An extremely serious vulnerability lay undiscovered at the heart of much of The Cloud for seven years. The vulnerability (CVE-2015-7835), which affects the Xen hypervisor software used by Cloud hosting companies like Amazon Web Services, is so serious that it was widely patched under embargo before being disclosed on 29 October 2015. It was discovered by 栾尚聪 (好风) of Alibaba and affects Xen software from...

Anyone who is concerned about their privacy, or the potential impact of government surveillance on their lives, will be pleased to learn that The Onion Router (TOR) Project has released a new, easy-to-use, beta version of its Tor Messenger client. Based on Instantbird, a cross-platform instant messenger tool developed by the Mozilla community, it has been...

A few readers have contacted us to say that they got going OK with the latest #sophospuzzle… …but then they got stuck and didn’t really know how to continue. We gave a number of hints via the #sophospuzzle hashtag on Twitter, which helped a few of you over the line. But Twitter isn’t really the...

When I was a youngster in the ’80s, a talking toy bear called Teddy Ruxpin was all the rage. Teddy was no Ted, the foul-mouthed stuffed bear who comes to life in the raunchy 2012 film (and its sequel): Teddy Ruxpin couldn’t interact with you; he was more of a furry cassette tape player with animatronic eyes and...

Timing attacks are an interesting part of computer security. As an extreme example, imagine that your computer took one second to verify each character in your login password. And now imagine that it stopped checking at the first wrong character, for reasons of efficiency. You could quickly figure out the right password by timing how...

MIT has created a device that can discern where you are, who you are, and which hand you’re moving, from the opposite side of a building, through a wall, even though you’re invisible to the naked eye. Researchers at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) have long thought it could be possible to...

The more cyberthreats spiral, the more cybersecurity pros we need to fend them off. But a new study shows that there are a number of blockages keeping the talent pipeline from being filled. For one, young adults aren’t aware of job opportunities, though they’re generally interested. What’s more, schools aren’t preparing students for the jobs,...

There’s another data breach to report – and it’s a big one, affecting approximately 13 million customers of the “free” web hosting company 000Webhost. The breached data, which includes customer names, emails and plaintext passwords (in other words, the passwords weren’t securely stored), has reportedly been put up for sale on underground markets. What’s worse,...

Action Fraud and the City of London Police have launched a new initiative that aims to separate cybercrime and fraud facts from fiction. Dubbed “Urban Fraud Myths,” the thirteen day campaign kicked off with a look at online dating, a crime which swindled 3543 Brits out of £33.65 million ($51 million) in the last year. Perhaps...

According to the BBC, UK energy provider British Gas has just contacted 2200 customers to warn them that their passwords may have been exposed. Apparently, the email addresses and passwords of affected users showed up on popular data dumping site Pastebin. If the passwords were valid, crooks who downloaded the dumped password data would almost...