Information

A new law portends a future where (we hope) it will be easier for us all to repair, fix, upgrade, and just tinker with things we already own Want to secure, patch, upgrade, or modify tech you own? You may not be able to, if some manufacturers have anything to say about it. They view your use of their tech as a limited license, not ownership, and therefore strike back if you attempt to fix…

by Paul Ducklin THE CRYPTO CRISIS THAT WASN’T Click-and-drag on the soundwaves below to skip to any point. You can also listen directly on Soundcloud. With Doug Aamoth and Paul Ducklin Intro and outro music by Edith Mudge. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher and anywhere that good podcasts are found. Or just drop the URL of our RSS feed into your favourite podcatcher. READ THE TRANSCRIPT DOUG.  Call…

ESET researchers identified an active StrongPity campaign distributing a trojanized version of the Android Telegram app, presented as the Shagle app – a video-chat service that has no app version ESET researchers identified an active campaign that we have attributed to the StrongPity APT group. Active since November 2021, the campaign has distributed a malicious app through a website impersonating Shagle – a random-video-chat service that provides encrypted communications between strangers. Unlike the entirely web-based,…

Hybrid work and hybrid play now merge into hybrid living, but where is the line between the two? Is there one? That the COVID-19 pandemic brought a new normal to businesses, educational institutions, and our everyday lives is an understatement. Many interactions, whether work-related or personal, moved online or at least gained a virtual mirror. This virtual migration began alongside the pandemic when most people and businesses first turned to tried-and-tested communications solutions, such as…

Learning meets fun at the 2022 SANS Holiday Hack Challenge – strap yourself in for a crackerjack ride at the North Pole as I foil Grinchum’s foul plan and recover the five golden rings This is my first year participating in the SANS Holiday Hack Challenge and it was a blast. Through a series of 16 challenges ranging from easy to difficult, I practiced analyzing suspicious network traffic and PowerShell logs, writing Suricata rules, breaking…

by Paul Ducklin JWT is short for JSON Web Token, where JSON itself is short for JavaScript Object Notation. JSON is a modernish way of representing structured data; its format is a bit like XML, and can often be used instead, but without all the opening-and-closing angle brackets to get in the way of legibility. For example, data that might be recorded like this in XML… <?xml version=”1.0″ encoding=”UTF-8″?> <data> <name>Duck</name> <job> <employer>Sophos</employer> <role>NakSec</role> </job>…

by Paul Ducklin As far as we can tell, there are a whopping 2874 items in this month’s Patch Tuesday update list from Microsoft, based on the CSV download we just grabbed from Redmond’s Security Update Guide web page. (The website itself says 2283, but the CSV export contained 2875 lines, where the first line isn’t actually a data record but a list of the various field names for the rest of the lines in…