Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

The "JASBUG" Windows vulnerability - beyond the hype, what you need to know

jasbug-500

Struggling to understand the JASBUG flaw fixed by Microsoft in this month's Update Tuesday?

Paul Ducklin explains it clearly, with minimal jargon.

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

patch-tuesday-denim-250

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

It's Safer Internet Day - and we'd love you to join in!

Today is #SID2015, the 12th Safer Internet Day.

We'd love you to join in - here's why, and how!

3 questions you should be asking on Safer Internet Day

3-questions-250

Keeping safe online is a journey, not a destination.

So, instead of telling you what to do on Safer Internet Day, we're going to arm you with 3 simple questions you can ask yourself whenever you want to try something new...

"Facebook porn Trojan" - here's how NOT to get caught

ffvid-250

You receive a Facebook posting that offers you something saucy, you click through to the website...

...and guess what happens next?

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

60ss-video-250

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

More iCloud phishing: don't get sucked in

It's easy to justify checking out spams and scams, on the "better safe than sorry" principle.

Don't do it!

You just end up one click closer to catastrophe.

Want to be a safer surfer? Join our Twitter Chat on Safer Internet Day!

Join us for a Twitter Chat on Tuesday, 10 February 2015 at 3pm EST.

There's no sign-up process, and you don't even have to have a Twitter account.

All you need is a web browser...

SSCC 184 - What's the lifespan of a GHOST? [PODCAST]

chet-chat-logo-featured-250

Our weekly security podcast - the latest news in 15 minutes, entertaining *and* educational.

Enjoy!

Internet Explorer has a Cross Site Scripting zero-day bug

ie11-250

Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.

New-style ransomware locks out your customers - demands money to let them log back in

key-250

The crooks took a low-key, annoyingly simple, and hard-to-spot approach.

Change usernames like JIMMY to FKOVWH3Z7LUV, but hide the changes...for a while, anyway.

"Exploit This": Evaluating the exploit skills of malware groups

exploit-this-paper-250

SophosLabs researcher Gabor Szappanos compares APT actors and cybercrooks.

A comparative review of malware writers!

A fascinating study, well worth a read...

News Flash! 3rd time unlucky! New 0-day hits Adobe's browser plug-in...

Ready to kiss goodbye to Flash in your browser yet?

Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday...

Hackers breach password database at Atlassian's "HipChat" collaboration service

Hip software company Atlassian has had the hackers in.

It sounds as though the outcome won't be too bad, but it does remind you: choose a better password than everyone else!

The GHOST in the machine - 60 Sec Security [VIDEO]

60ss-video-250

Here's our weekly one-minute security video.

Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy...

Does size matter? It does if you're French...and a chess-loving hacker!

1k-250

It's Chess, Captain, but not as we know it!

A French programmer has broken a record that's stood for more than 30 years: the smallest chess program in the world.

Sort of...

The GHOST vulnerability - what you need to know

ghost-250

The funkily-named bug of the week is GHOST.

Here's how it got its name, why there's a problem, and what you can do about it...

SSCC 183 - It's Data Privacy Day! Do something! [PODCAST]

chet-chat-logo-featured-250

From Apple's latest OS X and iOS updates to Data Privacy Day - listen, learn and enjoy!

Bughunter cracks "absolute privacy" Blackphone - by sending it a text message

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted.

In the text messaging software on the "absolute privacy" Blackphone...

The "Dirty Dozen" SPAMPIONSHIP: Who's the biggest? Who's the worst?

We take our quarterly dive into the SophosLabs spamtrap logs to find out who sends the most spam.

Six countries made it onto our "worst per person" chart for the first time in a year...find out if you were one of them.