(get it in RSS or Atom)

South Korea: Medical data delivers yet another identity crisis

Remember how we TOLD you not to knit your own cryptography?

Well, we're telling you again!

"Stagefright - are we in the clear now?" [Chet Chat Podcast 214]

Listen to Sophos experts Chester Wisniewski and Paul Ducklin in the latest episode of our weekly security podcast...

Who gives the best advice about password security?

Britain's GCHQ has just produced a great document about password security.

We like it, and we think you should read it...

We hashed them once, we hashed them twice! 60 Second Security

Out weekly wrap-up video.

Watch (and smile!) in just 1 minute...

11 million Ashley Madison passwords cracked in 10 days

Remember how Ashley Madison did one thing right: hashed the passwords properly?

Turns out they missed a few...million.

"Belts and breaches" - 60 Sec Security [VIDEO]


Here's the latest episode of our entertaining news-in-1-minute security roundup.


Bad news! LastPass breached. Good news! You should be OK...

LastPass, a company that makes a popular password manager, just found out that crooks got into its network.

But if you picked a proper password, you should be OK...

WordPress issues critical security fixes, closing remote anonymous compromise bug and more


WordPress has just published a critical security release.

If you're still on WordPress 3, this is about as critical as it gets, because one of the fixes closes a "remote anonymous compromise" bug.

Has the PlayStation Network really been hacked? Should you change your password?


A smallish sample of usernames and passwords allegedly stolen from the PlayStation Network (PSN), Windows Live and 2K Gaming Studio has been leaked by a trio of crackers.

Real or hoax?

Do we really need strong passwords?

Short password

The idea that computer users should use long, complex passwords is one of computer security's sacred cows.

But is is really necessary?

Mark Stockley investigates...

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Canadian spam, New York taxis and Brazilian passwords - 60 Sec Security [VIDEO]

Canada goes "opt in", NYC makes a hash, and Brazil forgets its punctuation.

It's 60 Second Security for 28 June 2014!

New York City makes a hash of taxi driver data disclosure

What do you do in your spare time if you're a self-confessed "urbanist, data junkie and civic hacker," like New York resident Chris Whong?

Use Freedom of Information Laws to find out more about NYC's taxi movements, of course...

SourceForge's turn to reset passwords - this time in a good cause!


Hot on the heels of eBay's password problems comes a password reset notification from SourceForge.

The good news is that SourceForge's reset is a *proactive* measure, not a reactive one.

SSCC 135 - Flappy Bird frenzy, Talking Angela talkfest, NBC hype, Kickstarter and Forbes [PODCAST]


What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?

Syrian Electronic Army hacks Forbes, spills 1M user records - here's what you need to know


The SEA made off with more than a million records from the Forbes user database - perhaps including yours! - and published them online.

We already "cracked" a quarter of the Forbes staffer's accounts...Paul Ducklin looks at how well everyone else's password might hold up.

Serious Security: How to store your users' passwords safely


Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"

Here you are...

Forum software vendor vBulletin breached - apparently by vBulletin hack


Forum software vendor vBulletin has owned up to a username-and-password breach on its forum.

Guess which forum software the company uses?

Facebook locks users in a closet for using same passwords/emails on Adobe

Facebook locks users in a closet for using same passwords/emails on Adobe

Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.

Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder


Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.

Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...