Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC 196 - From Wi-Fi bugs to carder busts [PODCAST]

From bugs to busts, here's the latest episode of our weekly security news podcast - for your listening pleasure.

Ryanair finds fraudulent transaction - for $5M!

Ryanair, the budget airline that operates out of Dublin, Ireland, suffered an unauthorised bank transfer.

To the tune of $5,000,000.

Apple bans watch apps from Apple Watch

Check out Clause 10.7 in the App Store guidelines. No watch apps allowed for the Apple Watch!

But, truth be told, you didn't buy it to tell the time, did you?

PS. T-shirt prizes up for grabs inside.

The "Dirty Dozen" SPAMPIONSHIP: Who needs to kill the most zombies?

Here it is: the latest "Dirty Dozen".

Our SPAMPIONSHIP tables detail the globe's most dastardly distributors of delinquent data during the first quarter of 2015.

Fee-fi-fo-fum, do I want Google to sniff my network traffic, all of it?

Google's getting a lot of publicity for "Project Fi," which will let you roam between 3G/LTE and Wi-Fi.

Back through Google, of course...

RSA Conference 2015 in retrospect

We talk to Grey Howe, winner of Sophos's "trip to RSA" competition on Spiceworks, about the funkiest and weirdest ideas from the talks...

That's SHUTTING down your PC, not SHOOTING it down! 60 Sec Security [VIDEO]

Ever felt like shooting your PC? This guy did it! (And more news in our weekly one-minute security video.)

Wi-Fi security software chokes on network names, opens potential hole for hackers

wifi-250

The Wi-Fi security software "wpa_supplicant," found in Android amongst many other places, has a potentially hackable security hole...

SSCC 195.5 - Did Google really say, "No more Android malware?" [PODCAST]

From "joined up security" to the suggestion that Google proclaimed the end of malware on Android, find out what's happening at RSA 2015!

Costa Coffee Club warns of possible database intrusion

Coffee chain Costa's just sent out a warning about a possible data breach.

Only 1 in 5000 accounts were affected, but the Coffee Club is offline for now. A bulk password reset will follow...

SSCC 195 - Let's talk security (over HTTPS, of course) [PODCAST]

This week, Chester is at the RSA Conference 2015.

Get a feel for the conference vibe, hear about this year's themes, and, of course, catch up on the latest security news...

D-Link router user? Keep your ears and eyes open for the next firmware fixes!

A critical bug that leaves various D-Link routers wide open has apparently been patched...

...except that the patches need patches.

Watch out!

Notes from SophosLabs: Dyreza, the malware that discriminates against old computers

In another article in our occasional series "Notes from SophosLabs", we look at the (anti-)(anti-)anti-virus arms race.

In an effort to evade automated analysis, here's malware that deliberately avoids old-looking computers.

If the "Deep Web" becomes searchable, is it still deep? 60 Sec Security [VIDEO]

Watch the latest episode of our only-takes-a-minute security roundup video!

This week: From old crypto bugs to the latest Windows security holes...

SSCC 194 - Patch early? Patch often? This time, "Patch NOW!" [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for the latest episode of our weekly security podcast.

From the very latest Update Tuesday to how we get rid of 10-year-old security holes, here's the security news you can use.

Google fixes potential revenue-stealing "comment cloning" YouTube bug

Two Egyptian security researchers figured out how to clone other people's YouTube comments.

You could "borrow" approvals and positive reviews so that they appeared to promote your videos, too.

Could a hacker *really* bring down a plane from a mobile phone in seat 12C?

A recent document about Air Traffic Control from the US Government Accountability Office has caused quite a stir.

Could a passenger get the plane to do a barrel roll without even turning off the in-flight movie?

Get into RSA 2015 for free, hear eye-opening talks!

The annual RSA Conference in San Francisco is next week, starting on Monday 20 April 2015.

Get a free expo pass on us...

Update Tuesday, April 2015 - Urgent action needed over Microsoft HTTP bug

We don't usually focus on one vulnerability and say, "Do that first." But this month, we're willing to make an exception.

The Microsoft HTTP stack has a bug that could let attackers straight in with a simple HTTP request...

Interpol announces successful takedown of "Simda" botnet

Interpol just announced a botnet takedown that has neutralised the operation of the "Simda" malware. For now, anyway.

Paul Ducklin takes a look...