What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Vulnerability

S3 Ep149: How many cryptographers does it take to change a light bulb?

by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more

S3 Ep146: Tell us about that breach! (If you want to.)

by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more

S3 Ep145: Bugs With Impressive Names!

by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and . . . Read more

Zenbleed: How the quest for CPU performance could put your passwords at risk

by Paul Ducklin Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can’t use a bleed-style bug for a precision attack, . . . Read more

Apple ships that recent “Rapid Response” spyware patch to everyone, fixes a second zero-day

by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: . . . Read more