Want to know more about this topic or about us? Contact us!
by Paul Ducklin HOW MANY CRYPTOGRAPHERS? No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more
by Paul Ducklin A trio of researchers split between Italy and the UK have recently published a paper about cryptographic insecurities they found in a widely-known smart light bulb. The researchers seem to have chosen their target device, the TP-Link Tapo L530E, on the basis that it is “currently [the] . . . Read more
by Paul Ducklin The August 2023 Microsoft security updates are out (the first day of the month was a Tuesday, making this month’s Patch Tuesday as early as ever it can be), with 74 CVE-numbered bugs fixed. Intriguingly, if not confusingly, Microsoft’s offical bug listing page is topped by two . . . Read more
by Paul Ducklin WEIRD BUT TRUE No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify and anywhere that good podcasts are found. Or just drop the . . . Read more
by Paul Ducklin Another week, another BWAIN! As you’ll know if you listened to last week’s podcast (hint, hint!), BWAIN is short for Bug With An Impressive Name: It’s a nickname we apply when the finders of a new cybersecurity attack get so excited about their discovery that they give . . . Read more
by Paul Ducklin The latest full new version of Firefox is out, marking the first of two “monthly” upgrades you’ll see this month. Just as there will be a blue moon in August 2023 (that’s the name applied to a second full moon in the same calendar month, rather than . . . Read more
by Paul Ducklin ONE WEEK, TWO BWAINS Apple patches two zero-days, one for a second time. How a 30-year-old cryptosystem got cracked. All your secret are belong to Zenbleed. Remembering those dodgy PC/Mac ads. No audio player below? Listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin. Intro and . . . Read more
by Paul Ducklin Remember Heartbleed? That was the bug, back in 2014, that introduced the suffix -bleed for vulnerabilities that leak data in a haphazard way that neither the attacker nor the victim can reliably control. In other words, a crook can’t use a bleed-style bug for a precision attack, . . . Read more
by Paul Ducklin Two weeks ago, we urged Apple users with recent hardware to grab the company’s second-ever Rapid Response patch. As we pointed out at the time, this was an emergency bug fix to block off a web-browsing security hole that had apparently been used in real-world spyware attacks: . . . Read more
by Paul Ducklin If you’d been quietly chasing down cryptographic bugs in a proprietary police radio system since 2021, but you’d had to wait until the second half of 2023 to go public with your research, how would you deal with the reveal? You’d probably do what researchers at boutique . . . Read more