Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC 200 - If you can't trust the IRS, whom can you trust? [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest security news in our weekly podcast.

It's entertaining and educational - news you can use!

Get into Infosec Europe 2015 for free, hear great talks!

infosec-640

Get a free pass to Infosec Europe (2/3/4 June 2015) and stop by at our stand to say hello.

Attend our free talks...no paid actors, no sales pitches and no canned product demos: we're giving educational presentations that we hope will both entertain and educate.

You STILL support encryption designed to be crackable in 1995? 60 Sec Security [VIDEO]

Watch this week's "60 Second Security" - the one-minute news roundup video with attitude!

Anatomy of a LOGJAM - another TLS vulnerability, and what to do about it

We've had BEAST, Lucky Thirteen, BREACH, BEAST, POODLE, Heartbleed and FREAK...now, it's LOGJAM.

Paul Ducklin explains, and tells you what you can do about it.

SSCC 199 - Don't panic, it's not really as VENOMous as you thought [PODCAST]

Our latest weekly security podcast - the VENOM bug, iris recognition, a spyware company breach, and ID trouble at the Passport Agency.

Happy listening!

"Los Pollos Hermanos" ransomware - what will they think of next?

The latest visual meme in ransomware comes from a cult TV show...about ficticious crooks.

Paul Ducklin walks you through "PolloCrypt," more correctly known as Troj/LPoLock-A...

Please vote for Naked Security in the European Security Blogger Awards!

infosec-640

We've been nominated, Dear Readers, in two categories in the European Security Blogger Awards.

Anyone can vote...and we'd love you to vote for us: Naked Security for "Best Blog" and the Chet Chat for "Best European Podcast."

Former virus writer open-sources his DIY combination lock-picking robot

lock-1200

Back in 2005, a youngster called Samy Kamkar wrote a JavaScript virus for MySpace.

This time, he's made a DIY lock-picking robot - and you can make one too, if you like.

The phone that keeps an eye on your eyes - 60 Sec Security [VIDEO]

The latest episode of our weekly "security news in one minute" video.

Enjoy...

SSCC 198 - "Fusking"? Did I hear that correctly? [PODCAST]

A week of many patches, Lenovo in the news again, an anti-forensic tool with a misleading name, and the rudely-named "sport" of Fusking.

Listen to our latest straight-talking security podcast...

The VENOM "virtual machine escape" bug - what you need to know

snake-1200

Here's what you need to know about VENOM, the latest security vulnerability to be given a marketing-friendly name.

If you're using any virtual machines, read this to set your mind at rest...

Pizza Hut steganography - hostage embeds hidden message in pizza order

pizza-1200

How do you call 911 while doing nothing more suspicious than placing your regular pizza order?

Lenovo uses System Update to patch serious System Update security hole

Responsible disclosure and an exploitable hole closed neatly through the exploitable process itself.

Result! (But make sure you've patched.)

Surely not the "Virus DESTROYS Computer" story again? 60 Sec Security [VIDEO]

Our weekly fun-but-serious one-minute security video.

Malware hype, FTC action and some ancient history (well, the LOVE BUG)... enjoy.

The USBKILL anti-forensics tool - it doesn't do *quite* what it says on the tin

A hacker who very modestly goes by the handle Hephaest0s has just announced an "anti-forensic kill switch" dubbed, well, usbkill.

It doesn't do quite what the name might suggest, and it could cut either way, so use it with care!

Apple updates Safari on OS X, fixes critical flaws

No sooner had we reported that Microsoft will adopt a "rolling update" model for Windows 10...

...than we received notice of Apple's latest "rolling update" for its Safari browser.

Can the Rombertik malware really "destroy computers"? No, no, three times NO!

We didn't really want to get drawn into this one.

But it's hard to avoid commenting on malware that has variously been described as a "terrifying suicide bomber'" and as having a payload that "destroys computers."

Geolocation traces stolen watch right to suspect's left wrist

We often warn you to be careful about leaving geolocation features enabled on your mobile devices. Fortunately, this woman didn't listen!

Bugs in the hospital: how to pwn your own pethidine machine

Feeling short-changed by the nurse in charge of your painkiller quota? Telnet into the drug dispenser!

Paul Ducklin looks at how to avoid this sort of security hole...