data leakage

(get it in RSS or Atom)

Google forgets one little "Yes/No" setting, leaks private WHOIS data

g-250

Even Google can make data leakage mistakes, as network security expert group Talos recently noticed.

Just one tiny little Yes/No setting that went wrong...

As easy as 123: Xen hypervisor bug found, fixed, phew...‏make sure you're patched!

Xen is often used to share one physical server amongst many different customers - and it's supposed to keep them safely apart.

Sometimes, things don't quite work out...Paul Ducklin explains.

Delta Airlines flaw lets others access your boarding pass

Passenger lists are quite rightly kept confidential, as you will know if you've ever tried to find out if the friends you've come to pick up at the airport made it onto their flight.

Seems that no-one told Delta Airlines...

Alibaba turns into Ali-blab-blab thanks to web server URL security bug

aliexp-250

Chinese e-commerce megabrand Alibaba just fixed a rather naughty security slipup on its online retail portal AliExpress.

You could get data such as the addresses and phone numbers of other users.

Adobe updates its e-reader - DRM data no longer transmitted insecurely

adobe-250

Adobe's e-reader software now has "enhanced security" for uploading metadata about what you read.

Or, as you might say, "no longer uploads that data insecurely"...

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

Mummy, my schoolbooks are spying on me! 60 Sec Security [VIDEO]

Here's our latest 60 Second Security video for your viewing pleasure.

The wry side of the week's news, in just a minute...

Bugzilla bug tracker fixes zero-day bug revealing bug

bugzilla-250

If we are allowed to smile at security holes, this bug-revealing bug in Bugzilla is wryly amusing...

"Shocking" Android browser bug could be a "privacy disaster": here's how to fix it

browser-250

The Metasploit crew is calling this Android Browser bug a "privacy disaster.”

Here's what you can do to avoid trouble...

How far would your sysadmins go to fix a problem? 60 Sec Security [VIDEO]

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...

Privacy and iOS 8, USMS blunder and Cryptowall ransomware - 60 Sec Security [VIDEO]

One minute of fun with a serious side...

60 Second Security - 21 June 2014

Patch Tuesday for June 2014 - 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole

pt-june-2104-250

You'll be patching and rebooting everything this month.

Paul Ducklin gives you a brief overview to help you prepare.

He also explains some vulnerability terminology you might not have heard before...

SSCC 147 - Why Snapchat will have to tell you the truth about security now [PODCAST]

sscc-147-250

As usual, Chester Wisniewski and Paul Ducklin turn their insightful and entertaining gaze on the security lessons we can learn from the past few days.

Give it a listen - it's our weekly quarter-hour security podcast...

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Is Apple finally getting real about security? 60 Sec Security [VIDEO]

2014-05-10-thumb-0250

Where does the data breach buck stop? Why do they call them "secret" links? And is Apple finally getting real about security?

Find out in "60 Second Security" for 10 May 2014

SSCC 146 - Target, Microsoft, Dropbox and the mysterious "Webdriver Torso" [PODCAST]

sscc-146-thumb-250

Have a listen to the latest episode of our weekly security podcast.

Sophos security experts Chester Wisniewski and Paul Ducklin look at what we can learn from the latest news.

Dropbox stumbles over security and privacy of secret links

shutterstock_womandroppingbox250

Another flaw in Dropbox has been discovered. Users sharing documents using a secret link may have inadvertently been sharing the secret link with sites they linked to from shared files.