Cryptography

(get it in RSS or Atom)

The FREAK bug in TLS/SSL - what you need to know

The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser's address bar.

Paul Ducklin explains in plain English...

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

60ss-video-250

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

SSCC 187 - The cryptography edition [PODCAST]

chet-chat-logo-featured-250

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

$3m reward offered for alleged Gameover Zeus kingpin

Evgeniy Mikhailovich Bogachev

The US State Department has offered a $3m reward for the arrest or conviction of alleged Gameover Zeus admin Evgeniy Mikhailovich Bogachev.

How the "Great SIM Heist" could have been avoided

Apparently, intelligence services managed to penetrate the network of a major SIM card manufacturer, grab loads of SIM keys, and now we're all liable to be listened in on.

But why? What is it about SIM cards that made this possible?

Lenovo "Superfish" controversy - what you need to know

sf-250

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

FreeBSD and the YARNBUG - more trouble at the Random Number Mill

How do you test your random number generator?

How do you determine, in an ordered way, that a sequence of numbers is entirely disordered?

With difficulty!

RBS and NatWest banks to use Apple's Touch ID fingerprint system for mobile login

Touch ID. Image courtesy of Shutterstock.

The Royal Bank of Scotland and NatWest have launched a new mobile banking service that allows Apple customers to authenticate via Apple's Touch ID.

Apple's "two-step" security now protects iMessage and FaceTime, too

imsg-250

Apple has quietly extended its two-step verification feature to more of its ecosystem.

If you have the "Apple two-step" turned on, then the iMessage and FaceTime services are now protected by it.

New-style ransomware locks out your customers - demands money to let them log back in

key-250

The crooks took a low-key, annoyingly simple, and hard-to-spot approach.

Change usernames like JIMMY to FKOVWH3Z7LUV, but hide the changes...for a while, anyway.

Bughunter cracks "absolute privacy" Blackphone - by sending it a text message

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted.

In the text messaging software on the "absolute privacy" Blackphone...

"Cheaper car insurance" dongle could lead to a privacy wreck

snapshot-250

You'd hope that the developers of a dongle that tracks your driving paid a lot of attention to computer security.

Or, in fact, any attention at all...

Do terrorists use spam to shroud their secrets?

An article by an NSA mathematician about randomness also raises the question, "Are terrorists hiding behind spam?"

"Dear Facebook, I DEMAND that you ignore my demands" - 60 Sec Security [VIDEO]

Our weekly security news video, for your viewing pleasure.

Fun with a serious side, in just one minute...watch now!

Computer scientists "crack" poker

As the headlines tell it, Poker Is Solved!

In other words, don't invite a computer to your Texas Hold'em poker evenings unless you want to lose money every week...

Thunderstrike - new Mac "ueberrootkit" could own your Apple forever‏

apple-worm-250

Security researcher Trammell Hudson wondered how deeply you could embed a rootkit into a Mac.

Forget hacking the kernel, or even the boot sector...what about targeting the Boot ROM chip itself?

SSCC 180 - Surely zero-days come from cybercrooks, not from Silicon Valley? [PODCAST]

Enjoy the first 2015 episode of our popular weekly security podcast.

In this episode: zero-day politics, leaky security features, Bitcoin news, and a shout out to our New Year #sophospuzzle winners!

Gogo forges YouTube SSL certificate to throttle high-bandwith usage on flights

Plane. Image courtesy of Shutterstock.

It swears it's not intercepting user data, but issuing a fake HTTPS certificate sure doesn't make us feel warm and fuzzy.

The New Year 2014/2015 #sophospuzzle - all the winners, and how to solve it!

endian-250

The New Year 2014/2015 #sophospuzzle is over.

Here's who won, as well as how to solve it for those who weren't able to take part...