Two high-profile organisations, the UK parenting site Mumsnet and the Canada Revenue Agency, are the first known victims of the Heartbleed OpenSSL vulnerability to experience data breaches.
The courts have overturned Weev's conviction without having to deal with the sticky subject of the Computer Fraud and Abuse Act. They did it on grounds that surprised nobody: namely, venue.
No, the US White House didn't know about Heartbleed and didn't exploit the OpenSSL bug to snoop, it said, but it's reserving the prerogative to use zero-day exploits as a wedge to pry out intelligence if it serves national security interests.
The second annual European Security Blogger Awards are coming up soon, and we're up for a prize in two categories.
We'd love you to vote for us!
(This time you don't have to vote in every category.)
The US Department of Justice (DOJ) has charged nine individuals over their alleged involvement in a criminal organisation that stole millions of dollars from victims' bank accounts.
It's a full frontal assault on cute kittens and the Pages that pimp them out for Likes. Facebook's tweaked its algorithms to try to scrape off the clingy, whiny, needy stories published by Pages that deliberately try to game Facebook's News Feed to get more distribution than they normally would.
The Commission suggests that, post-mega-acquisition (which has been OKed), WhatsApp should get users' permission before changing data collection.
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?
60 Second Security has the answers in a short, fun security video.
Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"
Paul Ducklin takes a look...
Cameron Harrison of Georgia, US, was part of a large credit card fraud gang associated with the Carder.su website, believed to be responsible for around $50 million in losses around the globe.
Documents have come to light in which Gogo brags about how it not only complies with a federal law for compliance with law enforcement; it actually goes above and beyond requirements to give law enforcement extra special surveillance sauce, it says. And it's not the only one...
Chet and Duck explain what you can do about the big ticket security news items of the past week.
The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude to updates and support all come under the microscope.
We'd like to urge any of you who are thinking of sending out "heartbleed" password reset emails: *please avoid those login links*.
Help us to help everyone get geared up to avoid phishing attacks.
Fallout from the epic Target data breach continues, as state lawmakers seek to hold retailers liable for financial damages caused by breaches spawned by their businesses, rather than financial institutions who issue credit and payment cards.
There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.
Paul Ducklin explains...
Facebook admitted that users are confused about privacy. Between a blue privacy dinosaur who's already popping up to remind us to check privacy settings and upcoming on-screen explanations of who's seeing what when we share, we'll all be a bit less muddled.
The Kim Dotcom/Megaupload mega-saga continues, with six mammoth movie studios filing suit against what they say is the former file-sharing site's mega-monster-mind-numbingly-massive copyright infringement.
The Virus Shield app cost $3.99 and claimed to be a scanner that protected Android devices from viruses, while promising to never annoy users with pop-up ads found on many free apps.
Too bad for the 10,000 people who paid for it - Virus Shield was a fake.