https

(get it in RSS or Atom)

Can you trust Tor's exit nodes?

Can you trust Tor's exit nodes?

Tor is the encrypted, anonymous way to browse the web that keeps you safe from prying eyes, right? Well, maybe not. Researcher Chloe created a honeypot website and dared Tor's exit node operators to steal the password. Sixteen of them did.

Bing arrives better late than never to the encryption party

Bing arrives better late than never to the encryption party

Bing, the perennial web search bridesmaid is finally going to encrypt your search data by default.

Facebook opens up Internet.org but there's no support for HTTPS

Mark Zuckerberg

Facebook has opened the internet up to users in India and other countries but says it won't immediately allow HTTPS.

US government whistleblowers left vulnerable to eavesdropping

US government whistleblowers left vulnerable to eavesdropping

In response to the HTTPS-Only Standard proposal, the ACLU name 29 branches of the Federal government that don't secure whistleblowers' data.

What's SUPER and helps you to PHISH, sorry, FISH? 60 Sec Security [VIDEO]

Here's our weekly news roundup - from Superfish to Super Spectacles.

It's amusing, informative, and only takes a minute - enjoy!

Lenovo "Superfish" controversy - what you need to know

sf-250

Controversy of the week is "Superfish," an adware program pre-installed on Lenovo computers that has some worrying security problems.

Here's what you need to know, in plain English...

Naked Security bids farewell to HTTP

pcullis-250

From now on Naked Security will only be available over secure, encrypted HTTPS with Strict Transport Security and Forward Secrecy.

Would you allow access to Facebook at Work? [POLL]

What would you say to a variant of Facebook that you could use at work?

And not just *at* work, but *for* work?

Adobe updates its e-reader - DRM data no longer transmitted insecurely

adobe-250

Adobe's e-reader software now has "enhanced security" for uploading metadata about what you read.

Or, as you might say, "no longer uploads that data insecurely"...

Mozilla fixes "phishing friendly" cryptographic bug in Firefox and Thunderbird

moz-250

Mozilla just patched a bug in its cryptographic library, NSS.

The bug is rated "critical" because it could permit skullduggery in apparently secure connections.

How Google plans to encrypt the web

Google HTTPS

This could be an inflection point for web security. By making HTTPS something that impacts search results Google are applying the stick to an enormous security push that's been all carrots up to now.

How anyone can hack your Instagram account

instagram-250

Should you write instructions that tell everyone how to hack Instagram accounts, including advice like "wait for someone to use the Instagram iOS app"?

This security researcher did, after he was denied a bug bounty for reporting the problem...

Naked Security now available in HTTPS

Padlock

You can now browse your favourite computer security news website and make it more difficult for the NSA to spy on you at the same time!

Heartbleed bust, Fingerprint fakery, WhatsApp privacy SNAFU - 60 Sec Security [VIDEO]

fb-60ss-250

What happens if you hack your local tax office? Can you trust the Samsung Galaxy S5's fingerprint security? Did WhatsApp finally get security right in its app?

Find out the answers in one entertaining minute of video - it's 60 Second Security!

Don't share your location with your friends on WhatsApp

wapp-loc-250

A group of budding security researchers at the University of New Haven in Connecticut recently taught themselves a handy lesson about the difference between *liking* WhatsApp and *trusting* it.

SSCC 140 - Does Windows have more holes than OS X? Whither messaging privacy? [PODCAST]

sscc-140-thumb-250

How bad is the latest Microsoft Word 0-day? Does OS X really need patching less often than Windows? What does Gmail's move to HTTPS-only really mean? And if WhatsApp has privacy coded into its DNA, is it coded into its app, too?

Chet and Duck get stuck in...

Google switches Gmail to HTTPS only

Google switches Gmail to HTTPS only

Google is now using an always-on HTTPS connection and encrypting all Gmail messages moving internally on its servers.

Anatomy of a Bitcoin phish - don't be too quick before you click!

bc-250

Paul Ducklin looks at a recent Bitcoin phish, and offers some tips on how not to get suckered in just because things look familiar...

Snapchat, Yahoo, Mavericks and T-shirts - 60 Sec Security [VIDEO]

2014-01-11-mac-dilemma-250

How long does it take a trendy cloud company to apologise? Do you really need HTTPS for webmail? OS X Mavericks - should you stay or should you go? And who won our crossword competition?

60 Second Security - 11 Jan 2014.

Yahoo makes good on its promise to enable HTTPS by default for Yahoo Mail

Yahoo makes good on its promise to enable HTTPS by default for Yahoo Mail

Yahoo, following the lead of Google and Microsoft, has now enabled HTTPS encryption for all Yahoo Mail users by default.