Security researchers in the USA have just disclosed a flaw in PayPal’s 2FA system. Paul Ducklin looks at the mistakes that PayPal made, and what’s been done to sort them out…
Monthly Archives: June 2014
TimThumb plugin for WordPress – zero-day remote code execution hole disclosed, quickly fixed
WordPress sites with the TimThumb image thumbnailing plugin could be taken over by attackers. Paul Ducklin looks at what went wrong and explains how to fix the hole…
Serial hacker Cameron Lacroix gets four year jail term after taking plea bargain
A serial hacker with a long history of computer offences has pleaded guilty to computer intrusion and access device fraud charges, accepting a sentence of four years in jail in return for his plea.
“Towelroot” app makes it easy to root Galaxy S5 and other locked Androids…
Galaxy S5 users will be cheering. System administrators are probably groaning. Paul Ducklin looks at an Android-era variant of Hamlet’s dilemma: “To root or not to root, that is the question.”
Is that Google Glass wearer stealing your iPad passcode?
What about the one with a smartwatch? Snoopers can catch your code from nearly 10 feet away with Google Glass or Samsung’s smartwatch and from almost 150 away using a HD camcorder, thanks to researchers’ custom-coded, shadow-tracking recognition algorithm.
SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]
Chester Wisniewski and Paul Ducklin present this week’s edition of the regular Sophos security podcast, the “Chet Chat.” In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada’s long, long, long-awaited anti-spam law.
37% of Canadian Justice Department fail phishing awareness test
An in-house awareness test run late last year at Department of Justice Canada has revealed that a good percentage of its employees are for the most part fairly easy to trick with phishing scams. 
Cupid Media “breached Privacy act” after storing users’ passwords in plain text
The Australian Privacy Commissioner has ruled that Cupid Media Pty Ltd – of OKCupid dating site fame – breached the Privacy Act following a data breach which saw over 40 million customer records exposed.
hitchBOT – Privacy invading hitchhiking robot or fun social experiment?
Introducing hitchBOT, a science meets art project, getting ready to hitch 6158 km across Canada from Halifax to Victoria next month.
Carwash POS systems hacked, credit card data drained
Police in the US state of Massachusetts have busted what they say is a gang of thieves who were buying stolen credit cards and using them to buy gift cards that were then sometimes exhausted of their balance, washed clean of data and reloaded with more stolen credit card data.