Security threats

(get it in RSS or Atom)

SSCC 187 - The cryptography edition [PODCAST]

by Paul Ducklin on February 26, 2015 | Leave a comment
chet-chat-logo-featured-250

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

by Lisa Vaas on February 26, 2015 | 2 Comments
Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.

Not just celebrity nude photos, Reddit bans all "involuntary porn"

by Lisa Vaas on February 26, 2015 | Leave a comment
Reddit bans "Involuntary Porn": Sexual material's not OK without an OK

Reddit blew it with The Fappening, but a new privacy policy enables even us nobodies to request image removal.

$3m reward offered for alleged Gameover Zeus kingpin

by Lee Munson on February 25, 2015 | 2 Comments
Evgeniy Mikhailovich Bogachev

The US State Department has offered a $3m reward for the arrest or conviction of alleged Gameover Zeus admin Evgeniy Mikhailovich Bogachev.

From the Labs: more advances in Advanced Persistent Threats

by Paul Ducklin on February 25, 2015 | Leave a comment
apt-scene-250

SophosLabs researcher Gabor Szappanos is back.

He presents another insightful installment in the ongoing saga of PlugX and other "malware factories" that are part of the Advanced Persistent Threat scene.

LinkedIn settles class action suit over 2012 unsalted password leak

by Lisa Vaas on February 25, 2015 | Leave a comment
LinkedIn settles class action suit over 2012 unsalted password leak

LinkedIn is privately settling the 2012 unsalted password leak. Were you one of the 800,000 affected users? Here's what you need to know.

Burning Man festival to cancel tickets of cheaters who used website hacks

by John Zorabedian on February 24, 2015 | 3 Comments
Image of Burning Man effigy courtesy of John Chandler/Flickr - Creative Commons license

Burning Man says it will cancel festival tickets purchased by approximately 200 individuals who managed to use a flaw in the ticketing website to jump ahead of the line.

How the "Great SIM Heist" could have been avoided

by Paul Ducklin on February 23, 2015 | 19 Comments

Apparently, intelligence services managed to penetrate the network of a major SIM card manufacturer, grab loads of SIM keys, and now we're all liable to be listened in on.

But why? What is it about SIM cards that made this possible?

What's SUPER and helps you to PHISH, sorry, FISH? 60 Sec Security [VIDEO]

by Paul Ducklin on February 21, 2015 | Leave a comment
60ss-video-250

Here's our weekly news roundup - from Superfish to Super Spectacles.

It's amusing, informative, and only takes a minute - enjoy!

Co-creator of Blackshades malware used to spy on Miss Teen USA pleads guilty

by Lee Munson on February 20, 2015 | Leave a comment
Blackshades malware co-creator pleads guilty, facing 10 years in jail

Alex Yücel has pleaded guilty to his involvement with the $40 program designed to secretly remotely control victims' computers.

How to get rid of the Lenovo "Superfish" adware

by Paul Ducklin on February 20, 2015 | 8 Comments

Here's how to get rid of the "Superfish" adware that was pre-installed on some Lenovo notebooks.

Lenovo "Superfish" controversy - what you need to know

by Paul Ducklin on February 20, 2015 | 13 Comments
sf-250

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

The Dark Web: anarchy, law, freedom and anonymity

by Mark Stockley on February 20, 2015 | 7 Comments
Law on the frontier

Any notion that the Dark Web will be allowed to flourish as a vast, lawless space without a serious challenge is fantasy. The question is, what balance of surveillance and darkness are we prepared to tolerate on the web?

Revenge-porn king Hunter Moore pleads guilty to identity theft, hacking

by Lisa Vaas on February 20, 2015 | 2 Comments
Revenge-porn king Hunter Moore pleads guilty to identity theft, hacking

Congratulations to the hundreds of victims and to Charlotte Laws: the extremely tenacious mother of one victim who wouldn't back down.

Hackers force closure of Canadian Bitcoin exchange Cavirtex

by Lee Munson on February 19, 2015 | 4 Comments
Broken Bitcoin. Image courtesy of Shutterstock.

Canada's largest Bitcoin exchange - Cavirtex - has announced its closure, saying the latest in a string of hacking attacks may have left hashed passwords and 2FA "secrets" compromised.

FreeBSD and the YARNBUG - more trouble at the Random Number Mill

by Paul Ducklin on February 19, 2015 | 15 Comments

How do you test your random number generator?

How do you determine, in an ordered way, that a sequence of numbers is entirely disordered?

With difficulty!

Twitter's new tool should stop password sharing and help fend off hijackings

by Lisa Vaas on February 19, 2015 | Leave a comment
Twitter. Image courtesy of Shutterstock / Twin Design.

The new tool, TweetDeck Teams, lets users share Twitter accounts without having to share passwords.

SSCC 186 - Just how firm is your firmware? [PODCAST]

by Paul Ducklin on February 18, 2015 | 2 Comments
chet-chat-logo-featured-250

Here's the latest episode of our weekly security podcast - from firmware and Firefox to Project Zero and Lightning conductors.

Chet and Duck are in fine fettle as usual...enjoy!

Get ready for the internet-enabled, speech recognising, joke-telling Barbie

by Lisa Vaas on February 18, 2015 | 3 Comments
Hello Barbie

An internet-enabled toy that talks to your kids: what could possibly go wrong?!

Lizard Squad returns, claims attack on Xbox Live and Daybreak Games

by Lee Munson on February 17, 2015 | 1 Comment
Lizard. Image courtesy of Shutterstock.

Hacking group Lizard Squad has returned, apparently disrupting Microsoft's Xbox Live service and Daybreak Games with DDoS attacks.