Author Archives: Paul Ducklin

Serious Security: The Samba logon bug caused by outdated crypto

Posted on January 30, 2023 by Paul Ducklin

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important! Continue reading Serious Security: The Samba logon bug caused by outdated crypto→

Dutch suspect locked up for alleged personal data megathefts

Posted on January 26, 2023 by Paul Ducklin

Undercover Austrian “controlled data buy” leads to Amsterdam arrest and ongoing investigation. Suspect is said to steal and sell all sorts of data, including medical records. Continue reading Dutch suspect locked up for alleged personal data megathefts→

S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]

Posted on January 26, 2023 by Paul Ducklin

Lastest episode – listen now! (Or read the transcript.) Continue reading S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]→

GoTo admits: Customer cloud backups stolen together with decryption key

Posted on January 25, 2023 by Paul Ducklin

We were going to write, “Once more unto the breach, dear friends, once more”… but it seems to go without saying these days. Continue reading GoTo admits: Customer cloud backups stolen together with decryption key→

Apple patches are out – old iPhones get an old zero-day fix at last!

Posted on January 24, 2023 by Paul Ducklin

Don’t delay, especially if you’re still running an iOS 12 device… please do it today! Continue reading Apple patches are out – old iPhones get an old zero-day fix at last!→

Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security

Posted on January 23, 2023 by Paul Ducklin

It’s a really cool and super-simple trick. The question is, “Will it help?” Continue reading Serious Security: How dEliBeRaTe tYpOs might imProVe DNS security→

T-Mobile admits to 37,000,000 customer records stolen by “bad actor”

Posted on January 20, 2023 by Paul Ducklin

Once more, it’s time for Shakespeare’s words: Once more unto the breach… Continue reading T-Mobile admits to 37,000,000 customer records stolen by “bad actor”→

S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]

Posted on January 19, 2023 by Paul Ducklin

As always: entertaining, informative and educational… and not bogged down with jargon! Listen (or read) now… Continue reading S3 Ep118: Guess your password? No need if it’s stolen already! [Audio + Text]→

Serious Security: Unravelling the LifeLock “hacked passwords” story

Posted on January 17, 2023 by Paul Ducklin

Four straight-talking tips to improve your online security, whether you’re a LifeLock customer or not. Continue reading Serious Security: Unravelling the LifeLock “hacked passwords” story→

Multi-million investment scammers busted in four-country Europol raid

Posted on January 16, 2023 by Paul Ducklin

216 questioned, 15 arrested, 4 fake call centres searched, millions seized… Continue reading Multi-million investment scammers busted in four-country Europol raid→