Wouldn’t it be nice to know just how, exactly, the spy agency decides whether to silently exploit zero days for snooping purposes while leaving businesses and individuals in the dark with their bellies exposed? The EFF has filed a FOIA lawsuit to help find answers. 
Tag Archives: Vulnerability
Anatomy of a buffer overflow – Google’s “KeyStore” security module for Android
Here’s a cautionary tale about a bug, courtesy of IBM. Not that IBM had the bug, just to be clear: Google had the bug, and IBM researchers spotted it.
Apple ships updates, including Snow Leopard (ONLY KIDDING!)
Apple just published its latest round of updates for iOS, Apple TV, Safari and OS X, including dozens of security fixes. OS X Snow Leopard users…we’re afraid you missed out once again.
From the Labs: PlugX – the next generation
In this new paper from SophosLabs, Principal Researcher Gabor Szappanos takes a look into a new variation of the PlugX malware.
Flaw in PayPal’s two-factor authentication, but keep calm and carry on!
Security researchers in the USA have just disclosed a flaw in PayPal’s 2FA system. Paul Ducklin looks at the mistakes that PayPal made, and what’s been done to sort them out…
TimThumb plugin for WordPress – zero-day remote code execution hole disclosed, quickly fixed
WordPress sites with the TimThumb image thumbnailing plugin could be taken over by attackers. Paul Ducklin looks at what went wrong and explains how to fix the hole…
“Towelroot” app makes it easy to root Galaxy S5 and other locked Androids…
Galaxy S5 users will be cheering. System administrators are probably groaning. Paul Ducklin looks at an Android-era variant of Hamlet’s dilemma: “To root or not to root, that is the question.”
SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]
Chester Wisniewski and Paul Ducklin present this week’s edition of the regular Sophos security podcast, the “Chet Chat.” In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada’s long, long, long-awaited anti-spam law.
59 vulns in IE, teenager versus Turing, and Twitter gets wormed – 60 Sec Security [VIDEO]
Is 59 vulns in IE some kind of record? Did a computer really pass the Turing Test? Can a network worm ever be a joke? Find out in one minute!
SSCC 151 – Measuring vulns, Apple and Wi-Fi privacy, Android ransomware and more [PODCAST]
It’s our weekly security pocast! Chester Wisniewski and Paul Ducklin dig into the latest security news for lessons we can all learn…