Cryptography

(get it in RSS or Atom)

The FREAK bug in TLS/SSL - what you need to know

by Paul Ducklin on March 4, 2015 | 2 Comments

The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser's address bar.

Paul Ducklin explains in plain English...

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

by Paul Ducklin on March 2, 2015 | 10 Comments

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

Bought PII from the government? PLEASE DON'T LOSE IT! 60 Sec Security [VIDEO]

by Paul Ducklin on February 28, 2015 | Leave a comment

Here's the latest episode of our weekly computer security roundup.

The latest news presented so you can enjoy it...in just one minute!

SSCC 187 - The cryptography edition [PODCAST]

by Paul Ducklin on February 26, 2015 | Leave a comment

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

$3m reward offered for alleged Gameover Zeus kingpin

by Lee Munson on February 25, 2015 | 2 Comments

The US State Department has offered a $3m reward for the arrest or conviction of alleged Gameover Zeus admin Evgeniy Mikhailovich Bogachev.

How the "Great SIM Heist" could have been avoided

by Paul Ducklin on February 23, 2015 | 19 Comments

Apparently, intelligence services managed to penetrate the network of a major SIM card manufacturer, grab loads of SIM keys, and now we're all liable to be listened in on.

But why? What is it about SIM cards that made this possible?

Lenovo "Superfish" controversy - what you need to know

by Paul Ducklin on February 20, 2015 | 13 Comments

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

FreeBSD and the YARNBUG - more trouble at the Random Number Mill

by Paul Ducklin on February 19, 2015 | 15 Comments

How do you test your random number generator?

How do you determine, in an ordered way, that a sequence of numbers is entirely disordered?

With difficulty!

RBS and NatWest banks to use Apple's Touch ID fingerprint system for mobile login

by Lee Munson on February 18, 2015 | Leave a comment

Touch ID. Image courtesy of Shutterstock.

The Royal Bank of Scotland and NatWest have launched a new mobile banking service that allows Apple customers to authenticate via Apple's Touch ID.

Apple's "two-step" security now protects iMessage and FaceTime, too

by Paul Ducklin on February 13, 2015 | Leave a comment

Apple has quietly extended its two-step verification feature to more of its ecosystem.

If you have the "Apple two-step" turned on, then the iMessage and FaceTime services are now protected by it.

New-style ransomware locks out your customers - demands money to let them log back in

by Paul Ducklin on February 4, 2015 | 7 Comments

The crooks took a low-key, annoyingly simple, and hard-to-spot approach.

Change usernames like JIMMY to FKOVWH3Z7LUV, but hide the changes...for a while, anyway.

Bughunter cracks "absolute privacy" Blackphone - by sending it a text message

by Paul Ducklin on January 28, 2015 | 7 Comments

Serial bughunter Mark Dowd found a hole where it *really* wasn't wanted.

In the text messaging software on the "absolute privacy" Blackphone...

"Cheaper car insurance" dongle could lead to a privacy wreck

by Paul Ducklin on January 20, 2015 | 23 Comments

You'd hope that the developers of a dongle that tracks your driving paid a lot of attention to computer security.

Or, in fact, any attention at all...

Do terrorists use spam to shroud their secrets?

by Paul Ducklin on January 19, 2015 | 6 Comments

An article by an NSA mathematician about randomness also raises the question, "Are terrorists hiding behind spam?"

"Dear Facebook, I DEMAND that you ignore my demands" - 60 Sec Security [VIDEO]

by Paul Ducklin on January 10, 2015 | Leave a comment

Our weekly security news video, for your viewing pleasure.

Fun with a serious side, in just one minute...watch now!

Computer scientists "crack" poker

by Paul Ducklin on January 9, 2015 | 4 Comments

As the headlines tell it, Poker Is Solved!

In other words, don't invite a computer to your Texas Hold'em poker evenings unless you want to lose money every week...

Thunderstrike - new Mac "ueberrootkit" could own your Apple forever‏

by Paul Ducklin on January 9, 2015 | 1 Comment

Security researcher Trammell Hudson wondered how deeply you could embed a rootkit into a Mac.

Forget hacking the kernel, or even the boot sector...what about targeting the Boot ROM chip itself?

SSCC 180 - Surely zero-days come from cybercrooks, not from Silicon Valley? [PODCAST]

by Paul Ducklin on January 7, 2015 | Leave a comment

Enjoy the first 2015 episode of our popular weekly security podcast.

In this episode: zero-day politics, leaky security features, Bitcoin news, and a shout out to our New Year #sophospuzzle winners!

Gogo forges YouTube SSL certificate to throttle high-bandwith usage on flights

by Lisa Vaas on January 7, 2015 | 15 Comments

It swears it's not intercepting user data, but issuing a fake HTTPS certificate sure doesn't make us feel warm and fuzzy.

The New Year 2014/2015 #sophospuzzle - all the winners, and how to solve it!

by Paul Ducklin on January 6, 2015 | 2 Comments

The New Year 2014/2015 #sophospuzzle is over.

Here's who won, as well as how to solve it for those who weren't able to take part...

Cryptography

Related articles

Free tools

Hot this week

Tags

Categories

Archives by month

Download some free tools

Take a look at our products

Investigate the threats