Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

60ss-video-250

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

Facebook Bug Bounty report for 2014: $1.3M paid out to more than 700 bug finders

Facebook just released details of how much it paid out in bug bounties for 2014.

Rewards ranged from $500 to over $50,000...

Anthem healthcare breach is smaller - and bigger - than first thought

There's good and bad news about Anthem's recent data breach.

The bad news includes the risk to between 8.8M and 18M non-customers who were in Anthem's database anyway...

SSCC 187 - The cryptography edition [PODCAST]

chet-chat-logo-featured-250

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

From the Labs: more advances in Advanced Persistent Threats

apt-scene-250

SophosLabs researcher Gabor Szappanos is back.

He presents another insightful installment in the ongoing saga of PlugX and other "malware factories" that are part of the Advanced Persistent Threat scene.

"PowerSpy" - can crooks really track you by the power your phone is using?

Can power usage alone, as your phone moves around in the mobile network, give away your location?

Sort of, say Stanford computer scientists...

How the "Great SIM Heist" could have been avoided

Apparently, intelligence services managed to penetrate the network of a major SIM card manufacturer, grab loads of SIM keys, and now we're all liable to be listened in on.

But why? What is it about SIM cards that made this possible?

What's SUPER and helps you to PHISH, sorry, FISH? 60 Sec Security [VIDEO]

60ss-video-250

Here's our weekly news roundup - from Superfish to Super Spectacles.

It's amusing, informative, and only takes a minute - enjoy!

How to get rid of the Lenovo "Superfish" adware

Here's how to get rid of the "Superfish" adware that was pre-installed on some Lenovo notebooks.

Lenovo "Superfish" controversy - what you need to know

sf-250

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

Forget Google Glass, here's Sony's (not quite as catchy)‏ SmartEyeglass

Those aren't augmented reality spectacles.

THESE are augmented reality spectacles!

But what about the privacy and security side?

FreeBSD and the YARNBUG - more trouble at the Random Number Mill

How do you test your random number generator?

How do you determine, in an ordered way, that a sequence of numbers is entirely disordered?

With difficulty!

SSCC 186 - Just how firm is your firmware? [PODCAST]

chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast - from firmware and Firefox to Project Zero and Lightning conductors.

Chet and Duck are in fine fettle as usual...enjoy!

Firefox to get a "walled garden" for browser extensions, Mozilla to be sole arbiter

Mozilla has announced that its Firefox browser is heading towards signed browser extensions only.

Even if you publish your extensions "off market," you'll have to get Mozilla to sign them first.

Google's Project Zero backs off a bit - will now give up to 14 days' grace

zd-250

Google's controversial "zero-day dropping machine," Project Zero, which automatically outs your bugs after 90 days, will now give up to 14 day's leeway.

News flash: hacker turns Apple's Lightning connector into a jailbreak conductor

lightning-250

A French hacker says he'll soon be making modified Lightning connector cables that will give Apple iOS jailbreakers a better view inside their iDevices.

What do you mean, "Facebook is now text only"? - 60 Sec Security [VIDEO]

60ss-video-250

Here's the latest episode of our weekly one-minute security video.

Fun, fast...and educational.

Apple's "two-step" security now protects iMessage and FaceTime, too

imsg-250

Apple has quietly extended its two-step verification feature to more of its ecosystem.

If you have the "Apple two-step" turned on, then the iMessage and FaceTime services are now protected by it.

SSCC 185 - "I have a number for you: Eighty Million" [PODCAST]

chet-chat-logo-featured-250

Our weekly "Chet Chat" podcast is carefully prepared to fit into a quarter-hour, so it is clear and concise as well as being witty and amusing.

Enjoy...

The Big Data picture - just how anonymous are "anonymous" records?

anon-250

You know those "anonymous surveys" you may have filled in?

They don't tell anyone it was you.

Or do they?