SSL

(get it in RSS or Atom)

The mobile "security gap" - Pinterest and Yammer the latest gappy apps

Pinterest and Yammer are the latest official mobile apps that didn't do HTTPS correctly, leaving users at risk of imposters and phishing.

Serious Security: China Internet Network Information Center in TLS certificate blunder

TLS certificates are very important.

In fact, you could say they are the cornerstone of online security, especially for e-commerce.

So we thought we'd use a story about a recent certificate security blunder to remind you why...

SSCC 189 - Hey, is that your CPU on fire? [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for our weekly security podcast.

Sharp, witty and educational, as usual (if we do say so ourselves)...enjoy!

But surely "export grade" means HIGHER quality? 60 Sec Security [VIDEO]

\

The latest episode of our weekly security news video...

...all in just 60 seconds, as usual.

The FREAK bug in TLS/SSL - what you need to know

The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser's address bar.

Paul Ducklin explains in plain English...

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

SSCC 187 - The cryptography edition [PODCAST]

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

Google redesigns security warnings after 70% of Chrome users ignore them

Google redesigns security warnings after 70% of Chrome users ignore them

You can strip jargon, but in the end, the warnings that work best are those with visual throb: pick the right colors and hide the wrong choices!

"Goldmine for burglars" hole closed in Immobilise national property register

Burglar. Image courtesy of Shutterstock.

It was a burglar's dream: A list with 28+ million records of expensive toys. Customers' names, addresses, lists of valuables, and even the gizmos' monetary values were all easy pickings.

Gogo forges YouTube SSL certificate to throttle high-bandwith usage on flights

Plane. Image courtesy of Shutterstock.

It swears it's not intercepting user data, but issuing a fake HTTPS certificate sure doesn't make us feel warm and fuzzy.

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

New iOS malware with a funky name: "Unflod Baby Panda"

panda-250

You may have heard mention, over the past few days, of some curiously-named new iOS malware.

You'll hear it called "Unflod", because of the name of the file in which it was found, as well as "Baby Panda."

Paul Ducklin goes on a Panda expedition...

Facebook survives, Apple patches, and Naked Security wins! 60 Sec Security [VIDEO]

2014-03-01-hoaxes-250

How harmless is that "Facebook shutting down on 29 February" hoax?

Is system reimaging really a security tool?

Find out this and more! 60 Sec Security - 01 Mar 2014

SSCC 136 - Apple's "goto fail", Neiman Marcus's logfiles, and Adobe's double update [PODCAST]

sscc136-thumb-250

Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.

From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.

Apple ships OS X 10.9.2 - delivers on promise to patch SSL/TLS hole "very soon"

osx-250

Forget my unofficial patch for OS X!

Apple has done what it said, and delivered the latest update to Mavericks, numbered OS X 10.9.2, "very soon."