Microsoft says it's fast-tracking the encryption of consumer data and moving toward greater source-code transparency. It sounds good on paper, though there are those who question why Skype, for one, was left off the list and how in the world we can trust a for-profit software maker.
Turn bad news into good with "what you can do better" advice from Chet and Duck.
Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.
The Debian Linux security team recently pushed out a wry security advisory for popular web CMS Drupal.
In amongst the laundry list of fixes was a common modern malady - non-cryptographic random numbers used cryptographically...
Paul Ducklin looks why hackers are more than merely interested in online Bitcoin repositories - and why you need more than just a hunch about a repository's trustworthiness before you hand over your Bitcoin data.
Chet and Duck dig into the good and bad of the week's news, from the amusing "Happy Hour Virus", through Twitter's implementation of forward secrecy, to LG's data-grabbing TVs and the company's unamusingly casual attitude...
Aaaaaaaaand they're OFF! Encrypted (unsalted? unhashed?!) passwords are out of the gate, heading into the first turn toward potential decryption by cybercrooks. Anybody care to place bets on how many of those passwords are reused on other sites?
Can you believe that a brand loyalty company would take two weeks to tell its loyal customers their data had been stolen? Oh, and that it wasn't encrypted, either?
What does this tell us about security? Find out in the latest episode of the Chet Chat...
Guess how many times "123456" was used as a password by users. If you answered "close to 2 million times," you win! Now guess which online dating site service has decided to encrypt customer records using salting and hashing in future.
Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"
Here you are...
Why shouldn't you store unencrypted credit card numbers? How can you squeeze a positive result from a password breach? What sort of pressure was on the cryptanalysts at Bletchley Park?
Find out the answers in just one minute!
Mavis Batey MBE, codebreaker extraordinaire at Bletchley Park during World War II, died this week at the age of 92.
Batey's big breakthrough against the Italian military's Enigma encryption machine gives us an fascinating insight into how cryptanalysts think.
You can't get out of cooperating with government-ordered electronic surveillance by shutting down, any more than a business can stop police from executing a search warrant by locking its front gate, the US government tutted at former encrypted-email provider Lavabit.
Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.
Chet and Duck are here with their weekly roundup of news, opinion, advice and research.
Take a listen to our weekly 15-minute podcast on computer security - Chet Chat Episode 123.
November's Patch Tuesday includes updates not just from Microsoft, but Adobe and Google as well. Critical patches for Internet Explorer, Chrome and Adobe Flash Player lead the way this month.
Potential remote code execution bugs in OpenSSH, probably the most widely-used remote access security system on the internet, are the stuff of nightmares for system administrators.
Paul Ducklin takes a look at the bug and the patch...
Which pets make the best/worst passwords?
How many times did Google make the same coding blunder?
Find out this and more in our one-minute wrapup of the week's security lessons!