Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

Facebook's new CSO comes out swinging: "Death to Flash!" [POLL]

Facebook still uses Flash if you have it, even though it doesn't need to.

But if Facebook's new CSO has his way, that could end. Suddenly!

Lad who attacked Spamhaus in DDoS attack avoids prison, given a second chance

The 16-year-old arrested in 2013 with £72,000 in the bank and the smoke from a DDoS attack against Spamhaus in the air, has been sentenced.

Is that a Flash 0-day hole I see before me? 60 Sec Security [VIDEO]

Patches, hacking and keeping your head down online: our weekly 1-minute fun news video that's educational, too!

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know

os-1200

OpenSSL announced on Monday that it had a "high severity" update arriving in three days' time.

That's today, and the update is out. Paul Ducklin tells you what you need to know...

SSCC 206 - Who gave you permission to use my Wi-Fi? [PODCAST]

Listen to the latest episode of our weekly security podcast...

...a quarter-hour of news turned into educational fun!

Flash zero-day leaks out from "Hacking Team" hack, patch expected Real Soon Now

Last night we wrote about how Flash troubles come in threes, like those proverbial buses.

Stop the presses! Here comes another one!

Flash malware that gives you a free security update

Malware that patches Flash for you after it's broken in?

Sadly, it's not all about you...in fact, it's not about you at all.

Poisoning Google search results and getting away with it

SophosLabs researchers recently uncovered a hack being used by unscrupulous web marketers to trick Google's page ranking system.

Search engines can have their moments of gullibility, too!

Amazon releases low-cholesterol Heartbleed medicine called 's2n'

Remember the Heartbleed bug in OpenSSL?

Here's Amazon's open-source effort to expand our choice of cryptographic sauce...

"Something stolen, something new" - 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 1-minute security video.

Fun with a serious side...enjoy!

Shop in the Sophos Store - and say thanks to your very own IT rock star!

In the past month, we've published a number of videos and pictures that just happen to show people wearing some very cool T-shirts.

We keep getting asked, "Where do I get one?" Here's how!

SSCC 205 - Update early, update often! [PODCAST]

chet-chat-logo-fb-842

Join Sophos experts John Shier and Paul Ducklin for the latest episode of our weekly security podcast, the Chet Chat.

News you can use...enjoy!

Apple lets rip with update spate: OS X, iOS, Safari, iTunes, QuickTime

Apple just opened the stopcocks and released a Hoover Dam's worth of security-related updates.

Yes, there are numerous new features and products in there too, but it's the security fixes that make a compelling reason to update.

Dodgy app company that mined Dogecoins behind your back receives FTC penalty

The app was called "Prized," but it was the app vendor that took the prizes by co-opting your phone into a cryptocurrency mining botnet.

Latest Flash hole already exploited to deliver ransomware - update now!

Are you still using Flash in your browser?

If so, make sure you've got the latest update from Adobe, even though it only came out last week.

Siri "9/11 conspiracy theory" joke is no laughing matter, say police

With 9/11 and 911 having the same sequence of digits, you don't have to waste police time by seeing what Siri does when you say "9/11."

Encrypt like everyone's watching! 60 Sec Security [VIDEO]

There's a Sophos T-shirt that warns you, "Dance like nobody's watching. Encrypt like everyone is."

We aren't kidding, folks, and this week's 60 Second Security tells you why!

Serious Security: Understanding the 'P' in 'VPN'

VPN stands for Virtual Private Network. But that doesn't necessarily mean "private" as in privacy.

Paul Ducklin helps you understand the various levels of 'P' in 'VPN.'

Samsung updates back in the news - for breaking Windows updates

Samsung logo

A 22-year-old Microsoft MVP has hit the media spotlight with a blog article about Samsung updates - and it's not good news for Samsung!

SSCC 204 - You want an extension to your extension for Windows XP? [PODCAST]

Here's the latest episode of our weekly security podcast, the award-winning Chet Chat.

Enjoy!