(get it in RSS or Atom)

Which web browser do you trust? [Poll]


We no longer choose our web browsers based on bells and whistles. These days its all about privacy and security and we'd like to know which browser (and which vendor) you trust to be your companion on the web.

Firefox 42 beta launches with Tracking Protection in Private Browsing


Hot on the heels of Firefox 41, Mozilla has released version 42 of its browser in beta, offering a slew of new features including Tracking Protection in Private Browsing.

We hashed them once, we hashed them twice! 60 Second Security

Out weekly wrap-up video.

Watch (and smile!) in just 1 minute...

"The breach lasted a year. Or was it two?" [Chet Chat Podcast 213]

Join Sophos experts John Shier and Paul Ducklin for the latest episode of our security podcast.

A fun quarter-hour of "news you can use"...

Unnoticed Firefox attacker had access to severe vulnerabilities for over a year


An attacker with access to security-sensitive information about the Firefox web browser went unnoticed for as much as two years, putting hundreds of millions of users at risk.

A virus on a *Mac*? Is NOTHING sacred? [Chet Chat Podcast 211]

The latest episode of our weekly security podcast - a quarter-hour of news with attitude! Enjoy.

Update Tuesday, Firefox's zero-day, more Android bugginess, a firmware virus for your Mac ...and a tax fraudster busted.

Is Stagefright over yet? 60 Sec Security [VIDEO]

Here's the latest episode of our weekly 1-minute security video - enjoy.

Firefox zero-day hole used against Windows and Linux to steal passwords

Poisoned ads have been helping to siphon off passwords from Windows and Linux computers in an attack apparently aimed at developers.

SSCC 198 - "Fusking"? Did I hear that correctly? [PODCAST]

A week of many patches, Lenovo in the news again, an anti-forensic tool with a misleading name, and the rudely-named "sport" of Fusking.

Listen to our latest straight-talking security podcast...

SSCC 193 - Pick a YouTube security token, any token! [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin as they dissect the latest computer security stories in their inimitable style.

Turn news into advice with the Sophos Security Chet Chat!

Firefox issues brand new update to fix HTTPS security hole in new update


Firefox 37.0 added support for a security-enhancing feature in HTTP/2 known as Alternative Services.

Unfortunately, the new feature had a rather bad HTTPS security hole all of its own...

"Pwn2Own" competition pops Flash, Reader and four browsers, pays out over $550K [POLL]

Pwn2Own has become something of an institution on the North American computer security conference circuit.

Come and vote in our poll to tell us what you think of security contests like this...

Firefox to get a "walled garden" for browser extensions, Mozilla to be sole arbiter

Mozilla has announced that its Firefox browser is heading towards signed browser extensions only.

Even if you publish your extensions "off market," you'll have to get Mozilla to sign them first.

Update Tuesday wrap-up, January 2015 - See? We didn't use the word "Patch"!

Like fingers and thumbs, not all updates are patches, even if all patches are updates.

So, here's the skinny on Update Tuesday...including the security patches, of course.

Firefox turns 10 - celebrates by helping you to forget

The Firefox browser just turned 10.

Paul Ducklin takes a trip down memory lane...

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird


Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

SSCC 158 - What do you mean, "Don't knit your own remote authentication"? [PODCAST]

Here's this week's Chet Chat security podcast for your listening pleasure.

Chester Wisniewski and Paul Ducklin of Sophos dissect the week's security news to see what we can learn from other people's mistakes...