Technologies

(get it in RSS or Atom)

Update Tuesday wrap-up, February 2015 - don't let JASBUG distract you

by Paul Ducklin on February 11, 2015 | 1 Comment
patch-tuesday-denim-250

Be careful!

The JASBUG vulnerability in Windows is grabbing the headlines, but there are other bugs this month that could hit you harder.

Paul Ducklin explains...

The end of the Silk Road for Dread Pirate Roberts - 60 Sec Security [VIDEO]

by Paul Ducklin on February 7, 2015 | Leave a comment
60ss-video-250

Here's our weekly "60 Second Security" video.

Enjoy a fresh and entertaining take on the latest security news in just one minute...

SSCC 184 - What's the lifespan of a GHOST? [PODCAST]

by Paul Ducklin on February 5, 2015 | 4 Comments
chet-chat-logo-featured-250

Our weekly security podcast - the latest news in 15 minutes, entertaining *and* educational.

Enjoy!

Internet Explorer has a Cross Site Scripting zero-day bug

by Paul Ducklin on February 4, 2015 | Leave a comment
ie11-250

Another day, another zero-day.

This time, it's Internet Explorer that is attracting the sort of publicity a browser doesn't want, with the public disclosure of an XSS bug.

News Flash! 3rd time unlucky! New 0-day hits Adobe's browser plug-in...

by Paul Ducklin on February 3, 2015 | 29 Comments

Ready to kiss goodbye to Flash in your browser yet?

Here's the 3rd zero-day in Flash since Adobe's last Patch Tuesday...

Google redesigns security warnings after 70% of Chrome users ignore them

by Lisa Vaas on February 3, 2015 | 27 Comments
Google redesigns security warnings after 70% of Chrome users ignore them

You can strip jargon, but in the end, the warnings that work best are those with visual throb: pick the right colors and hide the wrong choices!

Anatomy of a browser dilemma - how HSTS 'supercookies' make you choose between privacy or security

by Mark Stockley on February 2, 2015 | 9 Comments
biscuit-250

HTTP Strict Transport Security (HSTS) is supposed to keep you more secure online, but it could be used to track you against your will.

Mark Stockley explains...

The GHOST in the machine - 60 Sec Security [VIDEO]

by Paul Ducklin on January 31, 2015 | 6 Comments
60ss-video-250

Here's our weekly one-minute security video.

Sending spam, cracking the Blackphone and the GHOST in the machine. Enjoy...

WhatsApp Web has privacy holes that could expose user photos

by John Zorabedian on January 30, 2015 | 5 Comments
whatsapp-250

WhatsApp has just rolled out a new service called WhatsApp Web that allows users to sync the messaging app between their mobile devices and desktop, but the new web client has a couple of privacy pitfalls that indicate it's not really ready for its close-up.

The GHOST vulnerability - what you need to know

by Paul Ducklin on January 29, 2015 | 8 Comments
ghost-250

The funkily-named bug of the week is GHOST.

Here's how it got its name, why there's a problem, and what you can do about it...

Hotels that block personal Wi-Fi hotspots will get busted, says FCC

by Lisa Vaas on January 29, 2015 | 7 Comments
Hotels that block personal Wi-Fi hotspots will get busted, says FCC

So ends Marriott's campaign to block guests' hotspots and force guests to pay for its own Wi-Fi, even though they don't threaten security.

SSCC 183 - It's Data Privacy Day! Do something! [PODCAST]

by Paul Ducklin on January 28, 2015 | 2 Comments
chet-chat-logo-featured-250

From Apple's latest OS X and iOS updates to Data Privacy Day - listen, learn and enjoy!

Apple fixes Thunderstrike and 3 Project Zero bugs in OS X 10.10.2 Yosemite

by Mark Stockley on January 27, 2015 | 3 Comments
Yosemite

The latest OS X beta, version 10.10.2, is in the hands of developers and hints that users will soon be getting fixes for the devilish Thunderstrike vulnerability and 3 Project Zero bugs.

Google asked to muzzle Waze 'police-stalking' app

by Lisa Vaas on January 27, 2015 | 20 Comments
Police alert on Waze

US police are typically the ones to surveil, not the other way around, as Google's crowd-sourced, police-mapping traffic app is doing. Now sheriffs are asking Google to pull the plug on it.

Adobe gets second Flash zero-day patch ready 2 days early!

by Paul Ducklin on January 24, 2015 | 17 Comments

Good news from Adobe about CVE-2015-0311, the unpatched zero-day in Flash.

The patch is now ready via auto-update - 2 days early!

SCADA programmers? It's time for security by default! 60 Sec Security [VIDEO]

by Paul Ducklin on January 24, 2015 | Leave a comment

Here's the latest episode of our weekly 60-second security video.

Enjoy the news in just one minute...

How the Obamacare website healthcare.gov leaks private data

by Mark Stockley on January 23, 2015 | 10 Comments
mouse-stethoscope-250

HealthCare.gov, the US insurance exchange website that is a central component of Obamacare (the Affordable Care Act), is sending personal information on users to third parties including Facebook, Google, and web analytics companies.

Adobe issues emergency fix for Flash zero-day

by Paul Ducklin on January 23, 2015 | 9 Comments

Crooks are reportedly using a new Flash vulnerability called CVE-2015-0310.

Adobe has a fix already, so grab it while it's hot!

Whisper editor's out the door after scandal, internal investigation

by Lisa Vaas on January 22, 2015 | Leave a comment
Whisper editor's out the door after scandal, internal investigation

The internal investigation into the secret-sharing app's use and/or abuse of users' data didn't find any wrongdoing, but plenty of questions are still unanswered.

WhatsApp issues 24 hour ban for WhatsApp Plus users

by Anna Brading on January 21, 2015 | 27 Comments
Whatsapp ban

WhatsApp has started giving out day-long bans to those using a third party Android app to send and receive messages through its service.