Login
FreshRSS
Login
Naked Security
Serious Security: Rowhammer returns to gaslight your computer
By
Paul Ducklin
β July 10
th
2023 at 21:22
Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.
Naked Security
Serious Security: That KeePass βmaster password crackβ, and what we can learn from it
By
Paul Ducklin
β May 31
st
2023 at 19:39
Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)
Naked Security
PHP Packagist supply chain poisoned by hacker βlooking for a jobβ
By
Paul Ducklin
β May 5
th
2023 at 16:59
I pwned you! Gizza job! You know it makes sense!
Naked Security
Tracked by hidden tags? Apple and Google unite to propose safety and security standardsβ¦
By
Paul Ducklin
β May 3
rd
2023 at 19:58
To bleat, or not to bleat, that is the question.
Naked Security
Windows 11 also vulnerable to βaCropalypseβ image data leakage
By
Paul Ducklin
β March 22
nd
2023 at 17:59
Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...
Naked Security
Google Pixel phones had a serious data leakage bug β hereβs what to do!
By
Paul Ducklin
β March 21
st
2023 at 17:58
What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?
Naked Security
SHEIN shopping app goes rogue, grabs price and URL data from your clipboard
By
Paul Ducklin
β March 10
th
2023 at 19:58
It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes
Naked Security
NPM JavaScript packages abused to create scambait links in bulk
By
Paul Ducklin
β February 22
nd
2023 at 20:59
Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!
Naked Security
OpenSSL fixes High Severity data-stealing bug β patch now!
By
Paul Ducklin
β February 8
th
2023 at 02:58
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...
Naked Security
Password-stealing βvulnerabilityβ reported in KeePass β bug or feature?
By
Paul Ducklin
β February 1
st
2023 at 19:58
Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?
Naked Security
Serious Security: The Samba logon bug caused by outdated crypto
By
Paul Ducklin
β January 30
th
2023 at 19:59
Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!
Naked Security
βSuspicious loginβ scammers up their game β take care at Christmas
By
Paul Ducklin
β December 21
st
2022 at 17:59
A picture is worth 1024 words - we clicked through so you don't have to.
Naked Security
Log4Shell-like code execution hole in popular Backstage dev tool
By
Paul Ducklin
β November 15
th
2022 at 17:49
Good old "string templating", also known as "string interpolation", in the spotlight again...
bs-1200
Naked Security
Public URL scanning tools β when security leads to insecurity
By
Paul Ducklin
β November 7
th
2022 at 19:59
Never make your users cry/By how you use an API
Naked Security
Move over Patch Tuesday β itβs Ada Lovelace Day!
By
Paul Ducklin
β October 11
th
2022 at 15:22
Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.
Naked Security
LastPass source code breach β incident response report released
By
Paul Ducklin
β September 19
th
2022 at 18:59
Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.
Naked Security
LastPass source code breach β do we still recommend password managers?
By
Paul Ducklin
β August 29
th
2022 at 16:59
What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?
Naked Security
Breaching airgap security: using your phoneβs gyroscope as a microphone
By
Paul Ducklin
β August 24
th
2022 at 18:59
One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...
Naked Security
Murder suspect admits she tracked cheating partner with hidden AirTag
By
Paul Ducklin
β June 14
th
2022 at 18:49
O! What a tangled web we weave, when first we practise to deceive.
Naked Security
Phishing goes KISS: Donβt let plain and simple messages catch you out!
By
Paul Ducklin
β April 25
th
2022 at 16:58
Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.
Naked Security
S3 Ep72: AirTag stalking, web server coding woes and Instascams [Podcast + Transcript]
By
Paul Ducklin
β March 3
rd
2022 at 14:04
Latest episode - listen now (or read it, if that's your preference)...
Naked Security
Instagram scammers as busy as ever: passwords and 2FA codes at risk
By
Paul Ducklin
β February 28
th
2022 at 17:56
Instagram scams don't seem to be dying out - we're seeing more variety and trickiness than ever...
Naked Security
Apple AirTag anti-stalking protection bypassed by researchers
By
Paul Ducklin
β February 23
rd
2022 at 17:59
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.
Naked Security
Serious Security: Apple Safari leaks private data via database API β what you need to know
By
Paul Ducklin
β January 18
th
2022 at 19:23
There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing
Naked Security
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
By
Paul Ducklin
β January 6
th
2022 at 19:44
We're back for 2022 - listen now!
Naked Security
Instagram copyright infringment scams β donβt get sucked in!
By
Paul Ducklin
β December 30
th
2021 at 14:40
We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...
Naked Security
The cool retro phone with a REAL DIAL⦠plus plenty of IoT problems
By
Paul Ducklin
β December 23
rd
2021 at 17:58
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.
Naked Security
GoDaddy admits to password breach: check your Managed WordPress site!
By
Paul Ducklin
β November 23
rd
2021 at 00:35
GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.
Naked Security
Github cookie leakage β thousands of Firefox cookie files uploaded by mistake
By
Paul Ducklin
β November 18
th
2021 at 22:20
Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.
There are no more articles
β
Mark all as read