“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

By Paul Ducklin — August 21^st 2023 at 17:45

WYSIWYG is short for "what you see is what you get". Except when it isn't...

Naked Security

S3 Ep147: What if you type in your password during a meeting?

By Paul Ducklin — August 10^th 2023 at 13:34

Latest episode - listen now! (Full transcript inside.)

Naked Security

Serious Security: Why learning to touch-type could protect you from audio snooping

By Paul Ducklin — August 8^th 2023 at 18:51

Fast, quiet, smooth, consistent and low impact... why true hacker-grade touch-typing might keep you more secure.

Naked Security

S3 Ep146: Tell us about that breach! (If you want to.)

By Paul Ducklin — August 3^rd 2023 at 17:56

Serious security stories explained clearly in plain English - listen now. (Full transcript available.)

Naked Security

Serious Security: Rowhammer returns to gaslight your computer

By Paul Ducklin — July 10^th 2023 at 21:22

Gaslights produce a telltale flicker when nearby lamps are lit; DRAM values do something similar when nearby memory cells are accessed.

Naked Security

Serious Security: That KeePass “master password crack”, and what we can learn from it

By Paul Ducklin — May 31^st 2023 at 19:39

Here, in an admittedly discursive nutshell, is the fascinating story of CVE-2023-32784. (Short version: Don't panic.)

Naked Security

Windows 11 also vulnerable to “aCropalypse” image data leakage

By Paul Ducklin — March 22^nd 2023 at 17:59

Turns out that the Windows 11 Snipping Tool has the same "aCropalypse" data leakage bug as Pixel phones. Here's how to work around the problem...

Naked Security

Google Pixel phones had a serious data leakage bug – here’s what to do!

By Paul Ducklin — March 21^st 2023 at 17:58

What if the "safe" images you shared after carefully cropping them... had some or all of the "unsafe" pixels left behind anyway?

Naked Security

SHEIN shopping app goes rogue, grabs price and URL data from your clipboard

By Paul Ducklin — March 10^th 2023 at 19:58

It's not exactly data theft, but it's worryingly close to "unintentional treachery" - apparently because it's great for marketing purposes

Naked Security

NPM JavaScript packages abused to create scambait links in bulk

By Paul Ducklin — February 22^nd 2023 at 20:59

Free spins? Bonus game points? Cheap social media followers? What harm could it possibly do if you just take a tiny little look?!

Naked Security

OpenSSL fixes High Severity data-stealing bug – patch now!

By Paul Ducklin — February 8^th 2023 at 02:58

7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...

Naked Security

Password-stealing “vulnerability” reported in KeePass – bug or feature?

By Paul Ducklin — February 1^st 2023 at 19:58

Is it a vulnerability if someone with control over your account can mess with files that your account is allowed to access anyway?

Naked Security

Serious Security: The Samba logon bug caused by outdated crypto

By Paul Ducklin — January 30^th 2023 at 19:59

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Naked Security

Log4Shell-like code execution hole in popular Backstage dev tool

By Paul Ducklin — November 15^th 2022 at 17:49

Good old "string templating", also known as "string interpolation", in the spotlight again...

bs-1200

Naked Security

Public URL scanning tools – when security leads to insecurity

By Paul Ducklin — November 7^th 2022 at 19:59

Never make your users cry/By how you use an API

Naked Security

Move over Patch Tuesday – it’s Ada Lovelace Day!

By Paul Ducklin — October 11^th 2022 at 15:22

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

Naked Security

LastPass source code breach – incident response report released

By Paul Ducklin — September 19^th 2022 at 18:59

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

Naked Security

LastPass source code breach – do we still recommend password managers?

By Paul Ducklin — August 29^th 2022 at 16:59

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Naked Security

Breaching airgap security: using your phone’s gyroscope as a microphone

By Paul Ducklin — August 24^th 2022 at 18:59

One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

Naked Security

Phishing goes KISS: Don’t let plain and simple messages catch you out!

By Paul Ducklin — April 25^th 2022 at 16:58

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

Naked Security

Serious Security: Apple Safari leaks private data via database API – what you need to know

By Paul Ducklin — January 18^th 2022 at 19:23

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

Naked Security

The cool retro phone with a REAL DIAL… plus plenty of IoT problems

By Paul Ducklin — December 23^rd 2021 at 17:58

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

Naked Security

GoDaddy admits to password breach: check your Managed WordPress site!

By Paul Ducklin — November 23^rd 2021 at 00:35

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Naked Security

Github cookie leakage – thousands of Firefox cookie files uploaded by mistake

By Paul Ducklin — November 18^th 2021 at 22:20

Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.