Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"
Here you are...
Forum software vendor vBulletin has owned up to a username-and-password breach on its forum.
Guess which forum software the company uses?
Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.
Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.
Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...
Cloud-based database services company MongoHQ is in "we'd better fix things" mode this week, following a network intrusion that proves the old adage that once you've been breached, all security bets are off.
Ubisoft is urging customers to change their passwords following a breach that exposed user names, email addresses and encrypted passwords.
San Francisco-based document sharing site Scribd has admitted to a network intrusion.
Details are scant, but fortunately a notification published by the company suggests that no more than 1% of users are at risk...
Why, and more importantly, *how*, would you go about weeding out rude passwords?
Surely an April Fool?
Paul Ducklin takes a look...
Kim Dotcom's new venture, Mega, wants to shield itself from accusations of failing to take action against piracy.
It does so by using cryptography to make sure it doesn't see, and indeed cannot tell, what you've uploaded. But you have to get the crypto right...
The party-time news of the past weekend was the launch of Kim Dotcom's comeback file sharing service, Mega.
Crypto critics have already taken issue with some aspects of Mega's implementation, and Dotcom has taken issue right back at them...
The total number of Windows passwords you can construct using eight keyboard characters is vast: one followed by 16 zeros, or near enough.
Gone in six hours.
Plus you get to heat your house at the same time.
An allegedly Egyptian hacker going by the name ViruS_HimA has allegedly hacked into Adobe.
Wherever the data actually comes from, it reveals yet more poor password hygiene at both the client and the server...find out just how bad.
Five years, 64 entries and three rounds of cryptographic cook-off later, and we finally have a winner of the Secure Hash Algorithm 3 competition: Keccak.
We explain how it's different, and why, and we tell you how to pronounce it...
Cracking the password hashes exposed in the recent Philips data breach was interesting, but there was just as much to be learned from the rate of recovery as from the password recovery itself.
We've prepared some mini-infographics to show you what we mean...
Big-time online entertainment outfit Blizzard has just owned up to a data haemorrhage.
Blizzard strongly suggests - but manfully doesn't pretend to guarantee - that financial data such as credit cards, billing addresses, and real names weren't got at.