SSCC 143 - Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]
From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week.
Be entertained as you learn from the news, all in our regular quarter-hour podcast format.
The Commission suggests that, post-mega-acquisition (which has been OKed), WhatsApp should get users' permission before changing data collection.
How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?
60 Second Security has the answers in a short, fun security video.
Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"
Paul Ducklin takes a look...
We'd like to urge any of you who are thinking of sending out "heartbleed" password reset emails: *please avoid those login links*.
Help us to help everyone get geared up to avoid phishing attacks.
There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.
Paul Ducklin explains...
An information disclosure vulnerability has been found, and promptly patched, in OpenSSL.
Paul Ducklin takes a look at what went wrong in the code...
A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth.
It seems that Amazon is checking mobile apps for security risks, and heaping advice on developers who have wandered off the straight and narrow...
Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....
Take a listen to the latest episode of our weekly quarter-hour podcast!
"We don’t look at the files in your private folders and are committed to keeping your stuff safe", the company said in the wake of an internet freakout sparked by a user finding himself unable to share copyrighted content. Time to relax, or time to consider encrypting your files before they get to Dropbox (or any other cloud storage)?
Whether you use it to protect personal data, protect customer data or secure your communications, cryptography is an integral part of our digital world, but the announcement late in 2013 that NIST is reviewing its standards for cryptography seems to have gone largely unnoticed.
Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.
This week, it's a Bitcoin phish that relies on typosquatting.
Paul Ducklin offers some tips to keep you safe...
Google is now using an always-on HTTPS connection and encrypting all Gmail messages moving internally on its servers.
WhatsApp, the super-popular SMS replacement acquired by Facebook for $19 billion, continues to wrestle with a thorny problem.
How can it tame the public's attitude to its own attitude to privacy?
Many of us know what PCI DSS stands for, but we haven't actually read through the standard.
John Shier was one of them - so he decided to put things to rights...
The Bitcoin infrastructure isn't perfect - for example, it has a cryptographic problem known euphemistically as "transaction malleability."
But can this alone explain missing Bitcoins to the tune of $500,000,000?
A tiny but intriguing open source project entitled iCloudHacker attracted interest over the weekend.
It claims to "bypass Apple's theft protection" - and although that's streching the truth a bit, it has some lessons to teach us about encryption...
Which webmail service has the smartest users? And are they getting smarter over time?
Paul Ducklin tries to use the password data from the Forbes hack to find the answers...
What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.