(get it in RSS or Atom)

Ouch! Home router security "bypass" actually means no security AT ALL

A Spanish researcher has found an astonishing security "bypass" in a home router - there simply isn't any security to bypass.

Is Apple slack at security on iOS? 60 Sec Security [VIDEO]

What went wrong with PayPal's 2FA? Why did Microsoft do an email U-turn? Is Apple slack at security on iOS?

It'll only take a minute to find out...

Flaw in PayPal’s two-factor authentication, but keep calm and carry on!

Security researchers in the USA have just disclosed a flaw in PayPal's 2FA system.

Paul Ducklin looks at the mistakes that PayPal made, and what's been done to sort them out...

Anatomy of a "goto fail" - Apple's SSL bug explained, plus an unofficial patch for OS X!


Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.

Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)

D-Link patches "Joel's Backdoor" security hole in its SoHo routers


About six weeks ago we wrote about an amusingly alarming security hole in various D-Link routers.

D-Link has now come out with a firmware fix - don't forget to update if you're on the affected list...

Adobe, Android and CryptoLocker - 60 Sec Security [VIDEO]


Which pets make the best/worst passwords?

How many times did Google make the same coding blunder?

Find out this and more in our one-minute wrapup of the week's security lessons!

Anatomy of a file format problem - yet another code verification bypass in Android


Four months ago, the Android platform was stirred, if not shaken, by a pair of code verification holes.

Turns out there was a third one, now fixed in Android 4.4, better known as Kit Kat.

Paul Ducklin looks at what we can learn from it...

Busts, Bounties and Backdoors - 60 Sec Security [VIDEO]


Who's "Paunch"? What happens when you arrest him? How do you win $100k from Microsoft? Could there really be a backdoor in Adobe's code?

Find out the answers in this week's episode!

Apple releases iOS 7.0.2 - swiftly squashing two lockscreen bugs


Apple has quickly fixed two lockscreen bugs that it introduced with iOS 7.

Well done, Cupertino!

(To all hardcore Apple fans reading this: that's not irony. I really mean it.)

Siri offers the latest backdoor into your iPhone - just ask nicely!


We really didn't want to write another Apple iOS 7 story.

But with reports surfacing that HAL's smooth-talking stepsister Siri lets you *talk* your way into a locked iPhone, we couldn't help it.

Russian hacker's App Store fraud site adds Mac support

Russian hacker's App Store fraud site adds Mac support

ZonD Eighty, the Russian hacker who brought App Store fraud to unjailbroken iPads and iPhones, has extended his "service" to OS X users.

Mac owners can now join their iDevice brethren in ripping off developers.

Apple's App Store bypassed by Russian hacker, leaving developers out of pocket

Apple's App Store bypassed by Russian hacker, leaving developers out of pocket

A Russian hacker has created a website you can use to make fraudulent in-app purchases on your iPad or your iPhone.

This is a pretty big blow to Apple - especially at a time when it is facing criticism for some of the stuff it lets into the App Store in the first place.

"One in 256 times *any* password might get you in" - MySQL authentication disaster

"One in 256 times *any* password might get you in" - MySQL authentication disaster

What if your authentication system itself were at fault? You could have the hardest-to-guess password, salted and hashed thousands of times, and still be at risk.

That's what happened to MySQL and MariaDB.

Khobe "vulnerability" – no earth shaker

Image (1) dont-panic.jpg for post 1512

The security panic of the week is the widely-reported story of a "vulnerability" called Khobe. One news headline goes so far as to announce that this "new attack bypasses virtually all AV protection". I disagree. The sample "attack", which claims Read more…