(get it in RSS or Atom)

Dropbox passwords leaked, third-party services blamed

Dropbox logo

Hundreds of Dropbox logins were posted on Pastebin and Reddit, but it turns out they were stolen from a third-party service months ago, Dropbox says. So why did some of those passwords work, as Reddit users claimed? Think password reuse.

Is it *really* such a bad idea to use a password twice?


We regularly warn you against using the same password for multiple accounts.

But if you memorise one really long and complex password, isn't that enough?

No! Here's why...

Bitcoin inventor's identity allegedly under threat after claimed "Satoshi Nakamoto" email hijack


An anonymous internet user claims to have hacked the email account of Satoshi Nakamoto, the creator of virtual currency Bitcoin, and is threatening to unveil Nakamoto's identity for 25 Bitcoins.

Home Depot credit card breach: company to "investigate"

Home Depot

Home Depot has responded to reports yesterday that it suffered a credit card breach.

Apple ransomware strikes Australia - pay Oleg $100 or else


This morning, a number of Australian iPad and iPhone users woke up to a strange sight.

"Device hacked by Oleg Pliss. For unlock device..."

New Zealand's 18-tonne supercomputer - was it hacked, or not?

There's a storm brewing in New Zealand, it seems, after news that a supercomputer at the National Institute of Water and Atmospheric Research was "hacked."

Facebook rape joke posted by 'hackers', Hooters insists

Hooters girls

The US emporium of beer, buxom babes and unlimited $10.99 chicken pointed the finger at Facebook hackers after somebody posted a rape joke onto its page on Saturday.

Hacker who Snowdenized ethical hacking site also grabbed email control

Hacker who Snowdenized ethical hacking site also grabbed email control

The hacker behind the pasting of Edward Snowden's mug onto the EC-Council's site also managed to send a password-reset to its cloud-based enterprise email and get control of some customers' accounts.

Anatomy of a "goto fail" - Apple's SSL bug explained, plus an unofficial patch for OS X!


Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.

Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)

Flash patched, Forbes hacked and Korea reacts - 60 Sec Security [VIDEO]


Another Flash emergency already? More SEA hacking? Why have the password "changeme" if you don't? How big a fine for a 20,000,000 record breach?

It'll only take you a minute to find out!

Forbes Hack password shootout: Gmail vs Yahoo vs Hotmail vs AOL - whose users are the smartest?


Which webmail service has the smartest users? And are they getting smarter over time?

Paul Ducklin tries to use the password data from the Forbes hack to find the answers...

SSCC 129 - Hypervisors, apologies, backdoors and Twitter hacks [PODCAST]


Chet and Duck look at the security stories that made the headlines over New Year 2013/2014 - from the OpenSSL "hypervisor hack" that wasn't, to the Skype Twitter breach that shouldn't have happened - and explain how we can learn from these mistakes to have a safer and more secure 2014.

NASA hack blunder, doxer jailed, PAYE cybercrime, $20k iPhone prize - 60 Sec Security [VIDEO]


Why did Brazilian hackers target NASA? What happens to doxers? How much does it cost to get started in card skimming? And how much is a copy of your fingerprint worth?

Watch 60 Second Security and find out!

Monday review - the hot 20 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

Monday review - the hot 18 stories of the week

Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Gun-wielding penguin takes over Ubuntu Forums, waves AK-47 at Linux users everywhere


Ubuntu Forums has been hacked.

As well as leaving behind an AK-waving penguin, the hackers also took away millions of usernames, email addresses and password hashes.

Sony to pay £250,000 fine for PlayStation Network breach

Game over - Sony to pay £250,000 fine for PlayStation Network breach

Sony has thrown in the towel on its appeal of a £250,000 fine ($377,500) imposed after its PlayStation Network was hacked in April 2011, losing data such as names, addresses, email addresses, dates of birth and account passwords of millions of users.

Nintendo Japan cracks after month-long, 15.5 million-strong hacker bombardment

Nintendo cracks after month-long, 15.5 million-strong hacker bombardment

Out of that splatter, 24,000 bogus login tries struck the jackpot, exposing names, addresses, phone numbers and other personal details of corresponding Club Nintendo customers.

The LinkedIn hack that wasn't


Bryan Berg, the co-founder of microblogging site App.net, pronounced earlier today that LinkedIn had been hacked.

That turned out to be not quite correct, as Paul Ducklin explains.

Seriously, this is how the Syrian Electronic Army hacked The Onion

Seriously, this is how the Syrian Electronic Army hacked The Onion

Satirical news publication The Onion has gone into detail about how hackers managed to steal its passwords, access its internal emails, and hijack its Twitter account.