Stories by Liam Tung

Confirmed: hackers can use Heartbleed to steal private SSL keys

By Liam Tung | 14 April, 2014 08:23

Researchers have proven the Heartbleed OpenSSL bug can be used to extract private keys from a vulnerable web server, giving affected services concrete evidence they do need to revoke and reissue private SSL certificates.

Microsoft confirms HTTP Strict Transport Security for IE 12

By Liam Tung | 07 April, 2014 08:22

Microsoft’s next major release of Internet Explorer (IE) will support an internet standard that allows web servers to force browsers to make a secured connection when the site supports encryption.

Turkey’s ISPs hijack Google’s DNS service, killing bypass for Twitter, YouTube ban

By Liam Tung | 31 March, 2014 08:28 | 3 Comments

Several ISPs in Turkey are hijacking traffic to a Google service that until Saturday offered locals a way around the government’s blockade on Twitter and YouTube.

Huawei hacked three years before NBN ban

By Liam Tung | 24 March, 2014 11:19 | 1 Comment

Three years before Australia banned Huawei from bidding for the National Broadband Network (NBN), the US National Security Agency (NSA) burrowed into the company’s networks to steal email and product source code, according to reports published on Saturday.

NATO sites hammered in Crimea ballot cyber protests

By Liam Tung | 17 March, 2014 09:38

Pro-Russian hacktivists claimed credit for attacks on several NATO websites on the eve of Sunday's controversial referendum in Crimea to determine whether the territory secedes from Ukraine.

When leaks can kill: abortion provider fined £200k over hacked website

By Liam Tung | 10 March, 2014 11:59

The UK’s data protection watchdog has fined an abortion provider £200,000 for not securing a website that hosted data that, if exposed, could have led to its clients being harmed or killed.

Samsung and Microsoft team up to on BYOD Android authentication

By Liam Tung | 03 March, 2014 09:52

Samsung and Microsoft have tied up a deal around Knox and Windows Server 2012 R2 that should make it easier to put Galaxy Android BYOD devices on the corporate network.

Researchers dig up medical reports, porn from used Aussie hard drives on eBay

By Liam Tung | 24 February, 2014 10:25

A study of second hand hard drives in Australia has found 28 percent of them contained private information, including medical records, client correspondence and porn.

Google buys Israeli token and password killer Slicklogin

By Liam Tung | 17 February, 2014 09:07

Google has acquired Slicklogin, an Israeli authentication startup that uses location and a sound challenge to verify an identity at login.

Barclays investigates lost customer files sold to rogue traders

By Liam Tung | 10 February, 2014 09:03

Barclays Bank has launched an investigation after confirming a report that sensitive files on thousands of customers was stolen and sold as leads.

Google introduces Chrome 'factory reset' pop-ups to tackle extensions hijacks

By Liam Tung | 04 February, 2014 11:19

Google is stepping up its fight against malicious Chrome extensions with obvious prompts for Windows users whose browser settings appear to have been hijacked.

Malware infects users through trusted Chrome extensions

By Liam Tung | 20 January, 2014 11:56 | 2 Comments

Shady online marketers have a new trick up their sleeve: buying trusted Chrome browser extensions with a large installed-base and exploiting their auto-update status to push out adware.

Syrian Electronic Army strikes Microsoft blog, Twitter accounts

By Liam Tung | 13 January, 2014 11:44

The Syrian Electronic Army added to its Microsoft trophies over the weekend, hijacking two Microsoft Twitter accounts and defacing one of its blogs—and more attacks could be in store.

Two Googlers, Mozilla’s privacy chief and others boycott RSA 2014 in NSA-backdoor protest

By Liam Tung | 08 January, 2014 11:27

Eight security experts scheduled to speak at the RSA US conference next month have now dropped out in response to claims RSA was paid to use a flawed NSA formula in its Bsafe product.

Shareholder sues IBM for hiding Snowden slowdown in China

By Liam Tung | 16 December, 2013 10:30

An IBM shareholder has sued Big Blue over claims it hid the impact of the National Security Agency’s surveillance program PRISM on its sales in China.

CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Audit Management Solutions

Manage the complete audit lifecycle from audit universe identification and risk assessment to management/board reporting and quality assurance.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.