https
Google's certificate announcement contains a hidden surprise for Windows XP users
Are you an IT administrator still caring for Windows XP computers that are running Internet Explorer?
Google's latest announcement brings another good reason to upgrade your systems or switch to an alternative browser.
Monday review - the hot 26 stories of the week
In case you missed it: Here's everything we wrote last week.
Apple finally adopts HTTPS for the App Store - here's why it matters
Last year, a Googler named Dr. Elie Bursztein noticed that Apple's App Store protocols were using HTTP where HTTPS would have been much better.
Some time later, Apple has changed its ways.
Paul Ducklin explains why it matters...
Monday review - the hot 27 stories of the week
Just in case you missed any of our stories last week, here's a little recap.
Anatomy of a phish - how crooks hack legitimate websites to steal your details
Are you a "safe surfer"?
What about sites that were perfectly good yesterday, but today are serving phishing pages for the crooks?
Paul Ducklin takes you on a four-country phishing trip...
Using Yahoo Mail? You should turn on this privacy option as soon as possible
It has taken Yahoo a ridiculously long time, but it is finally rolling out an option that will help protect users' privacy when accessing their web-based email - HTTPS.
Facebook finally enables HTTPS by default, we give away free T-shirts to celebrate
Thumbs up to Facebook, which has announced it is finally enabling HTTPS by default for its users.
We celebrate by giving away some T-shirts..
FTC smacks down security sloppiness by web analytics company Compete
The FTC has settled with web analytics company Compete, Inc. over poor security. Compete has agreed not to do it again, and to audit itself every two years for 20 years.
What do you think? Is that a stiff enough penalty? Have your say in our comments section...
Anatomy of a bug: latest Firefox 'new tab' feature thumbnails HTTPS pages
The latest release of Firefox has been called "unlucky version 13" because it creates web page thumbnails even of secure content, sparking privacy fears.
But is this really a bug? And if so, do any of the "fixes" circulating online actually work? Paul Ducklin finds out.
SSL certificate safety bolstered by standards that lessen dependence on CAs
Two new proposals have been submitted to the IETF attempting to fix some of the trust problems inherent in the current SSL certificate system used to secure our online communications.
HTTPS enabled by default - nice one Twitter!
Twitter announces that it has enabled HTTPS/SSL by default - a great step for protecting users' privacy.
Smart meter hacking can disclose which TV shows and movies you watch
Researchers at the 28c3 conference presented a paper delving into the privacy implications of smart power meters. In addition to vulnerabilities in the way these meters communicate they were even able to identify specific movies and TV shows that were being watched based on the data being sent back to the provider.
Secure web browsing cracked by BEAST
A pair of researchers have unveiled a serious new attack on web browser security.
The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards.
Researchers extend Firesheep to exploit Google Search data leak
A pair of security researchers have created their own version of the notorious Firesheep plugin to expose a data leak in the world's favourite search engine.
The proof-of-concept plugin exploits the use of unencrypted cookies by Google's Web History feature.
Falsely issued Google SSL certificate in the wild for more than 5 weeks
A rogue certificate was found in the wild more than a month after it was issued allowing someone to masquerade as SSL enabled Google services. Where did this certificate come from, who was using it and what can you do to protect yourself?
Bomb hoax, busts, skimming, Twitter security, Google fined - 60 Sec Security
Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month.
So here you go. 60 Second Security, once every two weeks.
Twitter starts rolling out HTTPS by default - good news for security and Ashton Kutcher
In a step which will be welcomed by its security-conscious users, Twitter has announced that it is beginning to turn on HTTPS by default.
Why is this important? Just ask Ashton Kutcher.
Groupon subsidiary leaks 300K logins, fixes fail, fails again
SoSasta, the Indian subsidiary of digital discount kings Groupon, leaked 300,000 usernames and plaintext passwords.
They've now closed the leak. But is the problem really fixed?
An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Fraudulent certificates issued by Comodo, is it time to rethink who we trust?
Today, Microsoft issued a Security Advisory warning that fraudulent digital certificates were issued by the Comodo Certificate Authority. This could allow malicious spoofing of high profile websites, including Google, Yahoo! and Windows Live.
