Latest Articles

Heartbleed jabs its first victims: UK parents' site Mumsnet, Canadian tax agency

Heartbleed jabs its first victims: UK parents' site Mumsnet, Canadian tax agency

Two high-profile organisations, the UK parenting site Mumsnet and the Canada Revenue Agency, are the first known victims of the Heartbleed OpenSSL vulnerability to experience data breaches.

Notorious troll and hacker Weev has conviction overturned

Weev conviction overturned, CFAA left to wobble along

The courts have overturned Weev's conviction without having to deal with the sticky subject of the Computer Fraud and Abuse Act. They did it on grounds that surprised nobody: namely, venue.

Obama leaves loophole open for NSA to exploit zero-day vulnerabilities

Obama leaves loophole open for NSA to exploit zero-day vulnerabilities

No, the US White House didn't know about Heartbleed and didn't exploit the OpenSSL bug to snoop, it said, but it's reserving the prerogative to use zero-day exploits as a wedge to pry out intelligence if it serves national security interests.

Please vote for Sophos Naked Security in the European Security Blogger Awards 2014 !

vns-250

The second annual European Security Blogger Awards are coming up soon, and we're up for a prize in two categories.

We'd love you to vote for us!

(This time you don't have to vote in every category.)

Zeus malware - nine charged with conspiracy to steal millions of dollars

US charges 9 with stealing millions of dollars with Zeus malware

The US Department of Justice (DOJ) has charged nine individuals over their alleged involvement in a criminal organisation that stole millions of dollars from victims' bank accounts.

Facebook wages war on Like-baiting and spammy posts

Facebook wages war on Like-baiting and spammy posts

It's a full frontal assault on cute kittens and the Pages that pimp them out for Likes. Facebook's tweaked its algorithms to try to scrape off the clingy, whiny, needy stories published by Pages that deliberately try to game Facebook's News Feed to get more distribution than they normally would.

WhatsApp, Facebook get a privacy finger wagged at them by FTC

WhatApp, Facebook get a privacy finger wagged at them by FTC

The Commission suggests that, post-mega-acquisition (which has been OKed), WhatsApp should get users' permission before changing data collection.

Monday review - the hot 20 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]

2014-04-12-thumb-250

How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed" - would 2FA have helped?

2fa-250

Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"

Paul Ducklin takes a look...

$50 million Carder.su thief pleads guilty

$50 million Carder.su thief pleads guilty

Cameron Harrison of Georgia, US, was part of a large credit card fraud gang associated with the Carder.su website, believed to be responsible for around $50 million in losses around the globe.

In-flight WiFi providers go above and beyond to help feds spy on us

In-flight WiFi providers go above and beyond to help feds spy on us

Documents have come to light in which Gogo brags about how it not only complies with a federal law for compliance with law enforcement; it actually goes above and beyond requirements to give law enforcement extra special surveillance sauce, it says. And it's not the only one...

SSCC 142 - Heartbleed explained, Patches assessed, Apple chastised [PODCAST]

sscc-142-250

Chet and Duck explain what you can do about the big ticket security news items of the past week.

The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.

Proposed law seeks to make retailers financially responsible for data breaches

Money. Image courtesy of Shutterstock.

Fallout from the epic Target data breach continues, as state lawmakers seek to hold retailers liable for financial damages caused by breaches spawned by their businesses, rather than financial institutions who issue credit and payment cards.

"Heartbleed heartache" - should you REALLY change all your passwords right away?

hb-250

There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

Facebook will show more on-screen privacy setting explanations

Facebook will show more on-screen privacy setting explanations

Facebook admitted that users are confused about privacy. Between a blue privacy dinosaur who's already popping up to remind us to check privacy settings and upcoming on-screen explanations of who's seeing what when we share, we'll all be a bit less muddled.

"David vs Goliath & Godzilla" - Hollywood files lawsuit against Megaupload

Cinema. Image courtesy of Shutterstock.

The Kim Dotcom/Megaupload mega-saga continues, with six mammoth movie studios filing suit against what they say is the former file-sharing site's mega-monster-mind-numbingly-massive copyright infringement.

Google takes down fake anti-virus app that duped 10,000 users on Play Store

virus-shield-250

The Virus Shield app cost $3.99 and claimed to be a scanner that protected Android devices from viruses, while promising to never annoy users with pop-up ads found on many free apps.

Too bad for the 10,000 people who paid for it - Virus Shield was a fake.

Facebook data scraped, people profiled as "jerks" and scammed by Jerk.com, FTC says

Jerk. Image courtesy of Shutterstock.

Jerk.com allegedly scraped content from people's Facebook listings, put it up on its site, invited the world to throw rotten fruit at by clicking on a "jerk" or "not a jerk" button, and then had the outrageously uber-jerky jerkiness to charge people $30 to be able to (supposedly but not really) dispute.