Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC 194 - Patch early? Patch often? This time, "Patch NOW!" [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast.

From the very latest Update Tuesday to how we get rid of 10-year-old security holes, here's the security news you can use.

Google fixes potential revenue-stealing "comment cloning" YouTube bug

Two Egyptian security researchers figured out how to clone other people's YouTube comments.

You could "borrow" approvals and positive reviews so that they appeared to promote your videos, too.

Could a hacker *really* bring down a plane from a mobile phone in seat 12C?

A recent document about Air Traffic Control from the US Government Accountability Office has caused quite a stir.

Could a passenger get the plane to do a barrel roll without even turning off the in-flight movie?

Get into RSA 2015 for free, hear eye-opening talks!

The annual RSA Conference in San Francisco is next week, starting on Monday 20 April 2015.

Get a free expo pass on us...

Update Tuesday, April 2015 - Urgent action needed over Microsoft HTTP bug

We don't usually focus on one vulnerability and say, "Do that first." But this month, we're willing to make an exception.

The Microsoft HTTP stack has a bug that could let attackers straight in with a simple HTTP request...

Interpol announces successful takedown of "Simda" botnet

Interpol just announced a botnet takedown that has neutralised the operation of the "Simda" malware. For now, anyway.

Paul Ducklin takes a look...

TLS certificate blunder revisited - whither China Internet Network Information Center?

cnnic-250

Just under three weeks ago, we wrote about a TLS certificate blunder by a Root Certificate Authority called CNNIC.

We thought we'd revisit that story today to see how the Big Four browser makers responded to the lapse...

We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!

Belkin is the latest router vendor to be found relying on "non-secret secrets."

Paul Ducklin looks at the router equivalent of locking the key to the company safe in the top drawer of your desk...

What a lot of patches! 60 Sec Security [VIDEO]

Watch the latest episode of our weekly fun-but-serious security news video.

It only takes a minute!

The mobile "security gap" - Pinterest and Yammer the latest gappy apps

Pinterest and Yammer are the latest official mobile apps that didn't do HTTPS correctly, leaving users at risk of imposters and phishing.

Linux Australia gets pwned, rooted, RATted and botted

Linux Australia had a bit of a nightmare Easter Weekend.

While the rest of us were loafing at the beach, the Penguinistas from Down Under were owning up to a pretty extensive cyberintrusion.

Apple fixes loads of security holes in OS X, iOS, Apple TV, Safari

OS X gets a brand new photo application called, er, Photos, but the security fixes are the real reason you want these updates.

SSCC 193 - Pick a YouTube security token, any token! [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest computer security stories in their inimitable style.

Turn news into advice with the Sophos Security Chet Chat!

Firefox issues brand new update to fix HTTPS security hole in new update

ff-hhtp2-500

Firefox 37.0 added support for a security-enhancing feature in HTTP/2 known as Alternative Services.

Unfortunately, the new feature had a rather bad HTTPS security hole all of its own...

Has Uber scored an executive touchdown? 60 Sec Security [VIDEO]

Watch the latest episode of our weekly "news in one minute" security video...

April Fools! The day's weirdest spams revealed...

Today, we just couldn't resist sifting through our Spam Stash.

Here's some comment spam from Naked Security that we thought would amuse you...

SSCC 192 - What's that passport number DOING IN AN EMAIL? [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest news in our weekly computer security podcast.

From the G20 leaders' "passport leak" to World Backup Day, we turn news into useful advice!

NSA faces security scare, this time physical: 1 killed, 2 injured in HQ incident

Security breaches at the US National Security Agency typically get a lot of publicity.

This one is no exception, but it's not a network intrusion or a data leak...

Hotel Wi-Fi router security hole: will this be the Ultimate Pwnie Award Winning Bug for 2015?

If you were a cracker, and you could write your own specifications for a remote unauthenticated read/write hole...

...this is probably what you'd ask for.

"Probably tired and shagged out after a long squawk" - 60 Sec Security [VIDEO]

\

Our weekly witty-but-serious video - news you can use, and it only takes a minute.

Enjoy...