Duqu, Son of Stuxnet, has arrived
The team behind Stuxnet, the complex malware used to attack Iran's nuclear program earlier this year, has produced another worm, dubbed "Duqu" by McAfee Labs.
Stilgherrian | 19 Oct | Read more
Stories by Stilgherrian
Android, the simmering security shemozzle
Even apart from the serious security flaw in HTC Sense and malware that talks to an encrypted blog, to name just two recent issues, a consensus seems to be emerging. Android has serious security problems.
Stilgherrian | 14 Oct | Read more
Aussie "family" social network fails security basics
A new Australian private social network designed to keep families "safe and connected online" has failed secure web programming 101.
Stilgherrian | 11 Oct | Read more
Global time zone database closed following legal threat
The tz database, the key source of time zone information for most the computing world, has been shut down following allegations of copyright infringement.
Stilgherrian | 07 Oct | Read more
Flash Player 11: Adobe's great security hope
Flash Player 11 should fix plenty of security holes, just like Adobe Reader X did a year ago. But Adobe's products will continue to be a target as long as people insist on running obsolete software.
Stilgherrian | 04 Oct | Read more
Yet another free pass for Aussie spooks
Something doesn't add up. ASIO is doing pretty well. So are our police. Australians sleep safer in their beds than ever before. Yet the government is rushing to pass new laws to "protect" us so fast they're even forgetting the widgets that make them work.
Stilgherrian | 15 Sep | Read more
Infosec's mega marketing misalignment mishap
Talk about disconnect! Analysts, security engineers and other infosec geeks aim for Swiss-watch precision, because one little mistake means the bad guys win. We want people to take this seriously, right? So why do certain marketing and PR departments spread a load of what my father, a man more polite than me, would have called "bulldust"?
Stilgherrian | 13 Sep | Read more
MD5 password hashes are dead
MD5 hashes, still a common method for securing login passwords, are no longer an adequate defence against hackers, according to Kaspersky Lab analyst Evgeny (Eugene) Aseev.
Stilgherrian | 09 Sep | Read more
Kaspersky sets sights on corporate market
Kaspersky Lab plans a significant push into the enterprise security market with its new Endpoint Security 8.0 and Security Center 9.0 products for Windows, according to senior executives addressing partners and media at a preview event in Kuala Lumpur today.
Stilgherrian | 08 Sep | Read more
Rogue Google certificate used by 300,000 Iranian IPs
Iranian internet users whose security may have been compromised by the forged Google.com digital certificate could number in the hundreds of thousands. An interim report (PDF) commissioned by DigiNotar, the certification authority (CA) at the centre of the hacking incident, also reveals lax security at the Dutch firm.
Stilgherrian | 06 Sep | Read more
AVG 2012: your local pub bouncer made digital
As AVG Ambassador Tony Anscombe explained the rational behind some of the new features in AVG Internet Security 2012, released today, I couldn't help but think of the bouncer at one of my favourite local pubs.
Stilgherrian | 01 Sep | Read more
Online health records at risk from malware
AusCERT general manager Graham Ingram has questioned the wisdom of Australia's National E-Health Strategy plans to make medical records available online, pointing to the difficulty of securing end-users' computers.
Stilgherrian | 25 Aug | Read more
Has Facebook killed the undercover cop?
Face-recognition technology and the near-universal adoption of social networking tools by teenagers could have already made future covert police and intelligence operations difficult, if not impossible, according former Australian Federal Police commissioner Mick Keelty.
Stilgherrian | 25 Aug | Read more
Shady RAT's risk of exaggerated claims
McAfee's talking-up of the threats represented by Operation Shady RAT supports a convenient narrative, but how much do we accurately know about the unidentified enemy or enemies? Not a lot, I'd wager.
Stilgherrian | 24 Aug | Read more
Inquiry picks holes in government Cybercrime Bill
A parliamentary inquiry has highlighted serious concerns with the government's Cybercrime Legislation Amendment Bill 2011, which is intended to allow Australia to accede to the Council of Europe Convention on Cybercrime.
Stilgherrian | 19 Aug | Read more