Monthly Archives: November 2013
When is Computer Security Day? What can forward secrecy do for you? Can you believe there's an 0-day in XP?
Have some fun finding out the answers in this week's 60 Second Security!
The Debian Linux security team recently pushed out a wry security advisory for popular web CMS Drupal.
In amongst the laundry list of fixes was a common modern malady - non-cryptographic random numbers used cryptographically...
When it comes to electronic devices, bad things do happen. Components fail, power outages do occur, files can be accidentally deleted... oh and millions of dollars worth of Bitcoins can be chucked in the bin.
Microsoft has gone public to warn about a zero-day vulnerability in the Windows XP kernel.
Full details are still to be released, as it isn't patched yet, but here's what we know so far...
Google's recent decision to revamp YouTube's comment system by integrating Google+ in order to reduce spam has proven to be extremely unpopular with users. Ironically, however, it has proven to be quite a hit with the spammers themselves.
The risk of cyberattacks on SMBs has been examined in detail in a recent Sophos-sponsored report by the Ponemon Institute. The report - The Risk of an Uncertain Security Strategy - surveyed over 2,000 IT security managers within organisations employing up to 5,000 people.
15 months ago, we reported on a data breach at online entertainment company Blizzard. We were complimentary back then, not least because the company owned up within three days.
Blizzard's follow-up, however, hasn't been quite as swift or impressive...
According to a large-scale survey which questioned over 27,000 people across the European Union on their internet use, security attitudes and experiences, many are put off using online services by the potential dangers, but few are taking all the necessary steps to carry out their online business in safety.
Eric Schmidt said recently that encrypting everything can end government censorship in a decade. Activists battling China's Great Firewall say why wait, when we just did it in a fraction of the time?
US officials certainly don't like that he published top-secret documents, but they say that legally, he hasn't committed a crime - at least, not that they've determined so far. They've refrained from formally closing the grand jury investigation, though, so maybe they're holding out hope.
Paul Ducklin looks why hackers are more than merely interested in online Bitcoin repositories - and why you need more than just a hunch about a repository's trustworthiness before you hand over your Bitcoin data.
Chet and Duck dig into the good and bad of the week's news, from the amusing "Happy Hour Virus", through Twitter's implementation of forward secrecy, to LG's data-grabbing TVs and the company's unamusingly casual attitude...
Aaaaaaaaand they're OFF! Encrypted (unsalted? unhashed?!) passwords are out of the gate, heading into the first turn toward potential decryption by cybercrooks. Anybody care to place bets on how many of those passwords are reused on other sites?
A study by risk analysis firm BitSight reveals US financial companies are best protected from cyberattacks, followed by the energy and retail sectors, while tech firms are left trailing.
Activists have uploaded mirrored copies of blocked sites to cloud hosting services, challenging China to block major brands like Amazon and Google cloud hosting, or allow freer access to banned material. How long can the Great Firewall last?
Don't want the entire Facebook-using and -abusing population to see your friends list? You could set your friend list to private, but fat lot of good that will do, given a researcher's discovery that Facebook sucks out and displays our friends in "People You May Know" feeds, in spite of the setting.
The story of LG's "data stealing" TVs continues to twist and turn, with LG now on its third version of what happened, and why.
LG is sorry for the confusion caused by reports of problems, but not for the problems themselves - in fact, it doesn't seem to think they're a problem at all...
In case you missed anything last week, here's a roundup of everything we wrote in the last seven days.