Guess how many times "123456" was used as a password by users. If you answered "close to 2 million times," you win! Now guess which online dating site service has decided to encrypt customer records using salting and hashing in future.
Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"
Here you are...
Why shouldn't you store unencrypted credit card numbers? How can you squeeze a positive result from a password breach? What sort of pressure was on the cryptanalysts at Bletchley Park?
Find out the answers in just one minute!
Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.
Chet and Duck are here with their weekly roundup of news, opinion, advice and research.
Take a listen to our weekly 15-minute podcast on computer security - Chet Chat Episode 123.
November's Patch Tuesday includes updates not just from Microsoft, but Adobe and Google as well. Critical patches for Internet Explorer, Chrome and Adobe Flash Player lead the way this month.
Which pets make the best/worst passwords?
How many times did Google make the same coding blunder?
Find out this and more in our one-minute wrapup of the week's security lessons!
Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.
Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...
Adobe originally estimated that the breach affected around 2.9 million users. As it turns out the number is actually 38 million, with the information taken including Adobe IDs, encrypted passwords, customer names, encrypted debit and credit card numbers, expiry dates and customer order details.
The crooks who pilfered Adobe's source code are likely the same ones who went on to exploit Adobe ColdFusion code to breach the PR Newswire press release service.
Hopefully, the hackers are about as good at exploiting the code and opening a "gateway for new malware and exploits" as they are at protecting the code, which a security firm discovered on a server open to the internet.
Who's "Paunch"? What happens when you arrest him? How do you win $100k from Microsoft? Could there really be a backdoor in Adobe's code?
Find out the answers in this week's episode!
Adobe's Patch Tuesday fixes are out.
This is business as usual, promised long in advance and expected toay, so there isn't anything in it related to the company's recent network intrusion woes. (We hope!)
A wild ride this week, with Patch Tuesday turning 10, Adobe "going open source" by losing 40GB of code, and Silk Road operator Dread Pirate Roberts getting locked in the brig.
Chet and Duck turn their amusing but insightful attention to the latest security stories...
One of the researchers who came across Adobe's stolen source code online said that "this breach may have opened a gateway for a new generation of viruses, malware, and exploits."
Is he right?
Who was Dread Pirate Roberts, and where is he now? What happened in Adobe's latest network breach? What is "cryptographic chutzpah", and how do you show it?
Find out in the latest 60 Second Security...
Today, it's Adobe's turn to attend confession.
The multimedia giant has owned up to getting pwned, admitting that "attackers illegally entered our network."
But just how clear is its breach notification?
Make sense of vulnerability jargon by listening to this 15 minute podcast...
With recent updates from Microsoft (three times), Adobe, Oracle, Apple and Firefox, the timing could scarcely be better.
Naked Security reader Haemish Edgerton just gave us a very polite but effective scolding for neglecting to mention the Adobe fixes that came out on Tuesday.
Point taken, so here's a table of what Adobe updated, and how to see what versions you should now be on.