FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayNaked Security

Serious Security: Why learning to touch-type could protect you from audio snooping

By Paul Ducklin
Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

S3 Ep146: Tell us about that breach! (If you want to.)

By Paul Ducklin
Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Serious Security: Rowhammer returns to gaslight your computer

By Paul Ducklin
Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

Windows 11 also vulnerable to β€œaCropalypse” image data leakage

By Paul Ducklin
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Google Pixel phones had a serious data leakage bug – here’s what to do!

By Paul Ducklin
What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

By Paul Ducklin
It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

NPM JavaScript packages abused to create scambait links in bulk

By Paul Ducklin
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

OpenSSL fixes High Severity data-stealing bug – patch now!

By Paul Ducklin
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

Password-stealing β€œvulnerability” reported in KeePass – bug or feature?

By Paul Ducklin
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

Serious Security: The Samba logon bug caused by outdated crypto

By Paul Ducklin
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Log4Shell-like code execution hole in popular Backstage dev tool

By Paul Ducklin
Good old "string templating", also known as "string interpolation", in the spotlight again...

bs-1200

Move over Patch Tuesday – it’s Ada Lovelace Day!

By Paul Ducklin
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

LastPass source code breach – incident response report released

By Paul Ducklin
Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

LastPass source code breach – do we still recommend password managers?

By Paul Ducklin
What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Breaching airgap security: using your phone’s gyroscope as a microphone

By Paul Ducklin
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

Phishing goes KISS: Don’t let plain and simple messages catch you out!

By Paul Ducklin
Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

Serious Security: Apple Safari leaks private data via database API – what you need to know

By Paul Ducklin
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

By Paul Ducklin
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

GoDaddy admits to password breach: check your Managed WordPress site!

By Paul Ducklin
GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

By Paul Ducklin
Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.

❌