Cryptography

(get it in RSS or Atom)

Jeb Bush: encryption makes it harder to catch "evildoers"

Jeb Bush: encryption makes it too hard to catch "evildoers"

Republican US presidential candidate Jeb Bush said Tuesday that encryption makes it harder for the NSA to do its job, and advocated for broad NSA surveillance powers to catch "evildoers."

Another Android hole: "OCtoRuTA" - One (Java) Class to Rule Them All

Yet another large-scale vulnerability has been revealed in Android.

This one lets an otherwise innocent-looking app go rogue, and enjoy privileges normally limited to the trusted parts of Android.

SSCC 210 - So many cool new Windows 10 features to opt out of! [PODCAST]

Enjoy the latest episode of our award-winning weekly security podcast - a quarter-hour of entertaining education.

Interested in Mac viruses? Here's Thunderstrike 2, a.k.a. the "firmworm"

When one door closes, another one opens.

Thunderstrike, the Mac firmware hole from early in 2015, is back for its sequel, Thunderstrike 2.

SSCC 209 - Can encryption be too good? [PODCAST]

Here's the latest episode of our weekly podcast that turns security news into useful advice...

Is that a Flash 0-day hole I see before me? 60 Sec Security [VIDEO]

Patches, hacking and keeping your head down online: our weekly 1-minute fun news video that's educational, too!

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know

os-1200

OpenSSL announced on Monday that it had a "high severity" update arriving in three days' time.

That's today, and the update is out. Paul Ducklin tells you what you need to know...

Amazon releases low-cholesterol Heartbleed medicine called 's2n'

Remember the Heartbleed bug in OpenSSL?

Here's Amazon's open-source effort to expand our choice of cryptographic sauce...

Dodgy app company that mined Dogecoins behind your back receives FTC penalty

The app was called "Prized," but it was the app vendor that took the prizes by co-opting your phone into a cryptocurrency mining botnet.

Serious Security: Understanding the 'P' in 'VPN'

VPN stands for Virtual Private Network. But that doesn't necessarily mean "private" as in privacy.

Paul Ducklin helps you understand the various levels of 'P' in 'VPN.'

CryptoWall ransomware cost US victims at least $18 million, FBI says

ransomware-note-1200

The CryptoWall variant of crypto-ransomware cost US businesses and consumers at least $18 million between April 2014 and June 2015. The total damages could be much higher.

Pita bread helps researchers steal encryption keys

Pitta bread helps researchers steal encryption keys

Four Tel Aviv University researchers have developed a tiny, low-cost device that can steal encryption keys via radio waves.

SSCC 203 - What's the worst sort of service to have a password breach? [PODCAST]

Join Sophos security experts John Shier and Paul Ducklin as they dig into the latest security news in our regular "Chet Chat" podcast.

This week: LastPass, Facebook, Windows 10 (and not-quite-the-end of XP), Samsung, and the Android ecosystem.

Samsung keyboard app could let a crook crack your phone

A presenter at BlackHat London has some bad news for you: the keyboard app built in to your Samsung phone may leave you open to attack.

Paul Ducklin explains and offers some advice...

Will emoji passcodes put a smile on your face?

Will emoji passcodes put a smile on your face?

UK firm Intelligent Environments has developed an emoji alternative to numerical passcodes used in online banking.

Bad news! LastPass breached. Good news! You should be OK...

LastPass, a company that makes a popular password manager, just found out that crooks got into its network.

But if you picked a proper password, you should be OK...

iOS 9 enhances two factor authentication, introduces 6-digit passcodes

Apple. Image courtesy of Lester Balajadia/Shutterstock

Apple announced on Monday that iOS 9 will have native two-factor authentication as well as (slightly) more secure passcodes.

Practical IT: Beware these 3 web security myths

web-security-1200

To catch the bad stuff, keep your users productive, and cut down on time cleaning up compromised computers, here are our recommendations for getting web security right.

Gone in 10 seconds: Man hacks kids' toy to open garage doors

Hacked kids' toy can open a garage door in seconds

Independent security researcher Samy Kamkar has hacked a kids' toy to open garage doors.

SSCC 200 - If you can't trust the IRS, whom can you trust? [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest security news in our weekly podcast.

It's entertaining and educational - news you can use!