Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

PayPal patches potential payment-stealing vulnerability

An XSS hole could apparently have allowed a crook to pop up a realistic PayPal "pay page" and steal the victim's card data.

Paul Ducklin takes a look...

How a crook could have taken over your Facebook pages

A Facebook bug hunter just found a hole through which crooks could take over your personal Facebook pages.

Facebook fixed it PDQ...

Should companies be held responsible for a customer data breach? [POLL]

How much of the blame should you shoulder if you could have done more to protect your network and your customers?

Have your say in our poll...

Businessman who hacked 900 phones as "revenge" is jailed

He was a vengeful former business partner who deliberately hacked right into the middle of a demo to a prestigious customer...

Ashley Madison data breach leads to extortion attempts

"Send me 1.00000001 bitcoins or I'll tell your spouse you were cheating" seems to be how it goes down...

Spotify explains its new "give us your data" policy

Spotify confused everyone with its recent privacy policy update.

CEO Daniel Ek has now said, "Sorry," and tried to explain...

What part of "Prohibited" don't you understand? 60 Second Security

Enjoy the latest episode of our weekly 1-minute video - short and sweet security!

Amazon bans Flash ads - but not for the reason you may have hoped!

Amazon has said "No" to Flash - but the aim is to improve your experience, not your security.

Nevertheless, it's a ban on Flash.

Updated privacy policies – do you check what’s changed?

A Forbes writer decided to take a careful look at the changes in the new Spotify privacy policy.

He checked, but did you?

Mumsnet DDoSed, SWATted, hacked - oh, and change your password, too!

Mumsnet logo

Mumsnet founder Justine Roberts has announced that an intruder managed to gain access to some parts of the administration functions on the site. Mumsnet also suffered a DDoS attack, and Roberts and another member of Mumsnet were SWATted.

Google's Android "Admin" security hole - time to patch!

"Google Admin" is an Android security app for Super Adminstrators of the Google for Work tools.

But it had a security hole...

Avoid that cyberflash - 60 Second Security

Here's our weekly 1-minute video: Android, Adobe and Apple's AirDrop all get a look in this time.

How not to be "cyberflashed" on your iPhone

After writing about "cyberflashing," we were asked to put our advice on how to avoid it in one place.

Here it is.

Apple issues updates for lots of critical holes - patch now!

Whether you believe in Mac malware or not, you still need the latest Apple patches to close off numerous critical holes.

Cyberflasher Airdrops rude images to victim’s iPhone

Apple's AirDrop sends you an image so you can decide whether you want the sender to send it to you.

What could possibly go wrong?

A virus on a *Mac*? Is NOTHING sacred? [Chet Chat Podcast 211]

The latest episode of our weekly security podcast - a quarter-hour of news with attitude! Enjoy.

Update Tuesday, Firefox's zero-day, more Android bugginess, a firmware virus for your Mac ...and a tax fraudster busted.

32 hackers and traders charged with $100m in "insider trading" using stolen press releases

According to the charges, even a document stolen just 36 minutes before its official release was enough to make $500k in "insider trades."

Another Android hole: "OCtoRuTA" - One (Java) Class to Rule Them All

Yet another large-scale vulnerability has been revealed in Android.

This one lets an otherwise innocent-looking app go rogue, and enjoy privileges normally limited to the trusted parts of Android.

Is Stagefright over yet? 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 1-minute security video - enjoy.

Firefox zero-day hole used against Windows and Linux to steal passwords

Poisoned ads have been helping to siphon off passwords from Windows and Linux computers in an attack apparently aimed at developers.