(get it in RSS or Atom)

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

Is it thumbs up to Barclays bank's finger-vein-reading authentication?

Is it thumbs up to Barclays' finger-vein-reading authentication?

Barclays Bank has announced plans to introduce biometric authentication based on vein patterns in fingers for its UK business customers, which could signal a major shift in how we access online banking systems.

LibreSSL, Linux Foundation, Play Store refunds and Viber shabbiness - 60 Sec Security [VIDEO]


How do you recover from Heartbleed? Can you get your money back from Google? And just how safe is the Viber instant messaging app?

Find out in 60 Second Security...

8 charged in AT&T ID theft fraud case, including outsourced contractor

8 charged in AT&T ID theft fraud case

"Authorized users" were added to customers' bank accounts, allowing the alleged fraudsters to request new cards in their names to make purchases and withdraw cash. As with other recent cases, the weak link was supposedly working for AT&T in an outsourced job function.

Google acquires sound authentication start-up SlickLogin


Just five months after the company's launch, SlickLogin has announced its acquisition by Google. The Israeli security start-up has developed a method of authenticating your smartphone using an inaudible sound wave transmitted from your computer.

The power of two - All you need to know about two-factor authentication


What can we do to protect ourselves from stolen password databases, phishing attacks, keyloggers or credit card skimmers installed in our local ATMs? We can start with two-factor authentication. This article tells you what it is, how it works and where you can use it.

Microsoft joins tech giants and FIDO in the fight for simpler, safer authentication

Microsoft joins tech giants and FIDO in the fight for simpler, safer authentication

Microsoft joins Google, PayPal, Lenovo and other tech giants as a member of the FIDO (Fast IDentity Online) Alliance, a non-profit group working to design better and more standardised methods of checking identity across the internet.

D-Link patches "Joel's Backdoor" security hole in its SoHo routers


About six weeks ago we wrote about an amusingly alarming security hole in various D-Link routers.

D-Link has now come out with a firmware fix - don't forget to update if you're on the affected list...

Apple's iOS 7.0.4 fixes a "too easy to buy stuff" security flaw


Apple pushed out iOS 7.0.4 last week, the fourth patch in two months.

Is iOS getting buggier, or is Apple simply publishing security fixes more promptly?

Biostamps - freedom from password tyranny, or Hollywood science?

Biostamps - freedom from password tyranny, or Hollywood science?

Last week Motorola execs showed off experimental biostamps - digital "tattoos" capable of authenticating you to your phone. Could this be the ultimate solution to the problem of authentication and passwords, or is it just a sci-fi pipe dream?

Anatomy of an exploit - Linksys router remote password change hole


A security researcher from California has published a how-to guide detailing a number of exploits against various Linksys routers.

Paul Ducklin looks at the ominous sounding "EA2700 Password Change Insufficient Authentication and CSRF Vulnerability"...

Apple introduces two-factor verification for Apple IDs


After celebrity Web 2.0 journalist Mat Honan had all his iDevices remote-wiped by a cybercrook last year, Apple's login security has been under scrutiny.

Good news! Apple has finally bitten the bullet and started offering two-factor verification for Apple ID users...

Google says it is winning the war against Gmail account hijackers


Account takeovers are down a mammoth 99.7% compared with what they were at the height of the spear-phishing plague of 2011, the company (rightfully) brags.

Do not relax: such success doesn't let us users off the hook when it comes to account security beef-up.

Email: the forgotten security problem


When you read a message in your inbox, should you trust that the information hasn't been tampered with or that it even comes from who it claims?

Facebook to exclude phone numbers from reverse lookup - for users of two-factor authentication, anyway

Facebook to exclude phone numbers from reverse search - for users of two-factor SMS authentication, anyway

Facebook's SMS-based login security was a Catch-22. You had to give Facebook your phone number to improve security. But that exposed your phone number to the vagaries of the Facebook search system.

That's now changed, but apparently only temporarily, while Facebook decides what happens next.

Microsoft RDP - Remote Desktop Protocol or Routine Darkside Probe?


Leaving RDP open to the internet is a little bit like giving a visitor a seat in the corner of your server room and saying, "I'll just leave you here while I go for lunch. Don't touch anything, will you?"

What could possibly go wrong?

Blizzard owns up to data haemorrhage - painful but probably not too bad

Blizzard owns up to data haemorrhage - painful but probably not too bad

Big-time online entertainment outfit Blizzard has just owned up to a data haemorrhage.

Blizzard strongly suggests - but manfully doesn't pretend to guarantee - that financial data such as credit cards, billing addresses, and real names weren't got at.

"One in 256 times *any* password might get you in" - MySQL authentication disaster

"One in 256 times *any* password might get you in" - MySQL authentication disaster

What if your authentication system itself were at fault? You could have the hardest-to-guess password, salted and hashed thousands of times, and still be at risk.

That's what happened to MySQL and MariaDB.

Practical IT: how to assess a third-party provider's security (part 2)


In the second part of his article on how to assess the security of a third-party provider, Ross McKerchar takes a look at security functionality.