Clik here to view.
US Department of Labor website hacked, serves malware, now fixed
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware. Paul Ducklin takes a quick look at...
View ArticleClik here to view.
Network gaming company uses its "cheat-prevention" client to build a Bitcoin...
One problem with network games: how do you trust the other people in the contest? You could build a network that requires your customers to installed a special "cheat-blocker" client... ...and then use...
View ArticleClik here to view.
Revenge-porn website victim files suit against ex and four porn sites
Holly Jacobs suffered four years of stalking, internet trolls and having pornographic images sent to her bosses. Now, she's filed suit against the ex-boyfriend she says started it all, as well as four...
View ArticleClik here to view.
Apple ships jolly uninteresting iOS 6.1.4 update
Apple just released iOS 6.1.4 for the iPhone 5. Apparently, it improves speakerphone calls, but it doesn't fix the lock-screen bug in iOS 6.1.3...
View ArticleClik here to view.
Lifting the lid on the Redkit exploit kit (Part 1)
In the first of a two part series of blog posts, Fraser Howard takes a closer look at the Redkit exploit kit. Learn more about how this kit works and the compromised web servers that are being used to...
View ArticleClik here to view.
Facebook introduces Trusted Contacts, makes you ask, "How much do I trust my...
Losing access to your Facebook account is a big deal. So Facebook has introduced "Trusted Contacts," where you combine recovery codes from three different friends to get yourself back in. Paul Ducklin...
View ArticleClik here to view.
IBM takes a big new step in cryptography: practical homomorphic encryption
IBM just released an open source software package called HELib. HE stands for *homomorphic encryption*, and HELib is an important cryptographic milestone. Paul Ducklin explains why...
View ArticleClik here to view.
British cryptographic hacking from WW2 - how well would *you* have done?
If you were taken prisoner and wanted to send messages home under your captors' noses, what would you do? Find out how a Royal Navy officer did just that during WW2, and have a go yourself at hiding a...
View ArticleClik here to view.
Monday review - the hot 20 stories of the week
Get up to date with everything we wrote in the past seven days - it's weekly roundup time.
View ArticleClik here to view.
Indian Navy gets ready to dismiss officers for posting ship movements on...
The Indian Navy says that the officers posted details about warship locations, including that of the country's one and only aircraft carrier, in the latest case of eye-rollingly bad Facebook...
View ArticleClik here to view.
Alleged "SpyEye" mastermind extradited to US
The FBI suspects that 24-year-old Hamza Bendelladj, an Algerian national, developed, marketed, distributed and controlled the notorious botnet toolkit, used to steal millions of dollars from online...
View ArticleClik here to view.
Pentagon OKs Androids, BlackBerrys for soldiers
The US Department of Defense has approved the use of Samsung phones running "Knox," a hardened version of Android.
View ArticleClik here to view.
Syria disappears off the face of the internet
It looks like internet access into and out of Syria has been shut down, cutting the country off from the rest of the internet.
View ArticleClik here to view.
SSCC 108 - WW2 crypto, Bitcoin mining, internet cameras, password breaches...
Chester calls home from Interop in Las Vegas to record the latest episode of the Sophos Security Chet Chat. Join Chester and guest Paul Ducklin in their regular quarter-hour podcast as they laugh about...
View ArticleClik here to view.
Lack of Chip and PIN technology leaves US shoppers and diners at risk from...
Despite being one of the biggest economies for the retail and 'food and beverage' industries, the US lacks basic card protection that could prevent data thieves from Americans' bank accounts.
View ArticleClik here to view.
Google's Schmidt: what we need is an internet "Delete" button
The wouldn't-it-be-nice fix would take care of the sticky situations we're getting into (and Google's getting sued about) with our personal data getting sucked up by companies and advertisers. Another...
View ArticleClik here to view.
Name.com suffers breach, credit card data accessed, encryption in place (phew!)
Domain registrar and web hosting company Name.com, part of the Demand Media group, has suffered a data breach. Crooks have apparently made off with data up to and including credit card numbers...but it...
View ArticleClik here to view.
Microsoft rushes out CVE-2013-1347 “Fix it” for the latest Internet Explorer...
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE. Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
View ArticleClik here to view.
Nordstrom tracking customer movement via smartphones’ WiFi sniffing
The department store has installed sensors in 17 US stores to collect information from customers' smartphones as those phones automatically scan for WiFi service. Nordstrom promises it's keeping the...
View ArticleClik here to view.
A closer look at the malicious Redkit exploit kit
In the second technical article of this series, Fraser Howard investigates deeper into the workings of Redkit exploit kit. Learn more about the internals of this kit; bypassing of security mechanisms...
View Article