https

(get it in RSS or Atom)

Heartbleed bust, Fingerprint fakery, WhatsApp privacy SNAFU - 60 Sec Security [VIDEO]

fb-60ss-250

What happens if you hack your local tax office? Can you trust the Samsung Galaxy S5's fingerprint security? Did WhatsApp finally get security right in its app?

Find out the answers in one entertaining minute of video - it's 60 Second Security!

Don't share your location with your friends on WhatsApp

wapp-loc-250

A group of budding security researchers at the University of New Haven in Connecticut recently taught themselves a handy lesson about the difference between *liking* WhatsApp and *trusting* it.

SSCC 140 - Does Windows have more holes than OS X? Whither messaging privacy? [PODCAST]

sscc-140-thumb-250

How bad is the latest Microsoft Word 0-day? Does OS X really need patching less often than Windows? What does Gmail's move to HTTPS-only really mean? And if WhatsApp has privacy coded into its DNA, is it coded into its app, too?

Chet and Duck get stuck in...

Google switches Gmail to HTTPS only

Google switches Gmail to HTTPS only

Google is now using an always-on HTTPS connection and encrypting all Gmail messages moving internally on its servers.

Anatomy of a Bitcoin phish - don't be too quick before you click!

bc-250

Paul Ducklin looks at a recent Bitcoin phish, and offers some tips on how not to get suckered in just because things look familiar...

Snapchat, Yahoo, Mavericks and T-shirts - 60 Sec Security [VIDEO]

2014-01-11-mac-dilemma-250

How long does it take a trendy cloud company to apologise? Do you really need HTTPS for webmail? OS X Mavericks - should you stay or should you go? And who won our crossword competition?

60 Second Security - 11 Jan 2014.

Yahoo makes good on its promise to enable HTTPS by default for Yahoo Mail

Yahoo makes good on its promise to enable HTTPS by default for Yahoo Mail

Yahoo, following the lead of Google and Microsoft, has now enabled HTTPS encryption for all Yahoo Mail users by default.

Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France

ff-ssl-warn-250

Google just announced the discovery of a bunch of fake SSL certificates for some of its own domains. The bogus certificates were apparently signed by the certificate authority of the French Treasury.

Paul Ducklin looks at how this sort of blunder happens, and how spot if ever it happens to your company...

Twitter joins the "forward secrecy" club for added resistance to surveillance

padlock-250

Twitter is the latest high-traffic social networking site to announce that it has added an extra layer of protection known as "forward secrecy" to its web servers.

And the company didn't say "surveillance" or "NSA" once in its statement.

Yahoo (finally!) to make SSL encryption the default for webmail

Yahoo (finally!) to make SSL encryption the default for webmail

In January this year, after a head-scratchingly long time, Yahoo Mail finally rolled out the option of protecting users' privacy with HTTPS. It's now confirmed it'll make it the default setting on 8 January 2014.

Defending against web-based malware: Spot the smoke, don't wait for fire

chn-250

Malware rarely gets into your network without some sort of tell-tale signs beforehand.

Learning to spot the metaphorical smoke that precedes the fire of a malware infection is a handy metaphor for keeping your network safe.

How much security would you expect in a $60 light globe?

hue-250

"Honey, why are the lights flashing 'URPWN3D' in Morse code?"

If you spent a cool $60 each on light globes (bulbs) from the Apple store...

...how much security would you expect?

Anatomy of a cryptographic oracle - understanding (and mitigating) the BREACH attack

breach-250

A whole lot has been talked, over the past week, about BREACH, a newly-documented attack against HTTPS.

Paul Ducklin digs into the theory, shows how it works in practice, and suggests how to soften the blow...

Facebook users worldwide (minus some mobile phones) now getting secure web browsing by default

Facebook privacy changes

It's one thing to say, "Turn it on for everybody everywhere by default!" But actually getting to ubiquitous HTTPS was a pain in the … umm... browser.

But now, Facebook says, after a load of blood, sweat and programming tears, and with the exception of some mobile phones, it's a "dream come true."

Android holed again, JAY Z and "Magna Carta", Tumblr and HTTPS - 60 Sec Security [VIDEO]

2013-07-20-jayz-250

Another Android code verification flaw revealed, and JAY Z takes the concept of "Magna Carta" to a whole new level.

Take a minute to look at this week's 60 Second Security video to learn more!

SSCC 113 - Another Android hole, Tumblr forgets encryption, Nintendo under attack [PODCAST]

image-113-250

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular quarter-hour podcast.

Why not give it a quick listen?

Google's certificate announcement contains a hidden surprise for Windows XP users

Google's certificate announcement contains a hidden surprise for Windows XP users

Are you an IT administrator still caring for Windows XP computers that are running Internet Explorer?

Google's latest announcement brings another good reason to upgrade your systems or switch to an alternative browser.

Monday review - the hot 26 stories of the week

dow-250

In case you missed it: Here's everything we wrote last week.

Apple finally adopts HTTPS for the App Store - here's why it matters

Last year, a Googler named Dr. Elie Bursztein noticed that Apple's App Store protocols were using HTTP where HTTPS would have been much better.

Some time later, Apple has changed its ways.

Paul Ducklin explains why it matters...

Monday review - the hot 27 stories of the week

Monday review - the hot 24 stories of the week

Just in case you missed any of our stories last week, here's a little recap.