IT

(get it in RSS or Atom)

League of Legends online game joins the League of the Hacked

League of Legends online game joins the League of the Hacked

Online real-time strategy game League of Legends, from Riot Games, is the latest large web property to own up to a data breach.

There's a silver lining, namely that the company's notification is frank and helpful, stating clearly what was stolen, and what wasn't.

Microsoft speaks out on Flame malware certificate forgery

Microsoft speaks out on Flame malware certificate forgery

Microsoft has now gone public with additional information about the certificate forgery in the Flame malware. The attackers used an MD5 collision.

Learn more about hash collisions, and how to avoid them in your own IT environment.

One weekend, one million jailbreakers - what should Apple do next?

One weekend, one million jailbreakers - what should Apple do next?

Last weekend, Chronic Dev tweeted about the latest jailbreak tool for Apple's iDevices. In just two days, nearly one million people used it.

With such clear minority interest in jailbreaking, what should Apple do next?

Anatomy of an exploit - six, in fact - as Google reveals details of Pwnium hack against Chrome

chromium-with-bullet-hole

Breaking into a browser isn't as easy as it was a few years ago. Back then, many browsers ran as a single monolithic process which could be leapt in a single bound.

That's unusual these days, so this is a hacking story of considerable derring-do.

Wales announces World's First Wikipedia Town

Wales announces World's First Wikipedia Town

You might not yet have heard of Wikipedia GLAM. It's a project targeting galleries, libraries, archives and museums, aimed at "improving Wikipedia's coverage of topics related to the cultural sector".

Intriguingly, GLAM has just notched up its first Wikipedia Town.

SSCC 91 - Utah explains data breach, Facebook hacker jailed, FlashBack removal for Leopard, Pentagon expands data sharing

Sophos Security Chet Chat

This week's Chet Chat returns to our usual news format this week with guest Gary Korhonen (@hundredaire). Gary and Chet discuss the Utah data breach, Facebook hacker's prison term, OS X Leopard's FlashBack removal tool, Pentagon data sharing and Operation Phish Phry sentencing.

Anatomy of a security hole - the break that broke sudo

sudo-logo-250

A recently-patched bug in the widely-used sudo command makes for interesting reading.

The patch reminds us of some important points in security-related programming.

Practical IT: how to manage cost-effective penetration testing

resultsoftest

Penetration testing is a valuable but tool but can quickly get expensive. Focusing on testing the right things in the right manner is key to getting the best bang for your buck.

Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities

Apple offers iOS 5.1.1 update, fixes some serious vulnerabilities

Apple's latest update to iOS just came out.

Version 5.1.1 is more than just a cosmetic fix: it patches at least three security flaws, all of which should be considered serious.

View from the IT desk: A little more conversation, a little less action

View from the IT desk: A little more conversation, a little less action

A computer appears to have been hacked, or infected by malware.. but is there a more down-to-earth explanation?

Carl Blackett, an ICT Security Architect at Norfolk County Council, explains why you shouldn't be too quick to push the panic button.

Only 4% of IT staff trust users: free security toolkit now available

Apple education

User education is of course a great idea, but we all know how hard it is to get the messages across in a clear and memorable way. Sophos launches a free education toolkit to help the poor IT guys who are responsible for user education.

Practical IT: how to assess a third-party provider's security (part 2)

security_thumb

In the second part of his article on how to assess the security of a third-party provider, Ross McKerchar takes a look at security functionality.

FLAMING RETORT: All this new Mac malware - whose fault is it?

FLAMING RETORT: It's all your fault!

Flaming Retort is back, this time trying to Coole and Explayne the flames we've had from some Mac users in the past few days.

In a back-to-front way of making Mac fans feel better, I'll start by making everyone feel slightly worse, taking a small potshot at Windows, OS X and Linux fans alike.

BSides Austin - Security tools for the cloud, password storage, GoogleTV hacks, card key hacking and how to get ahead in IT

BSides Austin - In the clouds

There were lots of fantastic presentations at BSides Austin last week, here are a few of our favorites.

New version of Sabpab Mac Trojan emerges, spread via Word documents

bad-apple-thumb

A new version of the Mac OS X Sabpab Trojan horse has come to light, and rather than relying upon a Java vulnerability - it appears to be exploiting malformed Word documents instead.

BSides Austin - Verizon DBIR, cloud security and the importance of randomness

BSides Austin - Verizon DBIR, Cloud and the importance of randomness

A summary of talks from BSides Austin including the Verizon Data Breach Investigation Report, the state of cloud security and the importance of high quality random numbers in cryptography.

Patch Tuesday April 2012 - Critical updates for Windows, Office and Adobe Reader

Patch Tuesday for October 2012

Microsoft released six patches for eleven vulnerabilities today for Windows, Office, SQL and other products. Adobe also updated their Reader app to fix four vulnerabilities that can be exploited by malicious PDF files.

SSCC 87 - Mac botnet, Global Payments, Flash Player updater, AES-NI and cloud encryption

Sophos Security Chet Chat

David Schwartzberg is this week's guest on the Chet Chat to talk about the data breach at Global Payments, a new Mac botnet and Flash Player updating. David also explained the new AES-NI encryption acceleration in Intel chips and a new way to safely store files in the cloud.

Easter eggs, with a side order of scareware

Easter eggs, with a side order of scareware

Planning some activities this Easter? Perhaps buying some Easter eggs? Maybe hand decorating some eggs?

Before you go searching for tips, take a read of this post which highlights how seemingly innocent search terms can lead to malware.