Encryption
Cloud storage's hazy security lining at SC Congress NYC
With the bring your own device (BYOD) gaining momentum, do you know how your users are managing to move their data to and fro? In all likelihood they are using the cloud. Read on for the risks and strategies to protect your sensitive information in the cloud.
Randomness in cryptography - the devil's in the details
Kiwicon opened with a software engineering talk which was intensely focused - a case study of a single-line bug in a single source file in a single module in a 70MBbyte programming language distro.
Paul Ducklin reports from Wellington, New Zealand.
Stanford Hospital leaks 20,000 patient records
Stanford hospital lost 20,000 sensitive records through a mistake made by a third party billing company. When will our electronic health records be properly safeguarded?
Why Pakistan's move against online crypto is a dangerous idea
Reports from Pakistan suggest the country's telecomms authority is pressing ISPs to comply with regulations which restrict the use of end-to-end encryption.
But this won't improve security, even against militants. In general, it will make things worse.
Stolen USB stick contained police investigation details
Greater Manchester Police hunt for a stolen USB stick, containing details of an ongoing criminal investigation.
Can simple Google searches reveal your secrets?
Sophos's David Schwartzberg examines how sometimes Google can do too good a job, and can expose private encryption keys.
Dropbox lets anyone log in as anyone - so check your files now!
Customers of cloud-based file storing-and-sharing company Dropbox should check on the data they've entrusted to the service, following the company's admission that it messed up its access controls for several hours.
Infragard Atlanta, an FBI affiliate, hacked by LulzSec
LulzSec, a hacking group known for attacking Sony and PBS, have attacked a non-profit named Infragard who work closely with the FBI. Hundreds of logins and operational details of some individuals were disclosed through pastebin.com and BitTorrent.
Sony Europe hacked by Lebanese hacker... Again
Updated with information on 14th attack against SonyPictures.RU. Sony was hacked for the 13th time, this time exposing usernames, passwords, work emails, mobile phones and web site information on 120 Sony Europe users.
Sony Pictures attacked again, 4.5 million records exposed
Sony Pictures has been hacked by LulzSec leading to 4.5 million records being made available. Usernames, email addresses, passwords (in plain text) and more have been released.
Honda Canada loses 283,000+ records, now faces lawsuit
Honda Canada disclosed a breach of their myHonda and myAcura websites that affected more than 283,000 Canadian Honda owners. Information stolen in the attack included names, addresses, Vehicle Identification Numbers and in some cases Honda Finance account numbers.
Sony succumbs to another hack leaking 2,500 "old records"
Sony has acknowledged another system has been compromised by hackers and names and addresses of 2,500 more people have been stolen and published.
Sony admits breach larger than originally thought, 24.5 million SOE users also affected
Sony disclosed today that the breach two weeks ago affects an additional 24.5 million users of its Sony Online Entertainment division. They have shut down the service until further notice and continue to investigate the thefts.
SSCC 58 - Coreflood, DSLReports, Sony, Stars and Ars Technica
Sophos Security Chet Chat 58 features Paul Ducklin and Chester Wisniewski discussing the week's most pertinent security topics. This week: the Coreflood take-down; password loss at DSLReports; Sony's big data breach; Iran claims a "Stars" virus attack; and Facebook shuts down Ars Technica.
The New York Yankees and DSLReports.com responsible for 30,000 more data loss victims
The New York Yankees accidentally emailed personal details on 21,000 customers to their affiliates. Around the same time DSLReports disclosed they had been hacked through a SQL injection attack that disclosed the plain text passwords of thousands of members.
Sony says credit card details *were* encrypted, but questions still remain
Sony confirms that credit card details which could have been stolen in the recent hack of the PlayStation Network were encrypted, but doesn't reassure customers regarding the strength of encryption.
Easter Egg locations remain safe, says Bunny spokesperson
Reports surfaced today that the Easter Bunny was involved in a minor accident and lost a netbook containing the locations he had hidden Easter eggs and baskets around the world.
Ashton Kutcher's Twitter hacked with pro-SSL graffiti
Could an open WiFi hotspot have allowed Ashton Kutcher's Twitter account to have been compromised at TED?
SSCC 50 - Windows 7 SP1, OddJob Trojan, HIPAA fines and erasing SSDs
Chet Chat 50 features Tony Ross talking with Chet about Windows 7 SP1, a new banking Trojan, HIPAA and the difficulty with securing disposing of Solid State Disks.
SSDs, encryption and decommissioning
A research paper about the secure erasure of data on SSDs has raised a lot of discussion.
What steps do you need to take when decommissioning a disk?
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
![Hacked TV channels broadcast zombie apocalypse emergency alert [VIDEO]](http://sophosnews.files.wordpress.com/2013/02/zombie-thumb.jpg?w=75&h=75&crop=1)
