(get it in RSS or Atom)

Bugs in the hospital: how to pwn your own pethidine machine

Feeling short-changed by the nurse in charge of your painkiller quota? Telnet into the drug dispenser!

Paul Ducklin looks at how to avoid this sort of security hole...

SSCC 107 - Hostgator, Safari, Java, pwning planes with Android, and Facebook Home [PODCAST]


Here's the latest episode in the popular "Chet Chat" series.

Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.

Hosting company Hostgator hacked, suspect arrested after being "rooted with his own rootkit"


A former system administrator from hosting company Hostgator has been arrested for hacking into his former employer's network.

There's some poetic justice in how he was identified and connected with the crime...Paul Ducklin takes a look, and can't help smiling.

SSCC 101 - Private things made public, the Java saga, PWN2OWN, and precision versus accuracy

Chester talks to Paul Ducklin in Sophos Security Chet Chat Episode 101.

Spend an enjoyable quarter-hour as our duo take on a range of security issues with their usual mixture of insight, expertise, scepticism, advice and occasional outright puzzlement.

Do programmers understand the meaning of PRIVATE?

Public-key encryption relies on a pair of cryptographic keys, one public and the other private.

You'd think that programmers would be able to tell which one to keep private and which one to make public, wouldn't you?

Monday review - the hot 22 stories of the week

Monday review - the hot 22 stories of the week

Here you go. All the stories we wrote in the past seven days, in case you missed anything (or just want to read them again).

FreeBSD shutters some servers after SSH key breach

FreeBSD shutters some servers after SSH key breach

FreeBSD has announced a smallish system compromise.

The FreeBSD administrators took a bunch of servers offline to investigate, and published a blow-by-blow account of what they know about the breach so far.

Randomness in cryptography - the devil's in the details

Randomness in cryptography - the devil's in the details

Kiwicon opened with a software engineering talk which was intensely focused - a case study of a single-line bug in a single source file in a single module in a 70MBbyte programming language distro.

Paul Ducklin reports from Wellington, New Zealand.

Extinguishing Firesheep for safe WiFi browsing


Firesheep has already taught 750,000 people how to hijack your unencrypted WiFi sessions with a single click. So here's how to extinguish Firesheep with a technological defence that you can put together in just 60 seconds.

Hacked iPhones held hostage for 5 Euros

Image (1) hacked-iphone.jpg for post 15252

The importance of properly securing mobile devices has been underlined once again, after a Dutch hacker broke into jailbroken Apple iPhones and displayed a message demanding a 5 Euro ransom be paid. According to media reports, the hacker used port Read more…

Apache applauded for openness after security breach

Image (1) apache-logo.jpg for post 14886

On August 28th, the Apache Software Foundation made the headlines for all the wrong reasons after hackers compromised its servers and gained root privileges. Apache is at pains to point out that "at no time were any Apache Software Foundation Read more…