Cryptography

(get it in RSS or Atom)

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Heartbleed bust, Fingerprint fakery, WhatsApp privacy SNAFU - 60 Sec Security [VIDEO]

fb-60ss-250

What happens if you hack your local tax office? Can you trust the Samsung Galaxy S5's fingerprint security? Did WhatsApp finally get security right in its app?

Find out the answers in one entertaining minute of video - it's 60 Second Security!

Don't share your location with your friends on WhatsApp

wapp-loc-250

A group of budding security researchers at the University of New Haven in Connecticut recently taught themselves a handy lesson about the difference between *liking* WhatsApp and *trusting* it.

SSCC 143 - Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]

sscc-thumb-250

From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week.

Be entertained as you learn from the news, all in our regular quarter-hour podcast format.

WhatsApp, Facebook get a privacy finger wagged at them by FTC

WhatApp, Facebook get a privacy finger wagged at them by FTC

The Commission suggests that, post-mega-acquisition (which has been OKed), WhatsApp should get users' permission before changing data collection.

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]

2014-04-12-thumb-250

How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed" - would 2FA have helped?

2fa-250

Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"

Paul Ducklin takes a look...

"Heartbleed heartache" - should you REALLY change all your passwords right away?

hb-250

There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

Anatomy of a data leakage bug - the OpenSSL "heartbleed" buffer overflow

openssl-250

An information disclosure vulnerability has been found, and promptly patched, in OpenSSL.

Paul Ducklin takes a look at what went wrong in the code...

Is Amazon hacking our apps? Or doing us all a security favour?

aws-1-250

A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth.

It seems that Amazon is checking mobile apps for security risks, and heaping advice on developers who have wandered off the straight and narrow...

SSCC 141 - Adobe revisited, MS-DOS, Word, XP, Snapchat and backup [PODCAST]

sscc-141-thumb-250

Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....

Take a listen to the latest episode of our weekly quarter-hour podcast!

Dropbox says it isn't poking around in our stuff

Dropbox says it isn't poking around in our stuff

"We don’t look at the files in your private folders and are committed to keeping your stuff safe", the company said in the wake of an internet freakout sparked by a user finding himself unable to share copyrighted content. Time to relax, or time to consider encrypting your files before they get to Dropbox (or any other cloud storage)?

Bitcoin, Snapchat and XP as you've never heard them before - special coverage for April the First!

naksec-verse-250

Instead of doing an April Fool, we've gone for some April Fun.

We took three recent computer security stories, and turned them into poems!

NIST to review standard for cryptographic development - do we really care?

NIST to review standard for cryptographic development - do we really care?

Whether you use it to protect personal data, protect customer data or secure your communications, cryptography is an integral part of our digital world, but the announcement late in 2013 that NIST is reviewing its standards for cryptography seems to have gone largely unnoticed.

Bitcoin user loses $10K to typosquatters - tips to avoid opening your wallet to imposters

bc-logo-250

Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.

This week, it's a Bitcoin phish that relies on typosquatting.

Paul Ducklin offers some tips to keep you safe...

Google switches Gmail to HTTPS only

Google switches Gmail to HTTPS only

Google is now using an always-on HTTPS connection and encrypting all Gmail messages moving internally on its servers.

WhatsApp and privacy - will Facebook make things better, worse, or both?

wa-padlock-250

WhatsApp, the super-popular SMS replacement acquired by Facebook for $19 billion, continues to wrestle with a thorny problem.

How can it tame the public's attitude to its own attitude to privacy?

Security Essentials: What is PCI DSS?

pci-logo-250

Many of us know what PCI DSS stands for, but we haven't actually read through the standard.

John Shier was one of them - so he decided to put things to rights...

Where have all the Bitcoins gone?

bitcoins-250

The Bitcoin infrastructure isn't perfect - for example, it has a cryptographic problem known euphemistically as "transaction malleability."

But can this alone explain missing Bitcoins to the tune of $500,000,000?