Cryptography

(get it in RSS or Atom)

Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"

8dot1-250

The marquee vulnerablity fixed in iOS 8.1 is, as you might expect, POODLE.

But there are other cryptographic fixes in iOS 8.1 that are equally important...because cryptography is notoriously hard to get right first time.

FBI Director James Comey says Apple and Google go "too far" with default encryption

FBI Director James Comey says Apple and Google go "too far" with default encryption

FBI Director James Comey says Apple and Google go too far with default encryption settings on mobile devices, including the iPhone 6 and Nexus 6 running on Android 5.0 Lollipop.

Does the FBI really have a legal right to exploit encryption backdoors to pursue suspects?

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

60ss-video-250

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

Mummy, my schoolbooks are spying on me! 60 Sec Security [VIDEO]

60ss-video-250

Here's our latest 60 Second Security video for your viewing pleasure.

The wry side of the week's news, in just a minute...

BadUSB - now with Do-It-Yourself instructions

usb-tangle-250

Many fimware hacks are benign or even beneficial, like tweaking the ISO range on your digital camera or removing the bloatware from your mobile phone.

But what if even a humble USB flash drive could be turned into a delinquent diddler of your data, or a vindictive vector for viruses?

Home Depot breach totals: 56 million credit cards exposed, $62 million in losses

Home Depot data breach

Lots of people who speculated about the credit card data breach at the Home Depot turned out to be wrong.

But those who suggested that Home Depot's breach might end up bigger than Target's turned out to be spot on.

SSCC 164 - Spend Bitcoins using Apple Pay? *NOW* you've got me interested! [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat for your listening pleasure.

Our weekly computer security podcast with the News You Can Use...

SSCC 163 - So THAT'S why you can't erase Flash RAM properly [PODCAST]

chet-chat-logo-featured-250

Here's this week's Sophos Security Chet Chat.

Our regular security podcast that turns news into useful advice...

Using WPS on your Wi-Fi router may be even more dangerous than you think

wps-250

In 2011, a researcher found that WPS was 10,000 times easier to crack than it was supposed to be.

Now, another researcher has found that cracking it may be 10,000 times easier again...

We need to talk about email

Email

Today the people of the world will exchange about 250 *billion* messages using a system that has been shockingly insecure for decades: email.

That's why we need to talk about email...

The top 5 privacy failures - what's the most epic fail of all? [POLL]

Epic privacy fails

The list of culprits in our eroding privacy is long, but some privacy fails stand out above the rest. So we're calling out five privacy killers that deserve an extra level of shaming.

Take our poll, and help us crown the most epic privacy fail of all ...

Sophos Techknow - Firewalls Demystified [PODCAST]

techknow-logo-250-150

The word firewall has a lot more shades of meaning in 2014 than it did in 1994.

So...who better to help us to demystify the modern firewall than Sophos security expert Chester Wisniewski?

How Google plans to encrypt the web

Google HTTPS

This could be an inflection point for web security. By making HTTPS something that impacts search results Google are applying the stick to an enormous security push that's been all carrots up to now.

Android "FakeID" security hole causes a pre-BlackHat stir

Seems that a rogue Android app can get more privileges than it deserves simply by saying that someone trustworthy has vouched for it.

It's been dubbed the "FakeID" hole...

How anyone can hack your Instagram account

instagram-250

Should you write instructions that tell everyone how to hack Instagram accounts, including advice like "wait for someone to use the Instagram iOS app"?

This security researcher did, after he was denied a bug bounty for reporting the problem...

iSpy? Researcher exposes backdoor in iPhones and iPads

iphone. Image courtesy of st.djura/Shutterstock.

A "backdoor" that Apple built into iOS for developers can be used to spy on iPhones and iPads by governments, law enforcement, or cyber criminals, according to forensics researcher Jonathan Zdziarski.

SSCC 156 - Warbiking in Manhattan, hubris for Google, and how less can be more [PODCAST]

chet-chat-logo-featured-250

Sophos experts Chester Wisniewski and Paul Ducklin are back with this week's security podcast, turning plain old news into advice you can use.

LibreSSL ships first portable version, now up to 48% less huge!

LibreSSL, OpenBSD's drop-in replacement for OpenSSL started after the pain of Heartbleed, has just published its first "portable" version.

If you're a coder and you're interested in security, why not try it and see what you think?

SSCC 154: Fraud, viruses, patches and encryption (in that order!) [PODCAST]

chet-chat-logo-featured-250

Where does your country sit on the fraud list? Just how much can you trust SMSes on Android? Is Apple serious enough about iOS security? And will Google's End-To-End email encryption plugin save the world?

Find out with Chet and Duck in this week's Chet Chat podcast...