Articles by Paul Ducklin

About Paul Ducklin

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog

SSCC 189 - Hey, is that your CPU on fire? [PODCAST]

chet-chat-logo-featured-250

Join Sophos experts Chester Wisniewski and Paul Ducklin for our weekly security podcast.

Sharp, witty and educational, as usual (if we do say so ourselves)...enjoy!

"Row hammering" - how to exploit a computer by overworking its memory

By overcooking your computer's memory, you may be able cause data corruption. But can you turn that into a deliberate security exploit?

Google's Project Zero researchers say, "Yes!"

Update Tuesday wrap-up, March 2015 - FREAK fixed fast, and lots more from Microsoft

patch-tuesday-denim-250

Adobe published no bulletins for March 2015, so this one is all about Microsoft...

As easy as 123: Xen hypervisor bug found, fixed, phew...‏make sure you're patched!

Xen is often used to share one physical server amongst many different customers - and it's supposed to keep them safely apart.

Sometimes, things don't quite work out...Paul Ducklin explains.

Apple fixes FREAK in iOS, OS X and Apple TV - and numerous other holes besides

Apple's latest security fixes are out.

The FREAK bug is now fixed, but so are numerous other holes worth patching in their own right.

Fancy a cryptocoin miner with your Torrent client? "Foistware" back in the spotlight...

cpu-1-250

If product X suddenly wants you to install product Y as a "recommended extra", is that a good thing or a bad one?

In the latest brouhaha, X = torrent client and Y = cryptocoin miner...

But surely "export grade" means HIGHER quality? 60 Sec Security [VIDEO]

\

The latest episode of our weekly security news video...

...all in just 60 seconds, as usual.

Gazon - the Android virus that SMSes everyone

The Android SMS virus "Gazon" sends itself to everyone in your contact list - including your friends, your mum...

...and your customers.

Not a good look.

The FREAK bug in TLS/SSL - what you need to know

The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser's address bar.

Paul Ducklin explains in plain English...

Is this the ultimate spam fail?

house-icon-250

We're not sure whether we ought to laugh at cybercrime.

But sometimes you just have to smile at the antics of would-be cybercriminals.

Please vote for Naked Security in the 2015 Security Blogger Awards!

vote-250

Along with the RSA 2015 conference in San Francisco in April come the Security Blogger Awards.

We're shortlisted, so please vote for us!

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

\

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

Facebook Bug Bounty report for 2014: $1.3M paid out to more than 700 bug finders

Facebook just released details of how much it paid out in bug bounties for 2014.

Rewards ranged from $500 to over $50,000...

Anthem healthcare breach is smaller - and bigger - than first thought

There's good and bad news about Anthem's recent data breach.

The bad news includes the risk to between 8.8M and 18M non-customers who were in Anthem's database anyway...

SSCC 187 - The cryptography edition [PODCAST]

chet-chat-logo-featured-250

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

From the Labs: more advances in Advanced Persistent Threats

apt-scene-250

SophosLabs researcher Gabor Szappanos is back.

He presents another insightful installment in the ongoing saga of PlugX and other "malware factories" that are part of the Advanced Persistent Threat scene.

"PowerSpy" - can crooks really track you by the power your phone is using?

Can power usage alone, as your phone moves around in the mobile network, give away your location?

Sort of, say Stanford computer scientists...

How the "Great SIM Heist" could have been avoided

Apparently, intelligence services managed to penetrate the network of a major SIM card manufacturer, grab loads of SIM keys, and now we're all liable to be listened in on.

But why? What is it about SIM cards that made this possible?

What's SUPER and helps you to PHISH, sorry, FISH? 60 Sec Security [VIDEO]

\

Here's our weekly news roundup - from Superfish to Super Spectacles.

It's amusing, informative, and only takes a minute - enjoy!