Beware bad passwords as attackers co-opt Linux servers into cybercrime

By: Paul Ducklin — June 21^st 2023 at 17:50

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

Naked Security

Thoughts on scheduled password changes (don’t call them rotations!)

By: Paul Ducklin — June 9^th 2023 at 16:58

Does swapping your password regularly make it a better password?

Naked Security

S3 Ep133: Apple takes “tight-lipped” to a whole new level

By: Paul Ducklin — May 4^th 2023 at 20:59

Entertaining, educational, and all in plain English 🎧📖

Naked Security

World Password Day: 2 + 2 = 4

By: Paul Ducklin — May 4^th 2023 at 13:12

We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!

Naked Security

Serious Security: Unravelling the LifeLock “hacked passwords” story

By: Paul Ducklin — January 17^th 2023 at 17:59

Four straight-talking tips to improve your online security, whether you're a LifeLock customer or not.

Naked Security

SIM swapper sent to prison for 2FA cryptocurrency heist of over $20m

By: Naked Security writer — December 6^th 2022 at 17:56

Guilty party got 18 months, also has to pay back $20m he probably hasn't got, which could land him in more hot water.

Naked Security

LastPass source code breach – incident response report released

By: Paul Ducklin — September 19^th 2022 at 16:59

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

Naked Security

LastPass source code breach – do we still recommend password managers?

By: Paul Ducklin — August 29^th 2022 at 16:59

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

Naked Security

Slack admits to leaking hashed passwords for five years

By: Paul Ducklin — August 8^th 2022 at 15:14

"When those invitations went out... somehow, your password hash went out with them."

Naked Security

Critical Samba bug could let anyone become Domain Admin – patch now!

By: Paul Ducklin — July 27^th 2022 at 21:15

It's a serious bug... but there's a fix for it, so you know exactly what to do!

Naked Security

World Password Day – the 1960s just called and gave you your passwords back

By: Paul Ducklin — May 5^th 2022 at 01:06

Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.

Naked Security

Phishing goes KISS: Don’t let plain and simple messages catch you out!

By: Paul Ducklin — April 25^th 2022 at 16:58

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

Naked Security

IoT devices must “protect consumers from cyberharm”, says UK government

By: Paul Ducklin — December 2^nd 2021 at 17:10

"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?

Naked Security

S3 Ep60: Exchange exploit, GoDaddy breach and cookies made public [Podcast]

By: Paul Ducklin — November 25^th 2021 at 12:38

Latest episode - listen now! Solid cybersecurity advice in plain English.

Naked Security

GoDaddy admits to password breach: check your Managed WordPress site!

By: Paul Ducklin — November 23^rd 2021 at 00:35

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

Naked Security

The self-driving smart suitcase… that the person behind you can hijack!

By: Paul Ducklin — November 16^th 2021 at 17:09

Apparently, we need a self-driving IoT Bluetooth robot suitcase. Who knew?