The Bitcoin infrastructure isn't perfect - for example, it has a cryptographic problem known euphemistically as "transaction malleability."
But can this alone explain missing Bitcoins to the tune of $500,000,000?
A tiny but intriguing open source project entitled iCloudHacker attracted interest over the weekend.
It claims to "bypass Apple's theft protection" - and although that's streching the truth a bit, it has some lessons to teach us about encryption...
Which webmail service has the smartest users? And are they getting smarter over time?
Paul Ducklin tries to use the password data from the Forbes hack to find the answers...
What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.
Lavabit, a now-defunct private email service, has appealed against a contempt of court ruling centred around the company not handing over unencrypted data of one of its users - widely believed to be Edward Snowden.
A British man already in jail for terrorist activity was given another 4 months for refusing to give police the password to a memory stick that they couldn't crack. The convicted terrorist suddenly got his memory back when police said they were launching a new investigation into credit card fraud.
OpenSSL, the widely-used open source cryptographic library, had its website defaced.
Early stories may have told you that it was a "hypervisor hack," which sounds like serious trouble, but it wasn't...
Our weekly security podcast looks back at the big blunders of 2013 to find out what went wrong.
Let Chet and Duck help you plan for a safer and more secure 2014!
Can a bug ever be good? What's the prison sentence for DDoS criminality? How well does Snapchat protect your data? What's a Threatsaurus, and why do you want one?
Watch and find out!
Chet and Duck help you to learn from recent security news, both good and bad.
In this episode: the massive Target breach; Microsoft's and Apple's attitude to updates; and how to respond to Google's recent changes to image rendering for Gmail users.
Bugs in pseudorandom number generators are usually cause for concern, at least in cryptographic circles.
But this story is different.
It's the curious case of the OpenSSL randomness bug with a happy ending!
What prison sentence for the man who pioneered online carding? How many credit cards did Target lose? Does your encryption software "speak" to passers-by? How to keep your kids safe online over the holidays?
Find out in 60 seconds!
The White House on Wednesday released a 303-page report from a panel of presidential advisors who recommended that, among other things, the NSA's massive data trawling carry on, but that the data be kept in private hands for "queries and data mining" only by court order.
Cryptographers in Israel have taken aim at their laptops with microphones - and come up with some extraordinary results.
They were able to listen to their email software decrypting a sequence of messages, and to recover the RSA private key using the acoustic emanations...
How fast is fast enough for a patch? Should you trust the French Treasury? How many zeros launch a missile?
Watch 60 Sec Security and find out!
Microsoft says it's fast-tracking the encryption of consumer data and moving toward greater source-code transparency. It sounds good on paper, though there are those who question why Skype, for one, was left off the list and how in the world we can trust a for-profit software maker.
Turn bad news into good with "what you can do better" advice from Chet and Duck.
Learn from: an XP zero-day, a spate of Bitcoin "bank robberies," the outcome of a European user security survey, and yet another cryptographic blunder, this time from Drupal.
The Debian Linux security team recently pushed out a wry security advisory for popular web CMS Drupal.
In amongst the laundry list of fixes was a common modern malady - non-cryptographic random numbers used cryptographically...
Paul Ducklin looks why hackers are more than merely interested in online Bitcoin repositories - and why you need more than just a hunch about a repository's trustworthiness before you hand over your Bitcoin data.