Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

"The breach lasted a year. Or was it two?" [Chet Chat Podcast 213]

Join Sophos experts John Shier and Paul Ducklin for the latest episode of our security podcast.

A fun quarter-hour of "news you can use"...

5 security tips for businesses (and everyone else!)

Knight. Image courtesy of Shutterstock.

Whether you're a small business, a sole trader, or even just a home user, you want to stay safe online. Here are 5 security tips to help keep you protected.

Anatomy of a malicious email: Crooks exploiting recent Word hole

Crooks have recently been using CVE-2015-1641, a Word bug that was patched in April 2015.

We explain why you really, really want to patch!

That's "Dead PIGEON", not "Dead PARROT"! 60 Second Security

Our weekly 1-minute security video.

Forget dead's the Dead Pigeon sketch.

To encrypt or not to encrypt?


There are lots of different viewpoints about whether to encrypt or not.

Paul Ducklin helps you decide what to do...

Look! A Fraud Fighting Ferret! [Chet Chat Podcast 212]

Chester Wisniewski is back from Down Under to resume our podcast series.

From fraud-fighting ferrets to a convicted "Spam King" - enjoy!

Unsolved cipher mystery: Spaniard says he's cracked Dead Pigeon code

A pigeon skeleton from WW2 with a coded message strapped to its leg was found in England in 2012.

The challenge: unscramble the message!

Microsoft Word Intruder Revealed - inside a malware construction kit

What happens when cybercrooks take a leaf out of the Advanced Persistent Threatsters' book?

Gabor Szappanos of SophosLabs investigates...

National Crime Agency website DDoSed by Lizard Squad

NCA busts a bunch of blokes who allegedly used Lizard Squad's DDoS service.

Guess what happens next?

Google Chrome will block Flash from tomorrow...well, sort of

Adobe's Flash will face a double setback on 1 September 2015, when both Amazon and Google shift into "HTML5 is way better for ads" mode.

PayPal patches potential payment-stealing vulnerability

An XSS hole could apparently have allowed a crook to pop up a realistic PayPal "pay page" and steal the victim's card data.

Paul Ducklin takes a look...

How a crook could have taken over your Facebook pages

A Facebook bug hunter just found a hole through which crooks could take over your personal Facebook pages.

Facebook fixed it PDQ...

Should companies be held responsible for a customer data breach? [POLL]

How much of the blame should you shoulder if you could have done more to protect your network and your customers?

Have your say in our poll...

Businessman who hacked 900 phones as "revenge" is jailed

He was a vengeful former business partner who deliberately hacked right into the middle of a demo to a prestigious customer...

Ashley Madison data breach leads to extortion attempts

"Send me 1.00000001 bitcoins or I'll tell your spouse you were cheating" seems to be how it goes down...

Spotify explains its new "give us your data" policy

Spotify confused everyone with its recent privacy policy update.

CEO Daniel Ek has now said, "Sorry," and tried to explain...

What part of "Prohibited" don't you understand? 60 Second Security

Enjoy the latest episode of our weekly 1-minute video - short and sweet security!

Amazon bans Flash ads - but not for the reason you may have hoped!

Amazon has said "No" to Flash - but the aim is to improve your experience, not your security.

Nevertheless, it's a ban on Flash.

Updated privacy policies – do you check what’s changed?

A Forbes writer decided to take a careful look at the changes in the new Spotify privacy policy.

He checked, but did you?