Cryptography

(get it in RSS or Atom)

Practical IT: What you need to know about email encryption

it-sins-unencrypted-email-250

When email was invented over 40 years ago, no one thought about how to ensure the integrity of messages. Here's what you need to know about securing email with the right kind of encryption.

TLS certificate blunder revisited - whither China Internet Network Information Center?

cnnic-250

Just under three weeks ago, we wrote about a TLS certificate blunder by a Root Certificate Authority called CNNIC.

We thought we'd revisit that story today to see how the Big Four browser makers responded to the lapse...

We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!

Belkin is the latest router vendor to be found relying on "non-secret secrets."

Paul Ducklin looks at the router equivalent of locking the key to the company safe in the top drawer of your desk...

Firefox issues brand new update to fix HTTPS security hole in new update

ff-hhtp2-500

Firefox 37.0 added support for a security-enhancing feature in HTTP/2 known as Alternative Services.

Unfortunately, the new feature had a rather bad HTTPS security hole all of its own...

Slack gets hacked - rolls out two-factor authentication after user database breach

Slack is the latest start-up to make a big media splash in one of the worst possible ways - by acknowledging a data breach that exposed its users to malicious hackers.

Serious Security: China Internet Network Information Center in TLS certificate blunder

TLS certificates are very important.

In fact, you could say they are the cornerstone of online security, especially for e-commerce.

So we thought we'd use a story about a recent certificate security blunder to remind you why...

SSCC 191 - Live in Ljubljana [PODCAST]

Chester is on the road again, this time to present at a conference in Slovenia.

So this episode of the Chet Chat comes to you from an al fresco café in downtown Ljubljana...

Ransomware - should you pay?

payup-250

The big question, usually left unanswered in technical discussions of ransomware, is, "Should you pay?"

We help you make up your mind.

Double FREAK! A cryptographic bug that was found because of the FREAK bug

Researchers checking up on the state of FREAK patching turned up another bug as a result.

Sometimes, finding programming mistakes requires serendipitous coincidences!

TeslaCrypt ransomware attacks gamers - "all your files are belong to us!"

tesla-250

TeslaCrypt is a new ransomware that goes above and beyond CryptoLocker in the types of files it seeks out to hold for ransom, including those related to video games.

SophosLabs dug in to find out what TeslaCrypt has in store for gamers, and everyone else.

If you hammer your RAM, won't that break it? 60 Sec Security [VIDEO]

\

From CPUs on fire to hammered memory modules - here's our latest 60 Second Security video!

Why not give it a try...

SSCC 189 - Hey, is that your CPU on fire? [PODCAST]

chet-chat-logo-featured-250

Join Sophos experts Chester Wisniewski and Paul Ducklin for our weekly security podcast.

Sharp, witty and educational, as usual (if we do say so ourselves)...enjoy!

Fancy a cryptocoin miner with your Torrent client? "Foistware" back in the spotlight...

cpu-1-250

If product X suddenly wants you to install product Y as a "recommended extra", is that a good thing or a bad one?

In the latest brouhaha, X = torrent client and Y = cryptocoin miner...

Monday review - the hot 25 stories of the week

Monday review

Catch up with the hot stories of the past week...

...and why not try out our weekly podcast and watch our 60-second video while you're about it?

But surely "export grade" means HIGHER quality? 60 Sec Security [VIDEO]

\

The latest episode of our weekly security news video...

...all in just 60 seconds, as usual.

The FREAK bug in TLS/SSL - what you need to know

The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser's address bar.

Paul Ducklin explains in plain English...

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

\

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

SSCC 187 - The cryptography edition [PODCAST]

chet-chat-logo-featured-250

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

$3m reward offered for alleged Gameover Zeus kingpin

Evgeniy Mikhailovich Bogachev

The US State Department has offered a $3m reward for the arrest or conviction of alleged Gameover Zeus admin Evgeniy Mikhailovich Bogachev.