Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC 210.5 - Live at BlackHat USA 2015 [PODCAST]

live-at-bh2015-448

We went to Vegas so you didn't have to...

Paul Ducklin catches up with Chester Wisniewski on the Sophos booth at Black Hat USA 2015.

SSCC 210 - So many cool new Windows 10 features to opt out of! [PODCAST]

Enjoy the latest episode of our award-winning weekly security podcast - a quarter-hour of entertaining education.

Interested in Mac viruses? Here's Thunderstrike 2, a.k.a. the "firmworm"

When one door closes, another one opens.

Thunderstrike, the Mac firmware hole from early in 2015, is back for its sequel, Thunderstrike 2.

Black Hat 2015 - get your FREE SOCKS :-)

We don't mean to be crassly commercial - and we aren't - but if you're attending Black Hat 2015, be sure to check out our socks.

Blue Screen of Death socks...for real!

Windows 10 spreads the love with updates on the side

"Windows Update Delivery Optimization" works P2P-style to speed up updates.

But it could cost you money - and it's opt-out, so be aware!

Mt. Gox founder Mark Karpeles arrested - but not over missing Bitcoinage

Mt. Gox founder Mark Karpeles has always denied any wrongdoing in the implosion of his Bitcoin exchange.

But he's just been arrested anyway, apparently for overstating his financial situation by US$1,000,000 almost a year before the bankruptcy..

60 Sec Security - Atari, Minitel, VAX, ZX Spectrum...and Jimmy Connors! [VIDEO]

The latest episode of our funny-but-serious 1-minute weekly video.

Enjoy.

Beer and Tequila forever! #SophosRetroWeek looks at old-school malware...

Join us on a visit to the past, when malware was...well, different!

COMPUTER RULES, LAST UPDATED 31 JULY 1988

It's #SophosRetroWeek - so take a trip with us down IT memory lane as we say "Thanks, IT, and Happy Sysadmin Day."

SSCC 209 - Can encryption be too good? [PODCAST]

Here's the latest episode of our weekly podcast that turns security news into useful advice...

Zero days! First official Windows 10 patches arrive...

Given its "rolling update" model, you might have been wondering how long after launch the first Windows 10 updates would take to arrive.

The answer? Zero days. (No hyphen.)

Xen fixes another "virtual machine escape" bug

xen-480

Last time it was the floppy disk drive that let crooks squeeze out of jail - this time, the virtual CD-ROM is their springboard...

Malware on Linux - When Penguins Attack

If you really want to fan the flames of controversy, ask the question, "What about malware on Linux?"

We asked...here's what we found out.

The "Stagefright" hole in Android - what you need to know

Android. Image courtesy of Bloomua / Shutterstock.

Here's what you can do to deal with the much-talked-up "Stagefright" messaging vulnerability on Android

Dark web drug dealer pleads guilty, gets 2 years to ponder "anonymity"

He was an online dealer who made use of the so-called Dark Web, shielded by the apparent anonymity of Tor, or The Onion Router.

He's not anonymous any more.

You'll have to stop stealing jokes on Twitter now

Horse. Image courtesy of Shutterstock.

Ripping off other people's stuff, even jokes, is no laughing matter!

How (not) to pay yourself a $14m bonus - 60 Sec Security [VIDEO]

Our weekly 1-minute security video...news with some fun in it!

SSCC 208 - (Cyber)crime and Punishment [PODCAST]

Join us for the weekly Chet Chat!

In this episode: Cybercrime (and punishment), crimeware, the Angler exploit kit, and how the Fourth Amendment applies to social networks.

OpenSSH password guessing attacks may be 10,000 times easier than you thought

An interesting problem with OpenSSH has been publicised on the Full Disclosure mailing list.

Facebook can't say 'No' to New York, says New York

Facebook can't "plead the Fourth Amendment" on your behalf, says a New York appeals court - you have to do it yourself.