research

(get it in RSS or Atom)

Microsoft Word Intruder Revealed - inside a malware construction kit

What happens when cybercrooks take a leaf out of the Advanced Persistent Threatsters' book?

Gabor Szappanos of SophosLabs investigates...

Google ad profiling: what's causing the gender discrimination?

Google advertises higher-paying jobs to far more men than women

Google displayed ads for a career coaching service for "$200k+" jobs 1852 times to the male profiles and only 318 times to female profiles. But is it Google's fault?

Phones' accelerometers allow you to be tracked on the metro

Phones' accelerometers allow you to be tracked underground

No GPS or cell tower triangulation necessary. All it takes is learning the world's unique metro routes, then listening as phones jiggle along.

Yup, we really are terrible at those password recovery questions

Doh!

When we forget our passwords we’re often faced with recovery questions like "What's your favourite food?” They’re a backdoor into our accounts so they’re supposed to be both secure and memorable. They’re not.

Notes from SophosLabs: Dyreza, the malware that discriminates against old computers

In another article in our occasional series "Notes from SophosLabs", we look at the (anti-)(anti-)anti-virus arms race.

In an effort to evade automated analysis, here's malware that deliberately avoids old-looking computers.

New algorithm could auto-squash trolls

trolls-250_ss_167049470

Researchers have come up with a tool that spots troll behaviour and low readability 80% of the time. That's 20% "oops." Worth it?

SSCC 184 - What's the lifespan of a GHOST? [PODCAST]

Our weekly security podcast - the latest news in 15 minutes, entertaining *and* educational.

Enjoy!

College kids still using Snapchat despite 'The Snappening', says report

College kids still using Snapchat, 'The Snappening' be damned

A study found that 75% of undergraduates said they planned to keep on using Snapchat in the same way as before, despite photos being snatched from a non-secure third-party service.

Do we really need strong passwords?

Short password

The idea that computer users should use long, complex passwords is one of computer security's sacred cows.

But is is really necessary?

Mark Stockley investigates...

Facebook sort-of apologizes for treating users like lab rats

Facebook sort-of apologizes for treating users like lab rats

Facebook says it was "unprepared" for the ruckus stirred up around its emotional contagion research, and that there were things "it should have done differently." Does that include asking for informed consent next time?

SSCC 166.5 - Special edition from the Virus Bulletin 2014 conference [PODCAST]

Sophos security expert Chester Wisniewski was at the Virus Bulletin 2014 conference in Seattle.

In this special edition of the Chet Chat, Paul Ducklin puts Chet on the other side of the mic to find out more about both the technology and the ethics of anti-malware research.

Duping the machine - the cunning malware that throws off researchers

Malware. Image courtesy of Shutterstock

Traditionally, when malware detects that it is not running in a genuine victim setting, it will simply exit immediately. But there's a certain subset of malware families that are more cunning when they detect an analysis environment...

Facebook shrugs as 'emotional contagion' research outrages its users

Image of comedy tragedy masks courtesy of Shutterstock

Some users saw a dash more positive items in their feeds; some received a more grim daily dose, as the researchers cut out happy tidings. The researchers' conclusion: yes, emotional states are contagious, and no, seeing friends post happy news does not necessarily make people want to jump off ledges. The internet's reaction: how dare you manipulate emotions without informed consent?

1 in 30 have been hit by CryptoLocker and 40% pay the ransom, says study

1 in 30 are hit by CryptoLocker, and 40% pay the ransom

An annual survey on computer security issues run by a UK university was published last week. Its stats on the prevalence of ransomware, and how many people give in to the crooks and pay the ransom, raised some eyebrows.

96% of businesses are unprepared for a cyber attack

96% of firms are unprepared for a cyber attack

A new survey from Ernst & Young discovered that 96% of the 1,909 executives questioned felt that their companies were unprepared for a cyber attack, but only 23% of the companies placed security awareness in their top two priorities.

Facebook and Twitter musings give employers a peek into our real selves, research finds

Facebook and Twitter musings give employers a peek into our real selves, research finds

It seemed like common sense to employers, but research shows that yes, actually, bad-mouthing and posting about a wild partying life does work against potential job candidates.

How to avoid being one of the "73%" of WordPress sites vulnerable to attack

How to avoid being one of the 73% of WordPress sites vulnerable to attack

Researchers have concluded that 73% of the 40,000 most popular websites that use WordPress software are vulnerable to attack. But they admit they might be wrong. Even so, they still highlight an important security issue which isn't diminished one iota by their sketchiness.

PRISM: 50% of Americans approve of NSA's internet spying program

Prism

Half of Americans approve of their government's collection of telephone and internet data as part of anti-terrorism efforts even though they believe PRISM goes further than they have been told.

Small businesses beware! Point-of-sale malware is after you

shopping_lady_250

Malware targeting point-of-sale (POS) systems has been a major trend for the last six months. With easy pickings to be had from mom-and-pop shops, this pattern is only going to grow until people start fighting back with better system security, and ideally better payment card systems.

Virus Bulletin's Technical Director John Hawes takes a look....

Technical paper: Exploring the history and technology of ransomware

whitepaper

A new technical paper from SophosLabs explores the history and technology of ransomware. From payment by SMS to public key encryption, ransomware has certainly evolved.