(get it in RSS or Atom)

Microsoft leads the way, setting new cryptographic defaults


Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.

Has HTTPS finally been cracked? Five researchers deal SSL/TLS a biggish blow...


Cryptographers have once again put SSL/TLS (that's the padlock in HTTPS) in their gunsights and opened fire.

This time, they've done some severe damage.

Paul Ducklin takes a detailed look...

Boffins 'crack' HTTPS encryption in Lucky Thirteen attack

The security of web transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.

Like 2011's much-talked-about BEAST attack, it has a groovy name: Lucky Thirteen.

First Patch Tuesday of 2012 covers 7 MS bulletins, 6 Adobe and tackles the BEAST

Patch Tuesday critical fixes for July 2012

Microsoft and Adobe have released their Patch Tuesday security bulletins for January 2012. Microsoft has finally gotten around to mitigating the BEAST, while Adobe updates Reader X to include fixes that were rushed out to vulnerable Reader 9 users.

SSCC 74 - fighting hi-tech crime, Kelihos botnet, iCode for USA, Amazon Silk tablet, Mac malware and the BEAST

Sophos Security Chet Chat

This week, Chet and Paul Ducklin discuss the interesting and important topics of the past week: fighting hi-tech crime, tackling the Kelihos botnet, taking on zombified home users, examining the risks of Amazon's new Silk tablet, and understanding the BEAST!

Secure web browsing cracked by BEAST


A pair of researchers have unveiled a serious new attack on web browser security.

The ability to crack encrypted web traffic removes the safety net that protects you when you're doing sensitive online tasks like banking or using credit cards.