Latest articles

D-Link patches critical router flaws, says more fixes to come

by Lee Munson on March 4, 2015 | Leave a comment
D-Link logo

D-Link has taken action over three serious vulnerabilities discovered in several of its home routers, and it's promising more fixes next week.

The FREAK bug in TLS/SSL - what you need to know

by Paul Ducklin on March 4, 2015 | 2 Comments

The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser's address bar.

Paul Ducklin explains in plain English...

Google quietly drops promised encryption by default for Android Lollipop

by Lisa Vaas on March 4, 2015 | 4 Comments
Google quietly drops promised encryption by default for Android Lollipop

Google has confirmed reports: that sweet encryption-by-default it promised for Android Lollipop left a sour taste when it came to device performance.

Police may charge data centre in largest ever child abuse images bust

by Lisa Vaas on March 4, 2015 | 1 Comment
Police may charge data centre in largest-ever child abuse images bust

Police might press charges against the owner of the drives that hold the child abuse image material - most likely, an Ontario data centre that houses the files.

Venmo mobile payment service under fire for security carelessness

by John Zorabedian on March 3, 2015 | 2 Comments
venmo-250

Venmo is taking heat after a news report last week revealed security holes you could "drive a truck through," in the words of one aggrieved Venmo user whose account was drained of $2850.

Is this the ultimate spam fail?

by Paul Ducklin on March 3, 2015 | 10 Comments
house-icon-250

We're not sure whether we ought to laugh at cybercrime.

But sometimes you just have to smile at the antics of would-be cybercriminals.

Woman reunited with stolen iPhone thanks to accidental Facebook selfie post

by Lisa Vaas on March 3, 2015 | Leave a comment
Woman reunited with iPhone thanks to accidental Facebook selfie post

A woman and her iPhone have been happily reunited, thanks to the new owner having accidentally posted a selfie onto her Facebook page that went viral.

Uber subpoenas GitHub in search for hacker of driver database

by John Zorabedian on March 3, 2015 | Leave a comment
Image of magnifying glass over fingerprint courtesy of Shutterstock.

A breach of one of its databases in May 2014, in which the names and driver license numbers of 50,000 "driver partners" were stolen, is the latest entry on Uber's growing list privacy and security blunders.

Please vote for Naked Security in the 2015 Security Blogger Awards!

by Paul Ducklin on March 2, 2015 | 9 Comments
vote-250

Along with the RSA 2015 conference in San Francisco in April come the Security Blogger Awards.

We're shortlisted, so please vote for us!

5 mobile device risks in your business

by Ross McKerchar on March 2, 2015 | 1 Comment
7 Sins: Mobile Negligence

5 security risks that you need to get on top of before you let employees access corporate resources from mobile devices, and how to mitigate them.

Why you can't trust password strength meters

by Mark Stockley on March 2, 2015 | 9 Comments
Password strength meters

Website owners can employ a range of measures to help users choose better, stronger passwords and one of the most popular techniques is to include a password strength meter. The meters are designed to help users understand if their password choices will resist attempts to crack them. The trouble is, they don't.

Google performs U-turn on Blogger smut rule

by Lee Munson on March 2, 2015 | Leave a comment
Google performs U-turn on Blogger smut rule

Google has changed its mind over a new policy on sexually explicit content on its Blogger platform and will target commercial porn instead.

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

by Paul Ducklin on March 2, 2015 | 10 Comments

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

Craig Brittain asks Google to remove links relating to his revenge porn antics

by Lisa Vaas on March 2, 2015 | 3 Comments
Craig Brittain asks Google to remove links relating to his revenge-porn antics

The guy who ignored women's pleas to take down nude images from his IsAnybodyDown site wants to have his own photos and information expunged from Google.

Old-school landline phones to protect elderly from "it's me" scammers

by Lisa Vaas on March 2, 2015 | 7 Comments
Old-school landline phones protect Japan's elderly from "it's me" scammers

The new phones glow red when a call comes in from an unregistered number, to battle the "ore ore" ("it's me, it's me") fraudsters who prey on Japanese elderly.

Monday review - the hot 26 stories of the week

by Naked Security writer on March 2, 2015 | Leave a comment
Monday review

Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

by Paul Ducklin on February 28, 2015 | Leave a comment
60ss-video-250

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

RIP Leonard Nimoy: a hero to Trekkies, but so much more than "Spock"

by John Zorabedian on February 28, 2015 | 5 Comments
Leonard Nimoy photo courtesy of Vicki L. Miller / Shutterstock.com.

Leonard Nimoy was beloved by millions, including many of us at Naked Security and at Sophos. So it is with great sadness that we acknowledge his passing on Friday, at the age of 83, and offer this modest tribute.

Facebook Bug Bounty report for 2014: $1.3M paid out to more than 700 bug finders

by Paul Ducklin on February 27, 2015 | Leave a comment

Facebook just released details of how much it paid out in bug bounties for 2014.

Rewards ranged from $500 to over $50,000...