TLS
Monday review - the hot 32 stories of the week
It's that time of the week again - here's your roundup of everything we wrote in the last seven days.
Has HTTPS finally been cracked? Five researchers deal SSL/TLS a biggish blow...
Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire.
This time, they've done some severe damage.
Paul Ducklin takes a detailed look...
SSCC 102 - Probably the best 15 minute security podcast you'll hear today
Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 102, discussing a range of recent and newsworthy topics from the world of computer security.
Boffins 'crack' HTTPS encryption in Lucky Thirteen attack
The security of web transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.
Like 2011's much-talked-about BEAST attack, it has a groovy name: Lucky Thirteen.
Sophos Techknow - Understanding SSL
To many of us, SSL isn't much more than "the padlock in the browser." But how does it work? Who verifies SSL certificates? How do we know we can trust them? What happens if we realise we can't?
Duck and Chet discuss all this, and more, in this episode of the Techknow podcast.
SSL certificate safety bolstered by standards that lessen dependence on CAs
Two new proposals have been submitted to the IETF attempting to fix some of the trust problems inherent in the current SSL certificate system used to secure our online communications.
Researchers take another crack at SSL
Just how unique is is your private key?
Is there a chance that someone else, without any malice aforethought, might unexpectedly end up with a key pair that is identical or at least dangerously similar to yours?
Another certificate authority issues dangerous certficates
Mozilla has revoked the signing privileges of another certificate authority for issuing weak and incomplete SSL/TLS certificates.
SSCC 74 - fighting hi-tech crime, Kelihos botnet, iCode for USA, Amazon Silk tablet, Mac malware and the BEAST
This week, Chet and Paul Ducklin discuss the interesting and important topics of the past week: fighting hi-tech crime, tackling the Kelihos botnet, taking on zombified home users, examining the risks of Amazon's new Silk tablet, and understanding the BEAST!
Secure web browsing cracked by BEAST
A pair of researchers have unveiled a serious new attack on web browser security.
The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards.
Operation Black Tulip: Fox-IT's report on the DigiNotar breach
A preliminary report was released today by Fox-IT, the security team investigating the attack against certificate authority DigiNotar. Many interesting details are included about the hack, including more indications that it primarily affected Iranian users.
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
