salt

(get it in RSS or Atom)

SSCC 135 - Flappy Bird frenzy, Talking Angela talkfest, NBC hype, Kickstarter and Forbes [PODCAST]

sscc-135-thumb-250

What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?

Serious Security: How to store your users' passwords safely

crack-250

Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"

Here you are...

Facebook locks users in a closet for using same passwords/emails on Adobe

Facebook locks users in a closet for using same passwords/emails on Adobe

Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.

Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder

abr-250

Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.

Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...

Data Breach Week, SIMs cracked, carders busted - 60 Sec Security [VIDEO]

2013-07-27-simcrack-250

How safe is the SIM in your mobile phone? Could it be remotely infected with malware?

Possibly - watch this week's 60 Second Security video and find out more!

Ubisoft customers told "change your passwords *now*"

Ubisoft customers told change your passwords *now*

Ubisoft is urging customers to change their passwords following a breach that exposed user names, email addresses and encrypted passwords.

SSCC 108 - WW2 crypto, Bitcoin mining, internet cameras, password breaches [PODCAST]

image-108-250

Chester calls home from Interop in Las Vegas to record the latest episode of the Sophos Security Chet Chat.

Join Chester and guest Paul Ducklin in their regular quarter-hour podcast as they laugh about (and lament) the latest goings-on in the world of computer security.

50,000,000 usernames and passwords lost as LivingSocial "special offers" site hacked

LivingSocial, the online offers site owned in largish part by Amazon, has just emailed its userbase, said to be 50,000,000-strong, to fess up to a data breach.

Another day, another shed-load of password hashes in the hands of crooks....

Scribd, "world's largest online library," admits to network intrusion, password breach

scribd-250

San Francisco-based document sharing site Scribd has admitted to a network intrusion.

Details are scant, but fortunately a notification published by the company suggests that no more than 1% of users are at risk...

"Rude password - login denied": the AT&T April Fool that wasn't

rude-password-250

Why, and more importantly, *how*, would you go about weeding out rude passwords?

Surely an April Fool?

Paul Ducklin takes a look...

Twitter hacked, at least 250,000 users affected: what you can do to protect yourself

Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time.

Paul Ducklin investigates and offers some advice on what to do next...

Cracked passwords from the alleged 'Egyptian hacker' Adobe breach

Cracked passwords from the alleged 'Egyptian hacker' Adobe breach

An allegedly Egyptian hacker going by the name ViruS_HimA has allegedly hacked into Adobe.

Wherever the data actually comes from, it reveals yet more poor password hygiene at both the client and the server...find out just how bad.

League of Legends online game joins the League of the Hacked

League of Legends online game joins the League of the Hacked

Online real-time strategy game League of Legends, from Riot Games, is the latest large web property to own up to a data breach.

There's a silver lining, namely that the company's notification is frank and helpful, stating clearly what was stolen, and what wasn't.