(get it in RSS or Atom)

Who gives the best advice about password security?

Britain's GCHQ has just produced a great document about password security.

We like it, and we think you should read it...

11 million Ashley Madison passwords cracked in 10 days

Remember how Ashley Madison did one thing right: hashed the passwords properly?

Turns out they missed a few...million.

"Belts and breaches" - 60 Sec Security [VIDEO]


Here's the latest episode of our entertaining news-in-1-minute security roundup.


Bad news! LastPass breached. Good news! You should be OK...

LastPass, a company that makes a popular password manager, just found out that crooks got into its network.

But if you picked a proper password, you should be OK...

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

New York City makes a hash of taxi driver data disclosure

What do you do in your spare time if you're a self-confessed "urbanist, data junkie and civic hacker," like New York resident Chris Whong?

Use Freedom of Information Laws to find out more about NYC's taxi movements, of course...

SSCC 135 - Flappy Bird frenzy, Talking Angela talkfest, NBC hype, Kickstarter and Forbes [PODCAST]


What happened to Flappy Bird? Why was Talking Angela so talked about? Is internet access at the Winter Olympics in Sochi really a "special danger" situation? What can we learn from the database breaches at Kickstarter and Forbes?

Serious Security: How to store your users' passwords safely


Following our popular article explaining what Adobe did wrong with its users' passwords, a number of readers asked us, "Why not publish an article showing the rest of us how to do it right?"

Here you are...

Facebook locks users in a closet for using same passwords/emails on Adobe

Facebook locks users in a closet for using same passwords/emails on Adobe

Blessed be Facebook for using this real-world example to 100% back up Naked Security when we proselytize about the evils of password reuse. And if you're worried that Facebook's mining of breached Adobe customer records and quarantining of users is Big Brother-ish, fear not: the company didn't have to store passwords in clear text or pull any other boneheaded security move to know just what its customers' reused passwords are.

Anatomy of a password disaster - Adobe's giant-sized cryptographic blunder


Learn how cryptanalysts think, and why cryptographers feel such terrible dismay when companies that really ought to know better make mammoth mistakes.

Paul Ducklin deconstructs the data leaked in Adobe's latest megabreach...

Data Breach Week, SIMs cracked, carders busted - 60 Sec Security [VIDEO]


How safe is the SIM in your mobile phone? Could it be remotely infected with malware?

Possibly - watch this week's 60 Second Security video and find out more!

Ubisoft customers told "change your passwords *now*"

Ubisoft customers told change your passwords *now*

Ubisoft is urging customers to change their passwords following a breach that exposed user names, email addresses and encrypted passwords.

SSCC 108 - WW2 crypto, Bitcoin mining, internet cameras, password breaches [PODCAST]


Chester calls home from Interop in Las Vegas to record the latest episode of the Sophos Security Chet Chat.

Join Chester and guest Paul Ducklin in their regular quarter-hour podcast as they laugh about (and lament) the latest goings-on in the world of computer security.

50,000,000 usernames and passwords lost as LivingSocial "special offers" site hacked

LivingSocial, the online offers site owned in largish part by Amazon, has just emailed its userbase, said to be 50,000,000-strong, to fess up to a data breach.

Another day, another shed-load of password hashes in the hands of crooks....

Scribd, "world's largest online library," admits to network intrusion, password breach


San Francisco-based document sharing site Scribd has admitted to a network intrusion.

Details are scant, but fortunately a notification published by the company suggests that no more than 1% of users are at risk...

"Rude password - login denied": the AT&T April Fool that wasn't


Why, and more importantly, *how*, would you go about weeding out rude passwords?

Surely an April Fool?

Paul Ducklin takes a look...

Twitter hacked, at least 250,000 users affected: what you can do to protect yourself

Twitter is the latest web property to admit that intruders seem to have been wandering around its network for some time.

Paul Ducklin investigates and offers some advice on what to do next...

Cracked passwords from the alleged 'Egyptian hacker' Adobe breach

Cracked passwords from the alleged 'Egyptian hacker' Adobe breach

An allegedly Egyptian hacker going by the name ViruS_HimA has allegedly hacked into Adobe.

Wherever the data actually comes from, it reveals yet more poor password hygiene at both the client and the server...find out just how bad.

League of Legends online game joins the League of the Hacked

League of Legends online game joins the League of the Hacked

Online real-time strategy game League of Legends, from Riot Games, is the latest large web property to own up to a data breach.

There's a silver lining, namely that the company's notification is frank and helpful, stating clearly what was stolen, and what wasn't.