It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire.
This time, they've done some severe damage.
Paul Ducklin takes a detailed look...
Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 102, discussing a range of recent and newsworthy topics from the world of computer security.
The security of web transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.
Like 2011's much-talked-about BEAST attack, it has a groovy name: Lucky Thirteen.
Public-key encryption relies on a pair of cryptographic keys, one public and the other private.
You'd think that programmers would be able to tell which one to keep private and which one to make public, wouldn't you?
It has taken Yahoo a ridiculously long time, but it is finally rolling out an option that will help protect users' privacy when accessing their web-based email - HTTPS.
Was the TURKTRUST SSL fiasco an abortive attempt at secret surveillance, or a blundering crisis of convenience?
Paul Ducklin takes stock of the situation...
Thumbs up to Facebook, which has announced it is finally enabling HTTPS by default for its users.
We celebrate by giving away some T-shirts..
The FTC has settled with web analytics company Compete, Inc. over poor security. Compete has agreed not to do it again, and to audit itself every two years for 20 years.
What do you think? Is that a stiff enough penalty? Have your say in our comments section...
Microsoft will be shipping an update as part of October's Patch Tuesday that will invalidate RSA certificates weaker than 1024 bits. If you are using old or weak certificates now is the time to upgrade them to a more appropriate strength.
Trust is crucial for financial web transactions, which is why it is so important that legitimate organisations don't get sloppy with best practice.
ZonD Eighty, the Russian hacker who brought App Store fraud to unjailbroken iPads and iPhones, has extended his "service" to OS X users.
Mac owners can now join their iDevice brethren in ripping off developers.
A Russian hacker has created a website you can use to make fraudulent in-app purchases on your iPad or your iPhone.
This is a pretty big blow to Apple - especially at a time when it is facing criticism for some of the stuff it lets into the App Store in the first place.
Just how unique is is your private key?
Is there a chance that someone else, without any malice aforethought, might unexpectedly end up with a key pair that is identical or at least dangerously similar to yours?
SSCC 74 - fighting hi-tech crime, Kelihos botnet, iCode for USA, Amazon Silk tablet, Mac malware and the BEAST
This week, Chet and Paul Ducklin discuss the interesting and important topics of the past week: fighting hi-tech crime, tackling the Kelihos botnet, taking on zombified home users, examining the risks of Amazon's new Silk tablet, and understanding the BEAST!