(get it in RSS or Atom)

Apple iOS 9 is out - with a LOT of security holes patched

As usual, we recommend updating as soon as you can, for the fixes much more than the features.

Phone feared drowned posts selfies of adventures with firefighters


Soggy though it was, and passcode-protected it was not, its Facebook posts show it played a mean game of table tennis with its new buddies.

Surprise! People choose predictable Android lockscreen patterns

Surprise! People choose predictable Android lockscreen patterns

New research studying how people create lockscreen patterns suggests that they aren't a secure alternative to passcodes at all.

IRS estimate of stolen tax records balloons to over 300,000

Piles of files. Image courtesy of Shutterstock.

A wider analysis shows that attackers used the IRS's Get Transcript app - now gone, and good riddance! - to roll around in far more records than first thought.

Will emoji passcodes put a smile on your face?

Will emoji passcodes put a smile on your face?

UK firm Intelligent Environments has developed an emoji alternative to numerical passcodes used in online banking.

IRS announces 2016 anti-fraud arrangements - but do they go far enough? [POLL]

As a result of the IRS breach announced in May 2015, changes are afoot in how US tax returns will be authenticated in 2016.

Are they enough? Have your say in our poll...

We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!

Belkin is the latest router vendor to be found relying on "non-secret secrets."

Paul Ducklin looks at the router equivalent of locking the key to the company safe in the top drawer of your desk...

SSCC 190 - The CeBIT 2015 edition [PODCAST]


Recorded right on the Sophos booth at the CeBIT show in Hannover, Germany.

Here's the Fifth Anniversary edition of our weekly podcast...enjoy!

"Black Box" brouhaha breaks out over brute forcing of iPhone PIN lock

A brouhaha has broken out about a "Black Box" that can brute force your iPhone PIN by trying every possible combination, from 00..00 to 99..99.

Apparently, it can even circumvent the "10 mistakes and you're finished" test. Sort of...

My password, sorry, it's completely slipped my mind - 60 Sec Security [VIDEO]

Here's the latest episode of our weekly "60 Second Security" video.

It'll only take a minute...

Using WPS on your Wi-Fi router may be even more dangerous than you think


In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be.

Now, another researcher has found that cracking it may be 10,000 times easier again...

Are your veins going to replace your PIN at the ATM?

Are your veins going to replace your PIN at the ATM?

Hitachi are rolling out around 2,000 new cash machines in Poland that take a new approach to biometrics. The infrared scanner on one of these new ATMs will literally get under your skin as it scans the veins inside your finger. A similar technology has also been devised for shops in America by Fujitsu.

Smartphone PINs skimmed with microphone and camera

Smartphone PINs cracked with microphone and camera - a game-changer for phone security?

A new program, dubbed PIN Skimmer by its University of Cambridge creators, can correctly guess a high proportion of PINs by utilising the device's camera and microphone.

Ducati Diavel - power, speed, looks, and a vulnerability lesson for Friday afternoon


Naked Security reader Sean, who has an eye for wacky security holes, recently pointed me at the Ducati Diavel motorcycle Default Ignition Password vulnerability.

But is it true? Can you really walk up to Ducati's latest musclebike and simply ride away?

The top 10 passcodes you should never use on your iPhone

The top 10 passcodes you should never use on your iPhone

Are you one of the many people who is using a dangerously easy-to-guess passcode on your iPhone?

Maybe you should do something about it - sooner rather than later.

Keep an eye on your iPhone

Image (4) iphone-pin.jpg for post 14315

Astute Sophos followers will remember that last year I hijacked the SophosLabs blog to bring news of the Apple WWDC 2008. Well this year, sat in the Moscone West digesting the content of Phil Schiller's keynote presentation and updating my Read more…

More details on the Diebold ATM Trojan horse case

Image (1) atm-update.jpg for post 13815

Yesterday, Vanja Svajcer of SophosLabs described how he had discovered malware which appeared to be designed to steal information from users of Diebold ATM cash machines. I also published some discussion here on the Clu-blog about how the Trojan horses Read more…

Is there malware lurking in your ATM?

Default image

Sophos Principal Virus Research Vanja Svacjer has posted a fascinating blog today about his discovery of malware which appears to target Diebold cash machines. You can read the full details in Vanja's blog post, but I thought it might be Read more…

Your PIN or your life!

Image (3) michael-alfred-schmidt.jpg for post 13812

Life has become more dangerous for ATM card holders in the UK. As muggers require the Personal Identification Number (PIN) of a stolen card to make withdrawals, they are tempted to resort to violence against the card owners to get Read more…