responsible disclosure

(get it in RSS or Atom)

SSCC 168 - Amaze your friends by ruining all their USB drives! [PODCAST]

chet-chat-logo-featured-250

Here's the latest Chet Chat security podcast for your listening pleasure.

Sophos experts Chester Wisniewski and Paul Ducklin take apart the latest computer security stories to turn them into news you can use.

Apple fixes hole that leaked employees' and developers' personal info

Apple fixes hole that leaked employees' and developers' personal info

Apple quietly slipped its Developer Center offline on Sunday night to patch a serious security hole that let anybody access personal contact information for any registered Mac, iOS or Safari developer; every Apple Retail and corporate employee; and some key partners.

Obama leaves loophole open for NSA to exploit zero-day vulnerabilities

Obama leaves loophole open for NSA to exploit zero-day vulnerabilities

No, the US White House didn't know about Heartbleed and didn't exploit the OpenSSL bug to snoop, it said, but it's reserving the prerogative to use zero-day exploits as a wedge to pry out intelligence if it serves national security interests.

Microsoft Xbox pwned by 5-year-old security researcher

Xbox pwned by 5-year-old security researcher

He got in through a backdoor in Microsoft's smashingly popular video gaming system - as in, straight in to all the slobbering zombies and screaming violence that his parents would never have let him play with.

AT&T hacker and internet troll 'Weev' appeals 41-month prison sentence

AT&T hacker/Internet troll 'Weev' appeals 41-month prison sentence

The EFF has filed an appeal seeking to free the hacker and self-described internet troll, who exploited a hole in AT&T's publicly facing website to siphon the personal data of more than 100,000 iPad owners.

Google to pay $40,000 "consolation prize" to Pinkie Pie for not-quite breaking into Chrome OS

Renowned Chrome hacker Pinkie Pie, who scooped the prize at last year's Pwnium competition, didn't quite get across the line this year.

But Google will pay him a one-third-sized consolation prize anyway, for "honoring the spirit of the competition."

AT&T hacker "Weev" sentenced to 41 months in prison, after obtaining the email addresses of 100,000+ iPad users

AT&T hacker "Weev" sentenced to 41 months in prison

Andrew Auernheimer has been sentenced for the federal crimes of obtaining the personal data of over 100,000 iPad owners from AT&T's publicly accessible website.

Besides his prison sentence, he's facing 3 years of probation and, together with another convicted hacker, paying restitution of $73,000.

Exploit kits, the biggest threat on the web, are being fed by whitehat security researchers

Who is feeding the Blackhole exploit kit?

When security researchers make available proof of concept code to demonstrate vulnerabilities, are they actually supporting the malicious exploit kit authors?

SophosLabs expert Gabor Szappanos shows that the creators of exploit kits aren't the ones discovering the zero day vulnerabilities.

PayPal starts bounty program for security bugs

PayPal starts bounty program for security bugs

If you've found a security issue with PayPal, you could receive a monetary reward for informing the firm responsibly.

Facebook to start paying security bug bounties

Facebook to start paying security bug bounties

Facebook is the most recent company to come to the bug-bounty party, officially announcing that "to show our appreciation for our security researchers, we offer a monetary bounty for certain qualifying security bugs."

Payouts start at US$500. Tempted?