-
- gcluley: Has Google said your PC is infected with DNS Changer malware? http://t.co/9muMA7zt9 minutes ago
- SophosSupport: Advisory: Sophos Endpoint v 9.5 and 9.7: automatic upgrade to v 10, reboot required: http://t.co/8KxlQ0Nq17 minutes ago
- SophosLabs: 4 yrs jail for man who masterminded Bredolab botnet of 30 million computers http://t.co/yq2q5tkG #huzzah!36 minutes ago
- SophosLabs: Learn more about analog computing - and Bob Moog! http://t.co/B0dQjMdk56 minutes ago
- gcluley: DDoS attack brings down UK webhosting firm 123-reg http://t.co/kMwKEhRS (via @regvulture)about 2 hours ago
Encryption
State of Utah outlines mistakes made allowing theft of 780K records
After losing nearly 800,000 residents personal information the State of Utah admits to not encrypting the data, leaving default passwords in place and not performing regular audits to find the mistakes.
Osama Bin Laden didn't encrypt his computer files - not such a mastermind then..
Ooops. If you're running a terrorist organisation, it might make sense to encrypt your files.
Clearly Osama Bin Laden didn't realise that - as some of the documents seized during the raid on his hideout in Pakistan have been made public for the first time.
MasterCard and Visa payment processor compromised, up to 10 million cards stolen
Over 10 million credit cards may have been stolen by criminals who compromised a credit card processing company last month. Read on to find out what happened and what actions you may wish to take to protect yourself.
Cloud storage data risks and encryption
Are you encrypting the data you keep in the cloud? Or are you trusting the cloud storage providers to do a decent job at security?
SSCC 84 - Cookie-gate, laptop security advice, Stratfor malicious emails and Facebook hacker advice
Paul Ducklin hosts this week's Chet Chat with the tables turned... Chet is the guest. They discussed the recent Google cookie-gate incident, House Intelligence Committee advice on using laptops while traveling and the malicious emails sent to leaked Stratfor subscriber email addresses.
Alleged fraudster has until next week to decrypt her hard drive for prosecutors
Prosecutors are keen to discover what is on the encrypted laptop of Ramona Fricosu, a Colorado woman accused of committing financial fraud.
The case has raised interesting questions of whether you can be forced by law to hand over your password, or decrypt your computer.
Mac FileVault 2's full disk encryption can be bypassed in less than 40 minutes
A company claims it can bypass Apple's FileVault 2 disk encryption "in minutes," as well as volumes encrypted with TrueCrypt.
Despite what you may think, IT security *is* your business
If you spend a lot of time paying attention to IT (in)security it can drive you to rant on occasion. This is one of those occasions, as too many companies are putting their future and their customers at risk thinking that "IT security isn't our busniess".
Stratfor's back, defiant but blushing over unencrypted subscriber data
George Fried,an, CEO of Stratfor, came forth with a public statement explaining what happened in the attacks against his company last December. He admitted fault, took responsibility and accused Anonymous of censorship that doesn't come openly from governments, but rather from people hiding behind masks.
Can you be forced by law to decrypt your computer? US v. Fricosu court case rages on
Ramona Fricosu, accused of committing financial fraud, is currently in a court battle fighting to keep her encrypted data private. The prosecution say that if the government fail to demand data decryption, it will harm public interests. This article looks at the arguments for both sides and asks whether this would be possible under UK law.
Researchers find many weak Stratfor passwords
A professor at Utah Valley University analyzed the leaked password hashes stolen by Anonymous from security firm Stratfor and determined even their security minded customers choose weak passwords.
Most Wi-Fi routers susceptible to hacking through security feature
Researchers have published a paper showing how a feature implemented in modern Wi-Fi routers intended to make securing them easier, in fact makes them insecure by default.
Lost USB keys have 66% chance of malware
We bought a stash of USB keys at a major transit authority's Lost Property auction, and took a look at the sort of information people leave on the train.
Two-thirds of the keys were infected with malware, and nothing on any of the keys was encrypted...
Cloud storage's hazy security lining at SC Congress NYC
With the bring your own device (BYOD) gaining momentum, do you know how your users are managing to move their data to and fro? In all likelihood they are using the cloud. Read on for the risks and strategies to protect your sensitive information in the cloud.
Randomness in cryptography - the devil's in the details
Kiwicon opened with a software engineering talk which was intensely focused - a case study of a single-line bug in a single source file in a single module in a 70MBbyte programming language distro.
Paul Ducklin reports from Wellington, New Zealand.
Stanford Hospital leaks 20,000 patient records
Stanford hospital lost 20,000 sensitive records through a mistake made by a third party billing company. When will our electronic health records be properly safeguarded?
Why Pakistan's move against online crypto is a dangerous idea
Reports from Pakistan suggest the country's telecomms authority is pressing ISPs to comply with regulations which restrict the use of end-to-end encryption.
But this won't improve security, even against militants. In general, it will make things worse.
Stolen USB stick contained police investigation details
Greater Manchester Police hunt for a stolen USB stick, containing details of an ongoing criminal investigation.
Can simple Google searches reveal your secrets?
Sophos's David Schwartzberg examines how sometimes Google can do too good a job, and can expose private encryption keys.
Dropbox lets anyone log in as anyone - so check your files now!
Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they've entrusted to the service, following the company's admission that it messed up its access controls for several hours.
