(get it in RSS or Atom)

Double FREAK! A cryptographic bug that was found because of the FREAK bug

Researchers checking up on the state of FREAK patching turned up another bug as a result.

Sometimes, finding programming mistakes requires serendipitous coincidences!

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

Thanks for voting for us - we won the Grand Prix Prize for the Best Overall Security Blog!


Thanks, everyone!

We asked you to vote for us in the EU Security Blogger did so, and we won!

SSCC 136.5 - RSA 2014 Conference Special: the good, the weird and the interesting! [PODCAST]


Paul Ducklin hooks up "live at RSA" with Chester Wisniewski and John Shier for a Conference Special podcast.

Find out what was good, weird, interesting, or all of the above, at this year's RSA 2014 event!

Get into RSA 2014 for free – and don't forget to stop by and say "Hello" to Sophos!


It's nearly time for the annual RSA conference in San Francisco.

If you'll be in the area, why not grab a free Expo pass and drop by to say "Hello"?

Please vote for Naked Security in the 2014 Security Blogger Awards!


Naked Security is up for an award as "The Blog That Best Represents The Security Industry" at the 2014 Security Blogger Awards.

If you'd like to see us win, please vote for us!

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]


Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

CarderPlanet bust, Target credit card breach, online safety for kids - 60 Sec Security [VIDEO]


What prison sentence for the man who pioneered online carding? How many credit cards did Target lose? Does your encryption software "speak" to passers-by? How to keep your kids safe online over the holidays?

Find out in 60 seconds!

The sound made by your computer could give away your encryption keys...


Cryptographers in Israel have taken aim at their laptops with microphones - and come up with some extraordinary results.

They were able to listen to their email software decrypting a sequence of messages, and to recover the RSA private key using the acoustic emanations...

Monday review - the hot 15 stories of the week

Monday review

It's weekly roundup time. Here's all the great stuff we've written in the past seven days.

Anatomy of a change - Google announces it will double its SSL key sizes


Google just announced that its secure web pages will be ditching 1024-bit RSA keys in favour of 2048 bits.

We look at the lessons to be learned from whats, the whys and the wherefores of this change...

Monday review - the hot 22 stories of the week


In case you missed anything, here's everything we wrote in the past seven days.

Vote Naked Security for best security blog

Social Security Blogger Awards 2013

Naked Security and the Sophos Security Chet Chat could be nominated for awards at this year's Social Security Blogger Awards. Will you help us out by voting for us?

Unmasked! Alleged mastermind of "Project Blitzkrieg" online attack plot against US banks

Alleged mastermind of "Project Blitzkrieg" project targeting US banks is unmasked

Claims are made that a cyber gang is recruiting some 100 botmasters for a Trojan attack against 30 US bank, and the plot's alleged mastermind is unmasked.

But given the alleged fraudster's flamboyant claims, can we be sure he's not a trap set by Russian law enforcement?

Monday review: the hot 18 stories of the week

Monday review: the hot 18 stories of the week

It's weekly summary time.

Here's everything we've written in the last seven days.

SSCC 98 - RSA keys, Blackhole exploits, Nitol botnets and Apache takes potshots at Microsoft

SSCC 98 - RSA key safety, Blackhole exploit kit updated, Nitol botnet takedown and Apache takes potshots at Microsoft

Duck joins Chet to take on the latest security news.

As usual, they don't mince their words, so take a listen and enjoy a quarter-hour mix of news, opinion, advice and research..

Microsoft says "No!" to insecure certificate practices

Microsoft says "No!" to insecure certificate practices

Microsoft will be shipping an update as part of October's Patch Tuesday that will invalidate RSA certificates weaker than 1024 bits. If you are using old or weak certificates now is the time to upgrade them to a more appropriate strength.

Will iPhone 5 have a fingerprint scanner? And will anybody use it?

Will iPhone 5 Boast A Fingerprint Scanner? And will anybody use it?

The internet is abuzz with whispers that Apple's iPhone 5, rumoured to be launched this week, will come with a fingerprint scanner to secure the device. If true, this could be a big step forward in iPhone's quest to become a digital wallet, but will convenience-crazy iPhone users embrace biometrics?

VIDEO: How to solve the RSA 2012 #sophospuzzle

VIDEO: How to solve the RSA 2012 #sophospuzzle

By popular request, here is a video explaining how to solve the cryptographic puzzle we published on our RSA 2012 conference T-shirt...

Sophos wins "Best Email Security" award at RSA 2012


As regular Naked Security readers will know, I'm not usually given to marketroidistic endorsements, even of our own products. But in this case I couldn't resist it.

Our Astaro Secure Gateway 8.2 product took the crown for Best Email Security in the SC Magazine Awards at RSA 2012.