It has taken Yahoo a ridiculously long time, but it is finally rolling out an option that will help protect users' privacy when accessing their web-based email - HTTPS.
Was the TURKTRUST SSL fiasco an abortive attempt at secret surveillance, or a blundering crisis of convenience?
Paul Ducklin takes stock of the situation...
Thumbs up to Facebook, which has announced it is finally enabling HTTPS by default for its users.
We celebrate by giving away some T-shirts..
The FTC has settled with web analytics company Compete, Inc. over poor security. Compete has agreed not to do it again, and to audit itself every two years for 20 years.
What do you think? Is that a stiff enough penalty? Have your say in our comments section...
Microsoft will be shipping an update as part of October's Patch Tuesday that will invalidate RSA certificates weaker than 1024 bits. If you are using old or weak certificates now is the time to upgrade them to a more appropriate strength.
Trust is crucial for financial web transactions, which is why it is so important that legitimate organisations don't get sloppy with best practice.
ZonD Eighty, the Russian hacker who brought App Store fraud to unjailbroken iPads and iPhones, has extended his "service" to OS X users.
Mac owners can now join their iDevice brethren in ripping off developers.
A Russian hacker has created a website you can use to make fraudulent in-app purchases on your iPad or your iPhone.
This is a pretty big blow to Apple - especially at a time when it is facing criticism for some of the stuff it lets into the App Store in the first place.
Just how unique is is your private key?
Is there a chance that someone else, without any malice aforethought, might unexpectedly end up with a key pair that is identical or at least dangerously similar to yours?
SSCC 74 - fighting hi-tech crime, Kelihos botnet, iCode for USA, Amazon Silk tablet, Mac malware and the BEAST
This week, Chet and Paul Ducklin discuss the interesting and important topics of the past week: fighting hi-tech crime, tackling the Kelihos botnet, taking on zombified home users, examining the risks of Amazon's new Silk tablet, and understanding the BEAST!
Amazon announced their new Kindle Fire tablet today, including a new accelerated web browser Silk. Can making the web faster threaten our privacy?
After attending the annual GrrCON in Grand Rapids, Michigan I thought I would share my thoughts on the keynote address delivered by Moxie Marlinspike. Moxie detailed the problems with the existing certificate authority system and proposed his ideas for a solution.
A pair of researchers have unveiled a serious new attack on web browser security.
The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards.
Lots of readers said they'd like to see our 'news-with-a-conscience' videos more than once a month.
So here you go. 60 Second Security, once every two weeks.
Digital certificate authority GlobalSign rather gutsily took itself out of business last week following a burst of online braggadocio from an Iranian hacker claiming to have "owned" the company.
GlobalSign is back. Looks like the self-serving hacker was nothing more than that.