How harmless is that "Facebook shutting down on 29 February" hoax?
Is system reimaging really a security tool?
Find out this and more! 60 Sec Security - 01 Mar 2014
Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.
From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.
Forget my unofficial patch for OS X!
Apple has done what it said, and delivered the latest update to Mavericks, numbered OS X 10.9.2, "very soon."
Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.
Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)
Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.
The answer, sadly, seems to be, "Very little."
How fast is fast enough for a patch? Should you trust the French Treasury? How many zeros launch a missile?
Watch 60 Sec Security and find out!
In January this year, after a head-scratchingly long time, Yahoo Mail finally rolled out the option of protecting users' privacy with HTTPS. It's now confirmed it'll make it the default setting on 8 January 2014.
Just under two months ago, we wrote about the mysterious closure of Edward Snowden's secure email service, Lavabit.
With the unsealing of US court documents, a fascinating (and cheeky) cryptographic tale has emerged...
A whole lot has been talked, over the past week, about BREACH, a newly-documented attack against HTTPS.
Paul Ducklin digs into the theory, shows how it works in practice, and suggests how to soften the blow...
Did you miss anything in the past week?
Here's a recap of the hot 22 stories of the past seven days, so you can catch up quickly!
If you have web-facing code written in Ruby, and you support SSL (which you do, right?), be sure to patch as soon as you can, to avoid falling victim to what seems very much like a four-year-old flaw...
Are you an IT administrator still caring for Windows XP computers that are running Internet Explorer?
Google's latest announcement brings another good reason to upgrade your systems or switch to an alternative browser.
Google just announced that its secure web pages will be ditching 1024-bit RSA keys in favour of 2048 bits.
We look at the lessons to be learned from whats, the whys and the wherefores of this change...
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire.
This time, they've done some severe damage.
Paul Ducklin takes a detailed look...
Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 102, discussing a range of recent and newsworthy topics from the world of computer security.
The security of web transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.
Like 2011's much-talked-about BEAST attack, it has a groovy name: Lucky Thirteen.
Public-key encryption relies on a pair of cryptographic keys, one public and the other private.
You'd think that programmers would be able to tell which one to keep private and which one to make public, wouldn't you?