Black Hat

(get it in RSS or Atom)

A virus on a *Mac*? Is NOTHING sacred? [Chet Chat Podcast 211]

The latest episode of our weekly security podcast - a quarter-hour of news with attitude! Enjoy.

Update Tuesday, Firefox's zero-day, more Android bugginess, a firmware virus for your Mac ...and a tax fraudster busted.

Stagefrightened Google, Samsung to push out monthly Android fixes

The aptly named Stagefright vulnerability scared them into action. Let's hope that fear shakes up all the vendors and carriers so the fixes get to us ASAP.

SSCC 210 - So many cool new Windows 10 features to opt out of! [PODCAST]

Enjoy the latest episode of our award-winning weekly security podcast - a quarter-hour of entertaining education.

Black Hat 2015 - get your FREE SOCKS :-)

We don't mean to be crassly commercial - and we aren't - but if you're attending Black Hat 2015, be sure to check out our socks.

Blue Screen of Death socks...for real!

How (not) to pay yourself a $14m bonus - 60 Sec Security [VIDEO]

Our weekly 1-minute security with some fun in it!

What's keeping security experts awake at night?

What's keeping you awake at night? Gartner polls top-level security experts

Enterprises will pour more than $71 billion into infosec this year but are still getting clobbered by Sony-esque level breaches. Why? They're not focusing on the real threats.

SSCC 160 - That's not just any old malware - that's a TRUE VIRUS! [PODCAST]

Ready for listening...

Here's this week's Sophos Security Chet Chat podcast.

Pwnie Awards for Heartbleed, "goto fail", Mt. Gox

Pwnie Awards

The golden My Little Pony statuettes have been passed out at the Black Hat Security 2014 conference, commemorating select infosec glories and groans. Best song: the haunting "SSL Smiley Song", sung to the tune of "Jingle Bells".

Monday review - the hot 20 stories of the week


It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

SSCC 159.5 - Black Hat USA 2014 Conference Special [PODCAST]

The Black Hat USA 2014 conference is over, and Naked Security's Chester Wisniewski was there in fabulous Las Vegas to take it all in.

And, as we all know, what happens in Vegas...

...gets faithfully reported on the internet!

Car hackers build anti-car-hacking gadget

Cars. Image courtesy of Shutterstock.

Besides yet more white-knuckled car-jacking stunts, security researchers Charlie Miller and Chris Valasek also plan to unveil at next month's Black Hat conference a prototype device meant to foil the type of hacks they've been throwing at cars.

Hackers to demo a $20 iPhone-sized gadget that zombifies cars

Hackers to demo a $20 iPhone-sized gadget that zombifies cars

At Black Hat Asia next month, researchers plan to show a palm-sized device that costs less than $20 to build from off-the-shelf, untraceable parts and that, depending on the car model, can screw with windows, headlights and even the truly scary, make-you-crash bits: i.e., steering and brakes.

Apple to fix iPhones' vulnerability to boobytrapped chargers

iPhones and iPads will be vulnerable until they get the iOS 7 update, which is scheduled for release later this year. Until then, you might want to avoid plugging into sleazy charging stations, though truth be told, a successful attack sounds kind of James Bond-ishly esoteric.

Watch where you plug in, folks - researchers hack iPhones with a charger

Watch where you plug in, folks - researchers hack iPhones with a charger

Researchers from the Georgia Institute of Technology plan to discuss their attack, dubbed "Mactans", and how it succeeded in compromising the latest generation devices with the latest version of iOS at the Black Hat USA Conference in July.

SSCC 97 - Black Hat and DEF CON review, broken crypto, Frak, smart meters and hacking transit

Sophos Security Chet Chat

Peter Szabo from SophosLabs joins Chet to chat about 4 more talks from this year's Black Hat and DEF CON conferences. Topics include MS-CHAPv2, Frak, smart meters and hacking public transit.

SSCC 96 - NFC hacking, audio steganography, IPv6 security and automated malware analysis

Sophos Security Chet Chat

Peter Szabo, a senior threat researcher with SophosLabs, joins Chet this week to to share what they learned at this year's Black Hat and DEF CON conferences. They discuss NFC, a file disinfection framework, steganography and the dangers of IPv6 and DNSSEC.

Hackers would never be hired by security vendors....right?

Careers section in Newspaper

Customers build a relationship based on trust with security vendors. After all, customers who buy security solutions like anti-virus or anti-spam grant security companies access to update computers and devices. Question is should security companies open their doors to people known to have dabbled in grey and black-hat hacking?

Android keylogging with no access to keystrokes?


July and August often produce some intriguing and unusual computer security research.

We've already written about BlackHat and DEFCON. Here's something from the USENIX HotSec workshop to pique your interest.

Macbooks, Korea, Spamford busted, phones lost, Anonymous threat - 60 Sec Security


No, the headline isn't a misprint. 90 Second News is now 60 Second Security!

Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month. So here you go. 60 Second Security, once every two weeks.

BH 2011: Bit-squatting - DNS hijacking without exploitation


Researcher Artem Dinaburg presented his paper about memory errors leading to mistaken DNS lookups at last week's Black Hat conference in Las Vegas, Nevada. He showed how attackers could use techniques similar to typosquatting to compromise users as a result of hardware errors.