update

(get it in RSS or Atom)

SSCC 142 - Heartbleed explained, Patches assessed, Apple chastised [PODCAST]

sscc-142-250

Chet and Duck explain what you can do about the big ticket security news items of the past week.

The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.

Fancy a free upgrade from XP to Windows 8.1? Here's how...

winzero-250

Don't get too excited.

If you're one of those XP users who thinks that Microsoft should support you forever, for nothing, this isn't for you.

But there *are* free Windows licences up for grabs.

42 days to go for XP - 8 tips if you aren't going to make it

42-250

A. 42.

Q. How many days left in Windows XP?

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Microsoft Patch Tuesday - 5 bulletins, 2 critical, 1 for Mac users!

Microsoft's Patch Tuesday for March 2014, the second-to-last scheduled patch that Windows XP users are ever going to see, will fix critical holes in all versions of Windows.

OK, not quite all: Server Core installations will receive updates, but not critical ones.

Firefox 27 is out - Tuesday's second non-Patch-Tuesday update

ff27-250

Even though yesterday wasn't a Patch Tuesday, we ended up with two major browser-related updates: an unscheduled Adobe Flash patch, and an expected one: the update from Firefox 26 to Firefox 27.

Paul Ducklin takes a quick look...

Firefox 25.0.1 - the security update that wasn't?

fff-250

Firefox just pushed out a minor browser update, bumping its version number from 25.0 to 25.0.1.

Paul Ducklin saw Mozilla's advice that this was "a security and stability update", and went looking for the security fixes...

Sophos Techknow - The End of XP [PODCAST]

techknow-logo-170-of-250-at-0250x0250

Welcome to Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.

In "The End of XP", Duck and Chet investigate the what, the why and the how of dealing with the impending end of support for Windows XP in 2014.

SSCC 122 - Facebook hoax, Microsoft 0-day, Android hole and Firefox going forward [PODCAST]

sscc-122-175-250

What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.

Chet and Duck talk you through the latest news...

Firefox moves up to Version 25, fixes a bunch of memory mismanagement problems

A brief reminder for Firefox users: version 25 is out.

As usual, there are some new and tweaked features, plus a fair number of security fixes.

Paul Ducklin takes a quick look...

OS X Mavericks - optional OS upgrade or critical security fix?

mav-250

Apple's OS X 10.9, better known as Mavericks, is officially out.

The burning question for OS X fans everywhere, of course, is, "Should I or shouldn't I?"

Microsoft "failed update" phish might well sound believable - watch out!

phishhook-250

Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion.

Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates...

Apple ships OS X 10.8.5 security update - fixes "sudo" bug at last

osx-1085-250

Officially, it's a point release of OS X Mountain Lion.

But with twice as many security fixes listed as regular bug fixes and improvements, Paul Ducklin is happy calling it a "security update" instead...

Firefox 23.0 is out - fixes, features and just a tiny bit of frustration

ff-logo-250

Note to Firefox fans: 23.0 is out.

Paul Ducklin, a Firefox fan himself, looks at the many new fixes, one handy new security feature and a nagging frustration in the update...

LinkedIn unhacked, Microsoft bounties, Java in your browser - 60 Sec Security [VIDEO]

bounty-250

It's that time again - time for this week's 60 Second Security, our fun-but serious "security news with a conscience" video series.

Give it a spin...it'll only take a minute.

Get ready! Oracle to fix 40 holes in Java on Tuesday, 18 June 2013

There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.

Oracle has fixed 40 holes, all but three of them remotely exploitable.

Botnet smackdown, Oracle on Java, Passwords you can eat - 60 Sec Security [VIDEO]

2013-06-08-citadel-250

Here's our latest 60 Second Security video.

From botnet takedowns to authentication tokens you swallow...here's the latest security news in a easily digestible format!

Apple's OS X and Safari get biggish security fixes

osx-saf-250

Apple has published updates for all supported versions of OS X and for Safari version 6.

A largish number of remote code execution vulnerabilities have been patched, so these aren't just cosmetic fixes.

Apple ships jolly uninteresting iOS 6.1.4 update

ip5-250

Apple just released iOS 6.1.4 for the iPhone 5.

Apparently, it improves speakerphone calls, but it doesn't fix the lock-screen bug in iOS 6.1.3...

Adobe updates are no laughing matter, but at least XKCD makes them funny

Adobe updates are no laughing matter, but at least XKCD makes them funny

Check out this funny security-related cartoon from those amusing folks at XKCD.

(If you're not busy installing Adobe updates)