research

(get it in RSS or Atom)

Do we really need strong passwords?

Short password

The idea that computer users should use long, complex passwords is one of computer security's sacred cows.

But is is really necessary?

Mark Stockley investigates...

Facebook sort-of apologizes for treating users like lab rats

Facebook sort-of apologizes for treating users like lab rats

Facebook says it was "unprepared" for the ruckus stirred up around its emotional contagion research, and that there were things "it should have done differently." Does that include asking for informed consent next time?

SSCC 166.5 - Special edition from the Virus Bulletin 2014 conference [PODCAST]

chet-chat-logo-featured-250

Sophos security expert Chester Wisniewski was at the Virus Bulletin 2014 conference in Seattle.

In this special edition of the Chet Chat, Paul Ducklin puts Chet on the other side of the mic to find out more about both the technology and the ethics of anti-malware research.

Duping the machine - the cunning malware that throws off researchers

Malware. Image courtesy of Shutterstock

Traditionally, when malware detects that it is not running in a genuine victim setting, it will simply exit immediately. But there's a certain subset of malware families that are more cunning when they detect an analysis environment...

Facebook shrugs as 'emotional contagion' research outrages its users

Image of comedy tragedy masks courtesy of Shutterstock

Some users saw a dash more positive items in their feeds; some received a more grim daily dose, as the researchers cut out happy tidings. The researchers' conclusion: yes, emotional states are contagious, and no, seeing friends post happy news does not necessarily make people want to jump off ledges. The internet's reaction: how dare you manipulate emotions without informed consent?

1 in 30 have been hit by CryptoLocker and 40% pay the ransom, says study

1 in 30 are hit by CryptoLocker, and 40% pay the ransom

An annual survey on computer security issues run by a UK university was published last week. Its stats on the prevalence of ransomware, and how many people give in to the crooks and pay the ransom, raised some eyebrows.

96% of businesses are unprepared for a cyber attack

96% of firms are unprepared for a cyber attack

A new survey from Ernst & Young discovered that 96% of the 1,909 executives questioned felt that their companies were unprepared for a cyber attack, but only 23% of the companies placed security awareness in their top two priorities.

Facebook and Twitter musings give employers a peek into our real selves, research finds

Facebook and Twitter musings give employers a peek into our real selves, research finds

It seemed like common sense to employers, but research shows that yes, actually, bad-mouthing and posting about a wild partying life does work against potential job candidates.

How to avoid being one of the "73%" of WordPress sites vulnerable to attack

How to avoid being one of the 73% of WordPress sites vulnerable to attack

Researchers have concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack. But they admit they might be wrong. Even so, they still highlight an important security issue which isn't diminished one iota by their sketchiness.

PRISM: 50% of Americans approve of NSA's internet spying program

Prism

Half of Americans approve of their government's collection of telephone and internet data as part of anti-terrorism efforts even though they believe PRISM goes further than they have been told.

Small businesses beware! Point-of-sale malware is after you

shopping_lady_250

Malware targeting point-of-sale (POS) systems has been a major trend for the last six months. With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems.

Virus Bulletin's Technical Director John Hawes takes a look....

Technical paper: Exploring the history and technology of ransomware

whitepaper

A new technical paper from SophosLabs explores the history and technology of ransomware. From payment by SMS to public key encryption, ransomware has certainly evolved.

Honeypot reveals mass surveillance of BitTorrent downloaders

Silk Road reboots: for real, or just a honeypot?

Within 3 hours of downloading, the copyright enforcers likely have your IP address, according to researchers who put a fake pirate server online and then sat back to see who came sniffing around.

Are you being more private on Facebook?

LIKE

Researchers looked at 1.4 million Facebook profiles from New York City in March 2010 and then again in June 2011. Do you think anything changed in that time?

Lost your mobile? You're not alooooooone...

man talking into banana phone

I have left phones in airplanes, in cabs, at friends' houses, etc...it is embarrassing really. But it turns out I'm not the only one.

Is online privacy a right or a privilege?

A white dry erase board with red marker, with the words Target Your Customers

ENISA conducted some research to examine the economic dimension of privacy. Put simply: would you pay a bit extra for additional privacy?

Multi-word passphrases not all that secure, says Cambridge University

login screen

Think a passphrase of multiple, random dictionary words is as unguessable as long strings of gibberish, but easier to remember? Not necessarily, according to a recent study.

Sophos Security Threat Report 2012 - seeing through the hype

threat-report-2012-250

We know you're probably sceptical of "state of the world" reports from vendors. For all you can tell, they'll turn out to be thinly-digsuised advertorial, unreconstructed product brochures, or worse.

We like to do things differently. Find out how!

Hackers could throw open prison doors, research shows

prisondoorsopen250

Research presented at the Hacker Halted conference in Miami late last month showed how hackers could take control of industrial control systems used in prisons.

Android keylogging with no access to keystrokes?

typemotionsensor-square

July and August often produce some intriguing and unusual computer security research.

We've already written about BlackHat and DEFCON. Here's something from the USENIX HotSec workshop to pique your interest.