Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it. It’s been dubbed the “FakeID” hole…
Tag Archives: Cryptography
How anyone can hack your Instagram account
Should you write instructions that tell everyone how to hack Instagram accounts, including advice like “wait for someone to use the Instagram iOS app”? Have your say in our poll…
iSpy? Researcher exposes backdoor in iPhones and iPads
A “backdoor” that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals, according to forensics researcher Jonathan Zdziarski.
SSCC 156 – Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]
Sophos experts Chester Wisniewski and Paul Ducklin are back with this week’s security podcast, turning plain old news into advice you can use.
LibreSSL ships first portable version, now up to 48% less huge!
LibreSSL, OpenBSD’s drop-in replacement for OpenSSL started after the pain of Heartbleed, has just published its first “portable” version. If you’re a coder and you’re interested in security, why not try it and see what you think?
SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]
Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google’s End-To-End email encryption plugin save the world? Find out with Chet and Duck in this week’s Chet Chat podcast…
Coinbase wallet app in SSL/TLS SNAFU, joins the insecure mobile banking club
The popular Bitcoin wallet Coinbase has a crucial security flaw in its Android apps which could allow an attacker to steal authentication codes and access users’ accounts, according to a security researcher. Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?
Google looks to make OpenPGP easier for Gmail users
In early June Google announced a new project designed to create a Chrome plugin to allow end-to-end encryption of web-based emails using OpenPGP. We take a look at its current state and explain how it works.
Flaw in PayPal’s two-factor authentication, but keep calm and carry on!
Security researchers in the USA have just disclosed a flaw in PayPal’s 2FA system. Paul Ducklin looks at the mistakes that PayPal made, and what’s been done to sort them out…
SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]
Chester Wisniewski and Paul Ducklin present this week’s edition of the regular Sophos security podcast, the “Chet Chat.” In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada’s long, long, long-awaited anti-spam law.