" holes

istock_patchtuesday250

Microsoft fixed 59 vulnerabilities in Internet Explorer alone this month.

Is that worryingly bad, or pleasingly good?

Paul Ducklin investigates what actually came down the chute in the June 2014 Patch Tuesday...

Patch Tuesday for June 2014 - 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole

pt-june-2104-250

You'll be patching and rebooting everything this month.

Paul Ducklin gives you a brief overview to help you prepare.

He also explains some vulnerability terminology you might not have heard before...