Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

"Look at me" - forget fingerprints, here comes a Samsung tablet with iris recognition

US research institute SRI has inked a deal with Samsung to build a tablet with built-in iris recognition.

Samsung's S5 fingerprint reader was cracked PDQ...wonder how long your eye-prints will hold up?

Serious Security: China Internet Network Information Center in TLS certificate blunder

TLS certificates are very important.

In fact, you could say they are the cornerstone of online security, especially for e-commerce.

So we thought we'd use a story about a recent certificate security blunder to remind you why...

SSCC 191 - Live in Ljubljana [PODCAST]

Chester is on the road again, this time to present at a conference in Slovenia.

So this episode of the Chet Chat comes to you from an al fresco café in downtown Ljubljana...

Alleged StubHub cyberscalper will be extradited to the US

Vadim Polyakov, allegedly part of a cyberscalping ring that stole millions from StubHub users, has lost his battle against extradition from Spain.

"Pwn2Own" competition pops Flash, Reader and four browsers, pays out over $550K [POLL]

Pwn2Own has become something of an institution on the North American computer security conference circuit.

Come and vote in our poll to tell us what you think of security contests like this...

What's that screenshot doing on Facebook? 60 Sec Security [VIDEO]

\

Facebook, ransomware and updates to updates - all in 60 seconds!

Our weekly video for 21 March 2015...

Thought your private phone photos weren’t on Facebook? Think again…

photos-250

Facebook just fixed a privacy bug in a feature of its mobile app called "Photo Sync."

That's good news...but did you even notice that Photo Sync was on in the first place?

Apple issues update to recent OS X update

Looks like Apple's OS X security update from early March 2015 is in need of an update.

Security Update 2015-002 has now been augmented by re-issued bug fixes in 2015-003.

Google announces "two improvements" to Google Play app approval process

play-250

Google recently added actual humans to the Android app approval system...

...now there's age rating and better feedback for rejected apps as well.

Ransomware - should you pay?

payup-250

The big question, usually left unanswered in technical discussions of ransomware, is, "Should you pay?"

We help you make up your mind.

Double FREAK! A cryptographic bug that was found because of the FREAK bug

Researchers checking up on the state of FREAK patching turned up another bug as a result.

Sometimes, finding programming mistakes requires serendipitous coincidences!

SSCC 190 - The CeBIT 2015 edition [PODCAST]

sscc-5-years-250

Recorded right on the Sophos booth at the CeBIT show in Hannover, Germany.

Here's the Fifth Anniversary edition of our weekly podcast...enjoy!

"Black Box" brouhaha breaks out over brute forcing of iPhone PIN lock

A brouhaha has broken out about a "Black Box" that can brute force your iPhone PIN by trying every possible combination, from 00..00 to 99..99.

Apparently, it can even circumvent the "10 mistakes and you're finished" test. Sort of...

Google forgets one little "Yes/No" setting, leaks private WHOIS data

g-250

Even Google can make data leakage mistakes, as network security expert group Talos recently noticed.

Just one tiny little Yes/No setting that went wrong...

If you hammer your RAM, won't that break it? 60 Sec Security [VIDEO]

\

From CPUs on fire to hammered memory modules - here's our latest 60 Second Security video!

Why not give it a try...

Reboot loop! Microsoft update to fix an old update ends up breaking a new update...

O! What a tangled web we weave!

Microsoft reissued a broken update from back in October 2014...and promptly broke a new update from March 2015.

SSCC 189 - Hey, is that your CPU on fire? [PODCAST]

chet-chat-logo-featured-250

Join Sophos experts Chester Wisniewski and Paul Ducklin for our weekly security podcast.

Sharp, witty and educational, as usual (if we do say so ourselves)...enjoy!

"Row hammering" - how to exploit a computer by overworking its memory

By overcooking your computer's memory, you may be able cause data corruption. But can you turn that into a deliberate security exploit?

Google's Project Zero researchers say, "Yes!"

Update Tuesday wrap-up, March 2015 - FREAK fixed fast, and lots more from Microsoft

Adobe published no bulletins for March 2015, so this one is all about Microsoft...

As easy as 123: Xen hypervisor bug found, fixed, phew...‏make sure you're patched!

Xen is often used to share one physical server amongst many different customers - and it's supposed to keep them safely apart.

Sometimes, things don't quite work out...Paul Ducklin explains.