Vulnerability

(get it in RSS or Atom)

SSCC 191 - Live in Ljubljana [PODCAST]

Chester is on the road again, this time to present at a conference in Slovenia.

So this episode of the Chet Chat comes to you from an al fresco café in downtown Ljubljana...

"Pwn2Own" competition pops Flash, Reader and four browsers, pays out over $550K [POLL]

Pwn2Own has become something of an institution on the North American computer security conference circuit.

Come and vote in our poll to tell us what you think of security contests like this...

What's that screenshot doing on Facebook? 60 Sec Security [VIDEO]

\

Facebook, ransomware and updates to updates - all in 60 seconds!

Our weekly video for 21 March 2015...

Double FREAK! A cryptographic bug that was found because of the FREAK bug

Researchers checking up on the state of FREAK patching turned up another bug as a result.

Sometimes, finding programming mistakes requires serendipitous coincidences!

SSCC 190 - The CeBIT 2015 edition [PODCAST]

sscc-5-years-250

Recorded right on the Sophos booth at the CeBIT show in Hannover, Germany.

Here's the Fifth Anniversary edition of our weekly podcast...enjoy!

"Black Box" brouhaha breaks out over brute forcing of iPhone PIN lock

A brouhaha has broken out about a "Black Box" that can brute force your iPhone PIN by trying every possible combination, from 00..00 to 99..99.

Apparently, it can even circumvent the "10 mistakes and you're finished" test. Sort of...

Monday review - the hot 23 stories of the week

dow-250

Here they are: the hot computer security stories of the past week, neatly laid out for you to review.

If you hammer your RAM, won't that break it? 60 Sec Security [VIDEO]

\

From CPUs on fire to hammered memory modules - here's our latest 60 Second Security video!

Why not give it a try...

Reboot loop! Microsoft update to fix an old update ends up breaking a new update...

O! What a tangled web we weave!

Microsoft reissued a broken update from back in October 2014...and promptly broke a new update from March 2015.

SSCC 189 - Hey, is that your CPU on fire? [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for our weekly security podcast.

Sharp, witty and educational, as usual (if we do say so ourselves)...enjoy!

"Row hammering" - how to exploit a computer by overworking its memory

By overcooking your computer's memory, you may be able cause data corruption. But can you turn that into a deliberate security exploit?

Google's Project Zero researchers say, "Yes!"

Update Tuesday wrap-up, March 2015 - FREAK fixed fast, and lots more from Microsoft

Adobe published no bulletins for March 2015, so this one is all about Microsoft...

As easy as 123: Xen hypervisor bug found, fixed, phew...‏make sure you're patched!

Xen is often used to share one physical server amongst many different customers - and it's supposed to keep them safely apart.

Sometimes, things don't quite work out...Paul Ducklin explains.

Apple fixes FREAK in iOS, OS X and Apple TV - and numerous other holes besides

Apple's latest security fixes are out.

The FREAK bug is now fixed, but so are numerous other holes worth patching in their own right.

Monday review - the hot 25 stories of the week

Monday review

Catch up with the hot stories of the past week...

...and why not try out our weekly podcast and watch our 60-second video while you're about it?

D-Link patches critical router flaws, says more fixes to come

D-Link logo

D-Link has taken action over three serious vulnerabilities discovered in several of its home routers, and it's promising more fixes next week.

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

\

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

Facebook Bug Bounty report for 2014: $1.3M paid out to more than 700 bug finders

Facebook just released details of how much it paid out in bug bounties for 2014.

Rewards ranged from $500 to over $50,000...

SSCC 187 - The cryptography edition [PODCAST]

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

Google turns Pwnium into an all-year, unlimited-rewards bug-hunting contest

Bug. Image courtesy of Shutterstock.

Google's new thinking around bug hunting: get it to us ASAP, from wherever you are.