“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

WYSIWYG is short for "what you see is what you get". Except when it isn't...

S3 Ep147: What if you type in your password during a meeting?

Latest episode - listen now! (Full transcript inside.)

Serious Security: Why learning to touch-type could protect you from audio snooping

Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

S3 Ep146: Tell us about that breach! (If you want to.)

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Serious Security: Rowhammer returns to gaslight your computer

Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

Serious Security: That KeePass “master password crack”, and what we can learn from it

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Windows 11 also vulnerable to “aCropalypse” image data leakage

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Google Pixel phones had a serious data leakage bug – here’s what to do!

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

NPM JavaScript packages abused to create scambait links in bulk

Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

OpenSSL fixes High Severity data-stealing bug – patch now!

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

Password-stealing “vulnerability” reported in KeePass – bug or feature?

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Log4Shell-like code execution hole in popular Backstage dev tool

Good old "string templating", also known as "string interpolation", in the spotlight again...

Public URL scanning tools – when security leads to insecurity

Never make your users cry/By how you use an API

Move over Patch Tuesday – it’s Ada Lovelace Day!

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

LastPass source code breach – incident response report released

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

LastPass source code breach – do we still recommend password managers?

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Breaching airgap security: using your phone’s gyroscope as a microphone

One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

Phishing goes KISS: Don’t let plain and simple messages catch you out!

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

Serious Security: Apple Safari leaks private data via database API – what you need to know

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

GoDaddy admits to password breach: check your Managed WordPress site!

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.