SSL

(get it in RSS or Atom)

Has HTTPS finally been cracked? Five researchers deal SSL/TLS a biggish blow...

ts-cracked-250

Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire.

This time, they've done some severe damage.

Paul Ducklin takes a detailed look...

SSCC 102 - Probably the best 15 minute security podcast you'll hear today

Sophos security Chet Chat podcast 102

Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 102, discussing a range of recent and newsworthy topics from the world of computer security.

Boffins 'crack' HTTPS encryption in Lucky Thirteen attack

The security of web transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.

Like 2011's much-talked-about BEAST attack, it has a groovy name: Lucky Thirteen.

Do programmers understand the meaning of PRIVATE?

Public-key encryption relies on a pair of cryptographic keys, one public and the other private.

You'd think that programmers would be able to tell which one to keep private and which one to make public, wouldn't you?

Using Yahoo Mail? You should turn on this privacy option as soon as possible

Yahoo (finally!) to make SSL encryption the default for webmail

It has taken Yahoo a ridiculously long time, but it is finally rolling out an option that will help protect users' privacy when accessing their web-based email - HTTPS.

The TURKTRUST SSL certificate fiasco - what really happened, and what happens next?

The TURKTRUST SSL certificate fiasco - what happened, and what happens next?

Was the TURKTRUST SSL fiasco an abortive attempt at secret surveillance, or a blundering crisis of convenience?

Paul Ducklin takes stock of the situation...

Monday review - the hot 17 stories of the week

OK, these aren't just the hot 17 stories of the past week, but of the two weeks before that, too.

If, like us, you've been enjoying some downtime over the Christmas and New Year holidays, here's your quickest way to get back up to speed with Naked Security...

Facebook finally enables HTTPS by default, we give away free T-shirts to celebrate

Facebook finally enables HTTPS by default, we give away free T-shirts to celebrate

Thumbs up to Facebook, which has announced it is finally enabling HTTPS by default for its users.

We celebrate by giving away some T-shirts..

FTC smacks down security sloppiness by web analytics company Compete

ftc-250-blue

The FTC has settled with web analytics company Compete, Inc. over poor security. Compete has agreed not to do it again, and to audit itself every two years for 20 years.

What do you think? Is that a stiff enough penalty? Have your say in our comments section...

Microsoft says "No!" to insecure certificate practices

Microsoft says "No!" to insecure certificate practices

Microsoft will be shipping an update as part of October's Patch Tuesday that will invalidate RSA certificates weaker than 1024 bits. If you are using old or weak certificates now is the time to upgrade them to a more appropriate strength.

Police penalty-payment website makes amateurish coding errors

police

Trust is crucial for financial web transactions, which is why it is so important that legitimate organisations don't get sloppy with best practice.

Sophos Techknow - Understanding SSL

techknow-logo-250-150

To many of us, SSL isn't much more than "the padlock in the browser." But how does it work? Who verifies SSL certificates? How do we know we can trust them? What happens if we realise we can't?

Duck and Chet discuss all this, and more, in this episode of the Techknow podcast.

Russian hacker's App Store fraud site adds Mac support

Russian hacker's App Store fraud site adds Mac support

ZonD Eighty, the Russian hacker who brought App Store fraud to unjailbroken iPads and iPhones, has extended his "service" to OS X users.

Mac owners can now join their iDevice brethren in ripping off developers.

Apple's App Store bypassed by Russian hacker, leaving developers out of pocket

Apple's App Store bypassed by Russian hacker, leaving developers out of pocket

A Russian hacker has created a website you can use to make fraudulent in-app purchases on your iPad or your iPhone.

This is a pretty big blow to Apple - especially at a time when it is facing criticism for some of the stuff it lets into the App Store in the first place.

SSL certificate safety bolstered by standards that lessen dependence on CAs

SSL certificate safety bolstered by standards that lessen dependence on CAs

Two new proposals have been submitted to the IETF attempting to fix some of the trust problems inherent in the current SSL certificate system used to secure our online communications.

Researchers take another crack at SSL

Researchers take another crack at SSL

Just how unique is is your private key?

Is there a chance that someone else, without any malice aforethought, might unexpectedly end up with a key pair that is identical or at least dangerously similar to yours?

HTTPS enabled by default - nice one Twitter!

HTTPS enabled by default - nice one Twitter!

Twitter announces that it has enabled HTTPS/SSL by default - a great step for protecting users' privacy.

Another certificate authority issues dangerous certficates

iStock_VoidStamp250

Mozilla has revoked the signing privileges of another certificate authority for issuing weak and incomplete SSL/TLS certificates.

SSCC 74 - fighting hi-tech crime, Kelihos botnet, iCode for USA, Amazon Silk tablet, Mac malware and the BEAST

Sophos Security Chet Chat

This week, Chet and Paul Ducklin discuss the interesting and important topics of the past week: fighting hi-tech crime, tackling the Kelihos botnet, taking on zombified home users, examining the risks of Amazon's new Silk tablet, and understanding the BEAST!

Amazon Kindle Fire's Silk browser sounds privacy alarm bells

KindleFire250

Amazon announced their new Kindle Fire tablet today, including a new accelerated web browser Silk. Can making the web faster threaten our privacy?