Cryptography

(get it in RSS or Atom)

Home Depot breach totals: 56 million credit cards exposed, $62 million in losses

Home Depot data breach

Lots of people who speculated about the credit card data breach at the Home Depot turned out to be wrong.

But those who suggested that Home Depot's breach might end up bigger than Target's turned out to be spot on.

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

SSCC 163 - So THAT'S why you can't erase Flash RAM properly [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat.

Our regular security podcast that turns news into useful advice...

Using WPS on your Wi-Fi router may be even more dangerous than you think

wps-250

In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be.

Now, another researcher has found that cracking it may be 10,000 times easier again...

We need to talk about email

Email

Today the people of the world will exchange about 250 *billion* messages using a system that has been shockingly insecure for decades: email.

That's why we need to talk about email...

The top 5 privacy failures - what's the most epic fail of all? [POLL]

Epic privacy fails

The list of culprits in our eroding privacy is long, but some privacy fails stand out above the rest. So we're calling out five privacy killers that deserve an extra level of shaming.

Take our poll, and help us crown the most epic privacy fail of all ...

Sophos Techknow - Firewalls Demystified [PODCAST]

techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

How Google plans to encrypt the web

Google HTTPS

This could be an inflection point for web security. By making HTTPS something that impacts search results Google are applying the stick to an enormous security push that's been all carrots up to now.

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

How anyone can hack your Instagram account

instagram-250

Should you write instructions that tell everyone how to hack Instagram accounts, including advice like "wait for someone to use the Instagram iOS app"?

This security researcher did, after he was denied a bug bounty for reporting the problem...

iSpy? Researcher exposes backdoor in iPhones and iPads

iphone. Image courtesy of st.djura/Shutterstock.

A "backdoor" that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals, according to forensics researcher Jonathan Zdziarski.

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

LibreSSL ships first portable version, now up to 48% less huge!

LibreSSL, OpenBSD's drop-in replacement for OpenSSL started after the pain of Heartbleed, has just published its first "portable" version.

If you're a coder and you're interested in security, why not try it and see what you think?

SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]

chet-chat-logo-featured-250

Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google's End-To-End email encryption plugin save the world?

Find out with Chet and Duck in this week's Chet Chat podcast...

Coinbase wallet app in SSL/TLS SNAFU

Bitcoin digital wallet

The popular Bitcoin wallet Coinbase has a security flaw in its Android apps which could allow an attacker to steal authentication codes and access users' accounts, according to a security researcher.

Coinbase is far from alone in leaving its wallet app users vulnerable, so what should you do to stay safe when using mobile banking apps?

Google looks to make OpenPGP easier for Gmail users

Google switches Gmail to HTTPS only

In early June Google announced a new project designed to create a Chrome plugin to allow end-to-end encryption of web-based emails using OpenPGP. We take a look at its current state and explain how it works.

Flaw in PayPal’s two-factor authentication, but keep calm and carry on!

Security researchers in the USA have just disclosed a flaw in PayPal's 2FA system.

Paul Ducklin looks at the mistakes that PayPal made, and what's been done to sort them out...

SSCC 153: TrueCrypt, Towelroot, Cryptowall, and spam in Canada [PODCAST]

chet-chat-logo-featured-250

Chester Wisniewski and Paul Ducklin present this week's edition of the regular Sophos security podcast, the "Chet Chat."

In this episode: the TrueCrypt saga continues; the Towelroot software for unlocking Androids; ransomware after CryptoLocker; and Canada's long, long, long-awaited anti-spam law.

New York City makes a hash of taxi driver data disclosure

What do you do in your spare time if you're a self-confessed "urbanist, data junkie and civic hacker," like New York resident Chris Whong?

Use Freedom of Information Laws to find out more about NYC's taxi movements, of course...

BoringSSL wants to kill the excitement that led to Heartbleed

Bored girl

Some things just aren't meant to be exciting. In fact some things are supposed to be so far from novelty, surprise and frivolity that any whiff of excitement at all is a bad sign indeed. Introducing Boring SSL...