(get it in RSS or Atom)

Hack of online dating site Cupid Media exposes 42 million plaintext passwords

Hack of online dating site Cupid Media exposes 42 million plaintext passwords

Guess how many times "123456" was used as a password by users. If you answered "close to 2 million times," you win! Now guess which online dating site service has decided to encrypt customer records using salting and hashing in future.

Forum software vendor vBulletin breached - apparently by vBulletin hack


Forum software vendor vBulletin has owned up to a username-and-password breach on its forum.

Guess which forum software the company uses?

Loyaltybuild, Amazon, Facebook and Mavis Batey MBE - 60 Sec Security [VIDEO]

Why shouldn't you store unencrypted credit card numbers? How can you squeeze a positive result from a password breach? What sort of pressure was on the cryptanalysts at Bletchley Park?

Find out the answers in just one minute!

Making phishing more complex - on purpose


A threat that doesn't just attack, but asks you to put in a password first?

Sounds weird, but the trick worked for malware in the past, and is now being used in phishing

Fraser Howard of SophosLabs explains...

10 tips for securing your smartphone

10 tips for securing your smartphone

Remote wiping? Encryption? Secure passcode? Here are 10 tips to ensure you keep your smartphone just as secure as your PC.

Google to encrypt data "end-to-end" in effort to block NSA and other agencies

Google: US data requests have more than tripled since 2009

Google is stepping up efforts to toughen data encryption in an effort to limit unofficial snooping on user information in the wake of the revelations about the NSA and PRISM.

LastPass, hackable lights, Bradley Manning and Wackyleaks - 60 Sec Security [VIDEO]


What happened to LastPass that it needed a patch? How do Philips wireless lights handle security? What will become of Bradley Manning? And what has Wikileaks been up to lately?

Take a look at 60 Second Security and find out!

Next version of the web will have resistance to surveillance at its core


The Internet Engineering Task Force is planning changes to the fundamental protocol that powers the web to make it more resistant to surveillance.

Encrypted email service Silent Circle silences email in wake of Lavabit closure


The company pre-emptively shut down Silent Mail in anticipation of the US government getting its hands on the metadata inevitably associated with email. The move came directly after Lavabit—former email service of whisteleblower Edward Snowden—shut down amidst legal wranglings.

Secure webmail service Lavabit suspends operation, citing legal issues

Lavabit logo

If you're interested in webmail security, you've probably heard of Lavabit. It uses public key cryptography to keep your messages private even though they're stored "in the cloud."

At least, it used to. The operator of the service recently suspended it, citing legal issues he can't disclose...

SSCC 113 - Another Android hole, Tumblr forgets encryption, Nintendo under attack [PODCAST]


News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular quarter-hour podcast.

Why not give it a quick listen?

Some US states strengthen data breach notification laws, others ignore them


Vermont and North Dakota have recently bolstered their data breach notification laws to cover more organizations and additional types of personal information. Meanwhile Michigan lost 49,000 people's names, birth dates and cancer screening records and claims they aren't protected information.

Cryptocat 'encrypted' group chats may have been crackable for 7 months

The Cryptocat project is apologizing and urging users to update immediately.

Founder and developer Nadim Kobeissi took to a live stream to address questions from a show in Germany.

Lias Vaas investigates...

Thieves pounce on one of a sheriff's office's last, unencrypted laptops

Sheriff's badge

The sheriff's office in King's County, Seattle, was in the process of adding encryption software this past spring and as of March had done so on 60% of all computers.

The laptop that got stolen from a detective's truck, unfortunately, was in the 40%, and that's why 6,300 people are now looking at the potential of identity theft.

US child porn suspect doesn't have to decrypt hard drives - yet

Child porn study examines nasty new trends including sextortion

In a case that could have far-reaching implications for compelling criminal suspects to decrypt digital storage devices, a judge on Tuesday temporarily suspended a previous order that would have compelled the decryption of hard drives suspected of containing child pornography.

Microsoft is reading Skype messages

Microsoft's reading Skype messages

Think your Skype communications are safe from prying eyes and ears? You might need to think again.

Monday review - the hot 24 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

IBM takes a big new step in cryptography: practical homomorphic encryption

IBM just released an open source software package called HELib.

HE stands for *homomorphic encryption*, and HELib is an important cryptographic milestone.

Paul Ducklin explains why...

US child abuse image suspect shielded from decrypting hard drives

US child abuse image suspect shielded from decrypting hard drives

The federal magistrate found that forced decryption would violate the computer scientist's Fifth Amendment rights against self-incrimination. It's no triumph for the agents who fight child abuse, but it is a win for privacy and for curtailment of government power over our data.

Movie site Vudu resets passwords after burglar nabs hard drives

Video site Vudu resets passwords after burglar nabs hard drives

Burglars broke into offices at video service Vudu late last month and stole hard drives containing customers' personal data, the company told customers in an email sent on Tuesday.