Cryptography

(get it in RSS or Atom)

Is that a Flash 0-day hole I see before me? 60 Sec Security [VIDEO]

Patches, hacking and keeping your head down online: our weekly 1-minute fun news video that's educational, too!

The OpenSSL "CVE-2015-1793" certificate verification bug - what you need to know

os-1200

OpenSSL announced on Monday that it had a "high severity" update arriving in three days' time.

That's today, and the update is out. Paul Ducklin tells you what you need to know...

Amazon releases low-cholesterol Heartbleed medicine called 's2n'

Remember the Heartbleed bug in OpenSSL?

Here's Amazon's open-source effort to expand our choice of cryptographic sauce...

Dodgy app company that mined Dogecoins behind your back receives FTC penalty

The app was called "Prized," but it was the app vendor that took the prizes by co-opting your phone into a cryptocurrency mining botnet.

Serious Security: Understanding the 'P' in 'VPN'

VPN stands for Virtual Private Network. But that doesn't necessarily mean "private" as in privacy.

Paul Ducklin helps you understand the various levels of 'P' in 'VPN.'

CryptoWall ransomware cost US victims at least $18 million, FBI says

ransomware-note-1200

The CryptoWall variant of crypto-ransomware cost US businesses and consumers at least $18 million between April 2014 and June 2015. The total damages could be much higher.

Pita bread helps researchers steal encryption keys

Pitta bread helps researchers steal encryption keys

Four Tel Aviv University researchers have developed a tiny, low-cost device that can steal encryption keys via radio waves.

SSCC 203 - What's the worst sort of service to have a password breach? [PODCAST]

Join Sophos security experts John Shier and Paul Ducklin as they dig into the latest security news in our regular "Chet Chat" podcast.

This week: LastPass, Facebook, Windows 10 (and not-quite-the-end of XP), Samsung, and the Android ecosystem.

Samsung keyboard app could let a crook crack your phone

A presenter at BlackHat London has some bad news for you: the keyboard app built in to your Samsung phone may leave you open to attack.

Paul Ducklin explains and offers some advice...

Will emoji passcodes put a smile on your face?

Will emoji passcodes put a smile on your face?

UK firm Intelligent Environments has developed an emoji alternative to numerical passcodes used in online banking.

Bad news! LastPass breached. Good news! You should be OK...

LastPass, a company that makes a popular password manager, just found out that crooks got into its network.

But if you picked a proper password, you should be OK...

iOS 9 enhances two factor authentication, introduces 6-digit passcodes

Apple. Image courtesy of Lester Balajadia/Shutterstock

Apple announced on Monday that iOS 9 will have native two-factor authentication as well as (slightly) more secure passcodes.

Practical IT: Beware these 3 web security myths

web-security-1200

To catch the bad stuff, keep your users productive, and cut down on time cleaning up compromised computers, here are our recommendations for getting web security right.

Gone in 10 seconds: Man hacks kids' toy to open garage doors

Hacked kids' toy can open a garage door in seconds

Independent security researcher Samy Kamkar has hacked a kids' toy to open garage doors.

SSCC 200 - If you can't trust the IRS, whom can you trust? [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest security news in our weekly podcast.

It's entertaining and educational - news you can use!

Get into Infosec Europe 2015 for free, hear great talks!

infosec-640

Get a free pass to Infosec Europe (2/3/4 June 2015) and stop by at our stand to say hello.

Attend our free talks...no paid actors, no sales pitches and no canned product demos: we're giving educational presentations that we hope will both entertain and educate.

You STILL support encryption designed to be crackable in 1995? 60 Sec Security [VIDEO]

Watch this week's "60 Second Security" - the one-minute news roundup video with attitude!

Anatomy of a LOGJAM - another TLS vulnerability, and what to do about it

We've had BEAST, Lucky Thirteen, BREACH, BEAST, POODLE, Heartbleed and FREAK...now, it's LOGJAM.

Paul Ducklin explains, and tells you what you can do about it.

Practical IT: What is encryption and how can I use it to protect my corporate data?

encryption-1200

Businesses often don't realise why encryption is important, and how they can use it to protect their data. The latest in our Practical IT series tells you what encryption is and how you can use it in your business.

Apple, Google and others urge Obama to say no to backdoors

Tech firms and cryptographers lobby the Obama administration, urging resistance to the implementation of backdoors in popular software.