Monthly Archives: October 2010

6 year old's Happy Meal from McDonalds leads to Facebook clickjacking scam

6 year old's Happy Meal from McDonalds leads to Facebook clickjacking scam

Happy Meal horror for 6 year old? It's another Facebook scam spreading virally. Clickjacking technique helps spammers spread "Likes" to their webpages amongst innocent Facebook users.

Facebook sues CPALead CTO for alleged survey spamming

Facebook sues CPALead CTO for alleged survey spamming

Steven Richter and Jason Swan of Las Vegas, and an affiliate marketing company, MaxBounty, are accused of participating in the schemes that promised Facebook users non-existent "Dislike" buttons or "Facebook Gold" accounts, but directed them to revenue-generating surveys instead.

Apple decides Flash users need to secure themselves


ComputerWorld's Gregg Keizer is reporting that Apple has decided to stop distributing security updates for Adobe's Flash browser plugin. It took only two days for Apple to make me regret the praise I had sent their way regarding the speed Read more…

IPv6 and cybercrime - what's the story?


I've recently returned from the Australian IPv6 Summit 2010, where I was invited to give a talk about IPv6 and cybercriminality. Does switching to IPv6 have the handy side-effect of kicking the Bad Guys in the teeth?

Sophos Security Chet Chat 31

Sophos Security Chet Chat 41

The latest Chet Chat podcast is now live at To mix things up I invited Chris Simmons, our development manger for email gateway solutions to talk about the future of email filtering products. We discussed how outsourcing email filtering Read more…

In other Apple news... Java updates

Java updates from Apple

Apple today released the latest Java updates for OS X 10.5 (Leopard) and 10.6 (Snow Leopard). You may wish to save a copy of this blog for posterity as I am about to step out of character. Apple did a Read more…

Facebook users call for application "walled garden" to protect against attacks

Poll on whether Facebook should verify apps

What many folks don't realise is that Facebook is much more than a social networking website, it's a platform with over half a million active applications running upon it. Inevitably some of these third-party applications are written with malicious intent Read more…

Cyberwarfare and Stuxnet discussed on Radio 4

Stuxnet and cyberwarfare discussed

Earlier today, by the power of Skype, I appeared on a BBC Radio 4 programme discussing the internet threats faced by the UK. This episode of the "Click On" programme was timed perfectly with the unveiling of the National Security Read more…

Cyberspace a "highest priority for UK national security", in black and green..

Security Strategy

The UK's National Security Strategy has now been published and, as widely anticipated, cyberspace security gets a very high profile. In fact, the National Security Council judges that the four highest priority risks facing the country now and for the Read more…

Graham Cluley a finalist in the Computer Weekly blog awards

Vote for Cluley (and impress his boss)

Vote for Graham Cluley in the Computer Weekly blog awards. He's up for best security blog and Twitter user of the year. Go on, do it.. it'll make his boss really happy.

National Security Strategy: A windfall for computer security firms?

Theresa May

British Home Secretary Theresa May braved the comfy sofa of breakfast television this morning, to tell viewers about a new national security strategy, due to be unveiled today, discussing the threats posed to the UK. And what are the greatest Read more…

Apple iPad and iPhone infection risk?

Apple iPad and iPhone infection risk?

Major Australian media outfit Fairfax ran a story throughout the weekend warning about "Apple store infection risk". This was understandably a hot story across most of its dailies, including the Sydney Morning Herald, Melbourne Age, Brisbane Times and WA Today. Read more…

Adobe announces Reader X and Acrobat X editions

Adobe announces Reader X and Acrobat X editions

Adobe has announced the long-awaited sandboxed versions of their ubiquitous Adobe Reader and Adobe Acrobat applications, now branded as X. Brad Arkin, Adobe's Senior Director of Product Security and Privacy, first spoke with Sophos about Adobe's plans to better secure Read more…

Facebook faces new privacy problems: top apps leak your data

Facebook faces new privacy problems: top apps leak your data

October 18th's Wall Street Journal is reporting that all of the top ten applications on Facebook are breaching Facebook's privacy policy. To Facebook's credit, this time the problems are not entirely their fault, but this is yet another example of Read more…

Privacy threats to dominate security landscape in 2011?

rPrivacy threats to dominate security landscape in 2011?

At Hack in the Box, we decided to have a bit of fun. My Sophos Malaysia colleagues purchased a veritable flotilla of rubber ducks - in traditional bathtime-duck yellow - and tricked me into an autograph session. Duck signing ducks, geddit?

Stuxnet on the BBC World Service

BBC World Service

Earlier this week I appeared on "Digital Planet", a fun and friendly technology show broadcast every week on the BBC World Service and also available as a podcast. I made an appearance via Skype to discuss the Stuxnet worm, which Read more…

Hack in the Box attack - presenter threatened with arrows

Hack in the Box attack - presenter threatened with arrows

Marco Slaviero, a presenter at Hack in the Box 2010 in Kuala Lumpur, Malaysia, had a narrow escape yesterday after a number of outsized presentation arrows ganged up and threatened to attack him during his talk. Powerpoint was initially suspected.

Sophos Security Chet Chat 30 and VB 2010 roundup

Sophos Security Chet Chat 30 and VB 2010 roundup

There was a lot of security news this week as Michael Argast and I went into our Vancouver studio to record Chet Chat 30. I was on vacation at the beginning of the week, so it is a bit longer Read more…

USA, your poorly protected PCs are polluting the world with spam

Spam around the globe

Latest estimates reported in the press suggest that more than 2.2 million PCs based in the USA were hijacked by cybercriminals in the first half of 2010, and used as part of a botnet. And what's one of the principal Read more…

Hack in the Box - DNS expert swings a punch

Hack in the Box - DNS expert swings a punch

I'm currently in Kuala Lumpur, capital of Malaysia, for HITB - the 8th Hack in the Box conference.

HITB prides itself on being a "deep knowledge" security event - no commercial speeches from vendors and no way to buy a speaking slot.