SSL

(get it in RSS or Atom)

Anatomy of a certificate problem - the "PrivDog" software in the spotlight

pd-250

The bug's now fixed, but when software offers to make your secure transactions more secure...

...you don't expect things to work the other way around!

SSCC 187 - The cryptography edition [PODCAST]

chet-chat-logo-featured-250

Sophos expert John Shier sits in for regular presenter Chester Wisniewski in this episode.

John and Paul Ducklin dissect the latest security issues, which were dominated this week by some thorny matters of cryptography.

Google redesigns security warnings after 70% of Chrome users ignore them

Google redesigns security warnings after 70% of Chrome users ignore them

You can strip jargon, but in the end, the warnings that work best are those with visual throb: pick the right colors and hide the wrong choices!

"Goldmine for burglars" hole closed in Immobilise national property register

Burglar. Image courtesy of Shutterstock.

It was a burglar's dream: A list with 28+ million records of expensive toys. Customers' names, addresses, lists of valuables, and even the gizmos' monetary values were all easy pickings.

Gogo forges YouTube SSL certificate to throttle high-bandwith usage on flights

Plane. Image courtesy of Shutterstock.

It swears it's not intercepting user data, but issuing a fake HTTPS certificate sure doesn't make us feel warm and fuzzy.

SSCC 170 - Is the best time to shop at a store right after it has a breach? [PODCAST]

Here's the latest episode of our weekly security podcast.

Join Sophos experts Chester Wisniewski, John Shier and Paul Ducklin as they turn news into advice...

"Oops! I'm sorry about that" - 60 Sec Security [VIDEO]

Here it is - this week's 60 Second Security video.

News that will amuse, and it only takes a minute...

POODLE attack takes bytes out of your encrypted data - here's what to do

Heartbleed, Shellshock, Sandworm...and now POODLE.

It's a security hole that could let crooks read your encrypted web traffic.

Paul Ducklin takes you through how it works, and what you can do to avoid it, in plain (well, plain-ish) English...

SSCC 165 - "U2 or not U2," that is the question [PODCAST]

It's Chet Chat time!

Here's this week's episode of our news-you-can-use security podcast...

Firefox sneaks out an "inbetweener" update, with security improvements rather than fixes

Usually, if everything goes according to plan, Firefox updates appear every six weeks.

But if needs must, Mozilla delivers in-between updates, too, and that's what has happened here, bumping Firefox from version 32.0 to 32.0.1.

Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinning

Yesterday was Firefox's Fortytwosday (updates come out every 42 days, on Tuesdays, in a nod to Douglas Adams), bringing us to Firefox 32.0.

There are also two Extended Support Releases for the more conservative amongst us...

New iOS malware with a funky name: "Unflod Baby Panda"

panda-250

You may have heard mention, over the past few days, of some curiously-named new iOS malware.

You'll hear it called "Unflod", because of the name of the file in which it was found, as well as "Baby Panda."

Paul Ducklin goes on a Panda expedition...

Facebook survives, Apple patches, and Naked Security wins! 60 Sec Security [VIDEO]

2014-03-01-hoaxes-250

How harmless is that "Facebook shutting down on 29 February" hoax?

Is system reimaging really a security tool?

Find out this and more! 60 Sec Security - 01 Mar 2014

SSCC 136 - Apple's "goto fail", Neiman Marcus's logfiles, and Adobe's double update [PODCAST]

sscc136-thumb-250

Chester ducks out of booth duties at the RSA 2014 conference in San Francisco to bring you this week's Chet Chat.

From Apple's SSL bug to Adobe's second-in-a-month emergency Flash update, Chet and Duck once again help you to learn from others' mistakes.

Apple ships OS X 10.9.2 - delivers on promise to patch SSL/TLS hole "very soon"

osx-250

Forget my unofficial patch for OS X!

Apple has done what it said, and delivered the latest update to Mavericks, numbered OS X 10.9.2, "very soon."

Anatomy of a "goto fail" - Apple's SSL bug explained, plus an unofficial patch for OS X!

gotofail-250

Apple just patched an SSL/TLS bug in iOS - but the flaw is not yet fixed in OS X.

Paul Ducklin comes to the rescue with explanations, mitigations, and even an unofficial patch! (For educational purposes only, you understand.)

Just how secure is that mobile banking app?

https-tablet-250

Security researcher Ariel Sanchez recently published a fascinating report on the sort of security you can expect if you do your internet banking on an iPhone or iPad.

The answer, sadly, seems to be, "Very little."

Patching by Microsoft, spoofing Google and launching nukes - 60 Sec Security [VIDEO]

2013-12-14-missile-250

How fast is fast enough for a patch? Should you trust the French Treasury? How many zeros launch a missile?

Watch 60 Sec Security and find out!

Serious Security: Google finds fake but trusted SSL certificates for its domains, made in France

ff-ssl-warn-250

Google just announced the discovery of a bunch of fake SSL certificates for some of its own domains. The bogus certificates were apparently signed by the certificate authority of the French Treasury.

Paul Ducklin looks at how this sort of blunder happens, and how spot if ever it happens to your company...

Twitter joins the "forward secrecy" club for added resistance to surveillance

padlock-250

Twitter is the latest high-traffic social networking site to announce that it has added an extra layer of protection known as "forward secrecy" to its web servers.

And the company didn't say "surveillance" or "NSA" once in its statement.