(get it in RSS or Atom)

SSCC 134 - Patching, foisting, hacking and obfuscating [PODCAST]


Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.

Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.

Anatomy of a poisoned image: colour-coded JavaScript!


Colour-coded JavaScript?

Paul Ducklin looks into a malware writer's poisoned-image trick that tells an interesting (and, though it hurts to say it, an amusing) story of subterfuge and guile...

Are the websites you're using tracking what you type?

Is the website you're using tracking what you type?

Facebook, Twitter, Gmail or any webpage can track everything you do and could be keylogging your every pointer movement or keystroke. But it's how the internet has been since forever, though many, many people don't know it and are horrified to find out.

Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 2


Part Two of our examination of an IE exploit.

This is a great read if you want to get a feeling for how cybercrooks think. (Don't worry if you aren't technical: it's clear and jargon-free.)

Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day - Part 1


The latest IE zero-day explained.

This is a great read if you want to get a feeling for how cybercrooks think.

(Don't worry if you aren't technical: we've kept the code and jargon to a minimum.)

"Mailbox" app on iPads and iPhones runs JavaScript from emails - vulnerability or feature?


Italian computer scientist Michele Spagnuolo recently wrote about what he considered a security issue in the popular iPhone and iPad email app "Mailbox."

Not everyone agreed with him...

OpenX ad servers "pre-compromised" - official distro contained remote code backdoor


You don't always have to break into someone's web server to get them to deliver your malware for you. You can just break into the server they get their online ads from.

Or you can pre-infect the online ad server software so you can own it as soon as it is installed.

Google announces brand new web browser core, so does Mozilla

When you wait ages for a bus, and then three come along at once, it's not a coincidence: it's a side-effect of queuing and traffic lights.

But what about when three browser vendors make announcements on the same day?

Monday review - the hot 13 stories of the week

Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days with this handy weekly roundup

SSCC 105 - HP printers, Google blocks ad blockers, Apple does the 2-step, and more...


Have you joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 105, discussing a range of recent and newsworthy topics from the world of computer security.

Anatomy of a "feature" - should JavaScript be allowed to change a web link *after* you click on it?

A young web coding enthusiast from Manchester, UK, recently published a thought-provoking hackette intended to highlight the risks of relying only on "look before you click."

Paul Ducklin wants to know what you think of it...

Apple's own Macs bitten by Java-based malware attack


Apple released a statement today acknowledging that they were victims of the same attackers that Facebook talked about last week. A zero-day Java vulnerability infected Apple Mac developers through a drive-by attack.

Malware injected into legitimate JavaScript code on legitimate websites

Malware injected into legitimate JavaScript code on legitimate websites

SophosLabs has observed a trend of hackers inserting their malicious code into legitimate JavaScript hosted on legitimate compromised websites.

Learn more about what our experts have seen, and ensure that you have protection in place.

Java is not JavaScript - tell your friends!

Some people are worried that turning off Java also turns off JavaScript.

Despite their names, Java and JavaScript are completely different, and turning off Java will not turn off JavaScript.

Firefox 18 brings TURKTRUST update, Retina support, faster JavaScript - oh, and 20 other security fixes

Firefox 18 has landed: 2917 bugs patched, 21 security fixes, 12 critical.

Also with a brand-new JavaScript compiler and support for Retina displays on the groovier sorts of Mac.

How the Tumblr worm spread so quickly

How the Tumblr worm spread so fast

SophosLabs explains how today's Tumblr worm was able to spread so quickly.

Sophos Techknow - All about Java


Java brings with it some significant risks, yet for many people, it's "just there on my computer."

In this episode, Duck and Chet tell you All about Java, and help you to make an informed decision in balancing its risks and rewards at work and at home.

Vote in our poll: is Google's fine of $22.5 million enough to buy privacy?

Google fined $22.5 million for not living up to its privacy promises

Google will cough up $22.5 million for putting sneaky code into its web pages, even after agreeing that it would get "comprehensive" about privacy.

But are financial sanctions enough?

Have your say in our poll...

Facebook explains pornographic shock spam, hints at browser vulnerability


Facebook has released a statement about the fast spreading offensive messages that have been posted to many users walls. They claim there is a browser vulnerability that allowed users to paste malicious JavaScript into their web browsers and post the offensive messages.

You practice safe computing, so why do you still see malware?


Think you are a security aware computer user, but still get occasional security alerts and pop-ups? Follow these tips to help keep your Mac or PC clean as a whistle.