Cryptography

(get it in RSS or Atom)

SSCC 143 - Heartbleed revisited, cybercrooks busted, failed malware cleanup censured by FTC [PODCAST]

sscc-thumb-250

From the latest Heartbleed revelations to various successes by law enforcement, Sophos experts Chester Wisniewski and Paul Ducklin take you through the big computer security stories of the week.

Be entertained as you learn from the news, all in our regular quarter-hour podcast format.

WhatsApp, Facebook get a privacy finger wagged at them by FTC

WhatApp, Facebook get a privacy finger wagged at them by FTC

The Commission suggests that, post-mega-acquisition (which has been OKed), WhatsApp should get users' permission before changing data collection.

Heartbleed, Google Play and XP - 60 Sec Security [VIDEO]

2014-04-12-thumb-250

How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP?

60 Second Security has the answers in a short, fun security video.

"Heartbleed" - would 2FA have helped?

2fa-250

Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?"

Paul Ducklin takes a look...

"Heartbleed heartache" - should you REALLY change all your passwords right away?

hb-250

There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22.

Paul Ducklin explains...

Anatomy of a data leakage bug - the OpenSSL "heartbleed" buffer overflow

openssl-250

An information disclosure vulnerability has been found, and promptly patched, in OpenSSL.

Paul Ducklin takes a look at what went wrong in the code...

Is Amazon hacking our apps? Or doing us all a security favour?

aws-1-250

A war of words that started out as a fairly stinging criticism of Amazon has mellowed out into praise for the cloud services behemoth.

It seems that Amazon is checking mobile apps for security risks, and heaping advice on developers who have wandered off the straight and narrow...

SSCC 141 - Adobe revisited, MS-DOS, Word, XP, Snapchat and backup [PODCAST]

sscc-141-thumb-250

Chet and Duck get together once again to look at the week's news with their usual blend of humor, insight and informed intensity....

Take a listen to the latest episode of our weekly quarter-hour podcast!

Dropbox says it isn't poking around in our stuff

Dropbox says it isn't poking around in our stuff

"We don’t look at the files in your private folders and are committed to keeping your stuff safe", the company said in the wake of an internet freakout sparked by a user finding himself unable to share copyrighted content. Time to relax, or time to consider encrypting your files before they get to Dropbox (or any other cloud storage)?

Bitcoin, Snapchat and XP as you've never heard them before - special coverage for April the First!

naksec-verse-250

Instead of doing an April Fool, we've gone for some April Fun.

We took three recent computer security stories, and turned them into poems!

NIST to review standard for cryptographic development - do we really care?

NIST to review standard for cryptographic development - do we really care?

Whether you use it to protect personal data, protect customer data or secure your communications, cryptography is an integral part of our digital world, but the announcement late in 2013 that NIST is reviewing its standards for cryptography seems to have gone largely unnoticed.

Bitcoin user loses $10K to typosquatters - tips to avoid opening your wallet to imposters

bc-logo-250

Last week, SophosLabs alerted us to a Bitcoin phish orchestrated by email.

This week, it's a Bitcoin phish that relies on typosquatting.

Paul Ducklin offers some tips to keep you safe...

Google switches Gmail to HTTPS only

Google switches Gmail to HTTPS only

Google is now using an always-on HTTPS connection and encrypting all Gmail messages moving internally on its servers.

WhatsApp and privacy - will Facebook make things better, worse, or both?

wa-padlock-250

WhatsApp, the super-popular SMS replacement acquired by Facebook for $19 billion, continues to wrestle with a thorny problem.

How can it tame the public's attitude to its own attitude to privacy?

Security Essentials: What is PCI DSS?

pci-logo-250

Many of us know what PCI DSS stands for, but we haven't actually read through the standard.

John Shier was one of them - so he decided to put things to rights...

Where have all the Bitcoins gone?

bitcoins-250

The Bitcoin infrastructure isn't perfect - for example, it has a cryptographic problem known euphemistically as "transaction malleability."

But can this alone explain missing Bitcoins to the tune of $500,000,000?

Anatomy of an Apple theft protection bypass - and how to avoid it

icloud-kdb-250

A tiny but intriguing open source project entitled iCloudHacker attracted interest over the weekend.

It claims to "bypass Apple's theft protection" - and although that's streching the truth a bit, it has some lessons to teach us about encryption...

Forbes Hack password shootout: Gmail vs Yahoo vs Hotmail vs AOL - whose users are the smartest?

pl-250

Which webmail service has the smartest users? And are they getting smarter over time?

Paul Ducklin tries to use the password data from the Forbes hack to find the answers...

The power of two - All you need to know about two-factor authentication

2FA

What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.