SSL

(get it in RSS or Atom)

Bing arrives better late than never to the encryption party

Bing arrives better late than never to the encryption party

Bing, the perennial web search bridesmaid is finally going to encrypt your search data by default.

Anatomy of a LOGJAM - another TLS vulnerability, and what to do about it

We've had BEAST, Lucky Thirteen, BREACH, BEAST, POODLE, Heartbleed and FREAK...now, it's LOGJAM.

Paul Ducklin explains, and tells you what you can do about it.

Facebook opens up Internet.org but there's no support for HTTPS

Mark Zuckerberg

Facebook has opened the internet up to users in India and other countries but says it won't immediately allow HTTPS.

The mobile "security gap" - Pinterest and Yammer the latest gappy apps

Pinterest and Yammer are the latest official mobile apps that didn't do HTTPS correctly, leaving users at risk of imposters and phishing.

Serious Security: China Internet Network Information Center in TLS certificate blunder

TLS certificates are very important.

In fact, you could say they are the cornerstone of online security, especially for e-commerce.

So we thought we'd use a story about a recent certificate security blunder to remind you why...

SSCC 189 - Hey, is that your CPU on fire? [PODCAST]

Join Sophos experts Chester Wisniewski and Paul Ducklin for our weekly security podcast.

Sharp, witty and educational, as usual (if we do say so ourselves)...enjoy!

But surely "export grade" means HIGHER quality? 60 Sec Security [VIDEO]

The latest episode of our weekly security news video...

...all in just 60 seconds, as usual.

The FREAK bug in TLS/SSL - what you need to know

The FREAK bug affects TLS/SSL, the security protocol that puts the S into HTTPS and the padlock in your browser's address bar.

Paul Ducklin explains in plain English...

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

SSCC 187 - The cryptography edition [PODCAST]

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

Google redesigns security warnings after 70% of Chrome users ignore them

Google redesigns security warnings after 70% of Chrome users ignore them

You can strip jargon, but in the end, the warnings that work best are those with visual throb: pick the right colors and hide the wrong choices!

"Goldmine for burglars" hole closed in Immobilise national property register

Burglar. Image courtesy of Shutterstock.

It was a burglar's dream: A list with 28+ million records of expensive toys. Customers' names, addresses, lists of valuables, and even the gizmos' monetary values were all easy pickings.

Gogo forges YouTube SSL certificate to throttle high-bandwith usage on flights

Plane. Image courtesy of Shutterstock.

It swears it's not intercepting user data, but issuing a fake HTTPS certificate sure doesn't make us feel warm and fuzzy.

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

New iOS malware with a funky name: "Unflod Baby Panda"

panda-250

You may have heard mention, over the past few days, of some curiously-named new iOS malware.

You'll hear it called "Unflod", because of the name of the file in which it was found, as well as "Baby Panda."

Paul Ducklin goes on a Panda expedition...