Featured

(get it in RSS or Atom)

Parents win against cloud storage of US students' private information

inBloom logo

Since inBloom's rollout, privacy and security experts and parents have been aghast at schools using the technology to suck up everything from students' tax ID numbers to intimate family details - and to then share the private information with software companies. The nonprofit gave up after states backed out, closing up shop on Monday.

SSCC 144 - iOS malware, fingerprint security, WhatsApp privacy, hacking the taxman [PODCAST]

sscc-144-thumb-250

How bad is the risk from iOS malware? What's the state of play in fingerprint security? Should you trust mobile apps? Is it wise to hack the taxman? What if Brian Krebs calls to warn you've been pwned?

Chet and Duck turn their wit and insight on the week's news...

Microsoft devours Nokia and charges ahead with Windows Phone 8.1

microsoft-nokia

Microsoft's multi-billion-dollar deal to acquire the devices arm of mobile phone maker Nokia is finally done, and smartphones under the name Microsoft Mobile will soon be rolling out of Nokia's former factories. But will Windows Phone 8.1 security features help Microsoft make inroads in the enterprise market?

Tokyo airport employee loses handwritten passcodes ahead of Obama visit

Tokyo airport employee loses handwritten passcodes ahead of Obama visit

An employee of Skymark Airlines at Tokyo's Haneda International Airport mislaid a printout containing key passcodes on Sunday, just days before President Obama's scheduled visit.

LibreSSL aims to prevent the next Heartbleed

LibreSSL aims to prevent the next Heartbleed

Heartbleed may have been patched but the security gurus at OpenBSD aren't satisfied. They've lost confidence in the OpenSSL team and decided there's only one course of action...

The SoHo router backdoor that was "fixed" by hiding it behind another backdoor

doors-250

How do you fix an "unauthenticated access" backdoor in your router firmware?

Why, you hide it behind another "unauthenticated access" backdoor, of course.

Two backdoors are obviously better than one!

PCI DSS - Why it fails

PCI DSS - Why it fails

John Shier takes a look at five ways he thinks the Payment Card Industry Data Security Standard (PCI DSS) fails to meet its goals.

PCI DSS - Why it works

PCI DSS - Why it works

John Shier takes a look at five ways he thinks the Payment Card Industry Data Security Standard (PCI DSS) works.

Apple pushes out critical security fixes for OS X, iOS and Apple TV

apple-upd-250

You still can't tell when you're going to get your next update from Apple, but serious security fixes do seem to be coming more frequently these days.

Like the latest round of patches, closing a raft of hackable holes in OS X, iOS and Apple TV...

Facebook's Sheryl Sandberg: targeted ads don't trample on privacy

Sheryl Sandberg

Facebook Bigwig Sheryl Sandberg wants us all to know that, targeted advertising or no, the Zuckerbergians are hovering over our private data like an anxious mother bird protecting her fluffy nestlings from voracious advertising raptors.

Teachers cyberbullied by students and their parents

Teachers cyberbullied by students and their parents

One in five UK teachers have been cyberbullied by students and/or their parents, according to a survey published by the teachers' union NASUWT.

Google refunds Android users who bought fake Virus Shield app

Google refunds Android users who bought fake Virus Shield app

Earlier this month a fake Android anti-virus app, named Virus Shield, managed to fool thousands of customers into buying it. Now Google is offering full refunds to anyone who bought Virus Shield long after the usual 15-minute refund window, and is also issuing a $5 Play Store credit.

Dutch student sells online soul at auction for €350

online-auction-250-SS_152212256

Shawn Buckles has sold bucket-loads of his online data in a Faustian bargain with the highest bidder, intended to prove a point about loss of privacy in the age of big data. But what about the privacy rights of everyone he's emailed in the past?

New iOS malware with a funky name: "Unflod Baby Panda"

panda-250

You may have heard mention, over the past few days, of some curiously-named new iOS malware.

You'll hear it called "Unflod", because of the name of the file in which it was found, as well as "Baby Panda."

Paul Ducklin goes on a Panda expedition...

Facial recognition - coming soon to a shopping mall near you

Facial recognition - coming soon to a shopping mall near you

Forget monitoring customers' smartphones. Technology giant NEC's Hong Kong branch is promoting a small, "easy to install" appliance which will enable businesses to monitor their customers based on facial recognition.

Monday review - the hot 21 stories of the week

dow-250

It's weekly roundup time!

Here's all the great stuff we've written in the past seven days.

Heartbleed bust, Fingerprint fakery, WhatsApp privacy SNAFU - 60 Sec Security [VIDEO]

fb-60ss-250

What happens if you hack your local tax office? Can you trust the Samsung Galaxy S5's fingerprint security? Did WhatsApp finally get security right in its app?

Find out the answers in one entertaining minute of video - it's 60 Second Security!

Don't share your location with your friends on WhatsApp

wapp-loc-250

A group of budding security researchers at the University of New Haven in Connecticut recently taught themselves a handy lesson about the difference between *liking* WhatsApp and *trusting* it.

PCI DSS - What's new in v3.0?

PCI DSS - What's new in v3.0?

If the PCI DSS applies to your business you should also know that the document has been updated. With nearly 100 changes, the current version has incremented one full revision and stands at v3.0. We focus on some of the changes and their impact.

Clicking 'Like' can cancel your right to sue a company

Clicking 'Like' can cancel your right to sue a company

General Mills might be the first company to rig its legal terms to ensure that interacting with it in just about any way online - downloading or printing a coupon, visiting its website, or getting its email newsletter - means you can't sue it.