Author Archives: Paul Ducklin

Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug

Posted on February 13, 2023 by Paul Ducklin

Conditional code considered cryptographically counterproductive. Continue reading Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug→

Reddit admits it was hacked and data stolen, says “Don’t panic”

Posted on February 10, 2023 by Paul Ducklin

Reddit is suggesting three tips as a follow-up to this breach. We agree with two of them but not with the third… Continue reading Reddit admits it was hacked and data stolen, says “Don’t panic”→

S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]

Posted on February 9, 2023 by Paul Ducklin

Latest epsiode. Listen now! Continue reading S3 Ep121: Can you get hacked and then prosecuted for it? [Audio + Text]→

OpenSSL fixes High Severity data-stealing bug – patch now!

Posted on February 8, 2023 by Paul Ducklin

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English… Continue reading OpenSSL fixes High Severity data-stealing bug – patch now!→

VMWare user? Worried about “ESXi ransomware”? Check your patches now!

Posted on February 7, 2023 by Paul Ducklin

To borrow from HHGttG, please DON’T PANIC. But if you are two years out of date with patches, please do ACT NOW! Continue reading VMWare user? Worried about “ESXi ransomware”? Check your patches now!→

Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto

Posted on February 6, 2023 by Paul Ducklin

Hear renowned cybersecurity author Andy Greenberg’s thoughtful commentary about the “war on crypto” as we talk to him about his new book… Continue reading Tracers in the Dark: The Global Hunt for the Crime Lords of Crypto→

OpenSSH fixes double-free memory bug that’s pokable over the network

Posted on February 3, 2023 by Paul Ducklin

It’s a bug fix for a bug fix. A memory leak was turned into a double-free that has now been turned into correct code… Continue reading OpenSSH fixes double-free memory bug that’s pokable over the network→

S3 Ep120: When dud crypto simply won’t let go [Audio + Text]

Posted on February 2, 2023 by Paul Ducklin

Latest episode – listen now! Continue reading S3 Ep120: When dud crypto simply won’t let go [Audio + Text]→

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Posted on February 1, 2023 by Paul Ducklin

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway? Continue reading Password-stealing “vulnerability” reported in KeePass – bug or feature?→

GitHub code-signing certificates stolen (but will be revoked this week)

Posted on January 31, 2023 by Paul Ducklin

There was a breach, so the bad news isn’t great, but the good news isn’t too bad… Continue reading GitHub code-signing certificates stolen (but will be revoked this week)→