Encryption

I love chess, but I don’t trust FIDE’s website with my password or passport

FIDE, the world’s chess federation, is storing online passwords insecurely, and asking players to upload scans of their passport and other ID documents without even using HTTPS.

The government shouldn’t be the reason you encrypt your data

Guest contributor Bob Covello believes that the government shouldn’t be the main reason you encrypt your data.

By banging on about how the government can crack encryption, we give people a reason not to bother with it.

Trojanised TrueCrypt serves up malware to Russian-speaking targets

A Russian language version of TrueCrypt contains a secret backdoor trojan, researchers discover.

However, because it was careful to pick and choose who was targeted, the malware distribution has gone unnoticed for a long time.

How was Hacking Team hacked?

The attacker who stole Hacking Team’s data gained access to an employee’s computer while the victim was still logged in, as Simon PG Edwards explains.

This video explains the dangers of public WiFi, by spying on British MPs

Watch this video and see for yourself, just how easy it is for hackers to spy upon your internet activity… if you’re not properly protected when using a public WiFi hotspot.

welivesecurity.com

How to steal PGP encryption keys (using radio waves and pita bread)

An ingenious team of Israeli security researchers at Tel Aviv University have discovered a way to steal secret encryption keys using a gadget so small it can be hidden inside some pita bread.

Read more in my article on the We Live Security blog.

Reddit, Wikipedia, Bing and the FBI agree – an encrypted web is a safer web

Reddit is the latest in a series of popular websites to announce that it will be switching to HTTPS by default, protecting their visitors with secure connections.

Can you spot the difference between Google, Yahoo, and Bing?

Think you can spot the difference between the world’s top search engines?

Hint: it’s security-related.

heatsoftware.com

Don’t let the LastPass hack destroy your faith in password managers

The LastPass hack may rattle some people’s faith in password managers, but the truth is that they’re a heck of a lot safer than the alternative.

Read more in my article on the Optimal Security blog.

Sunday Times reporter tells CNN everything you need to know about Snowden story

Perhaps unwittingly, the Sunday Times has revealed on video everything you need to know about its recent Edward Snowden report.

LastPass has been hacked. Change your master password now

Hackers have attacked LastPass, the popular online password manager, and stolen data.

If you’re a user, you might be wise to reset your master password and ensure that multi-factor authentication is enabled.

bitdefender.com

Facebook – now with added PGP encrypted notification emails to boost your security

The number of monthly active Facebook users is now close to 1.5 billion, and by my reckoning at least twelve of them are likely to be using PGP.

Nevertheless, this sounds like a good move…

Read more in my article on the Hot for Security blog.

Another tech firm says it has quit the UK over government internet surveillance plans

Eris Industries says it simply cannot engage in business if it is forced to incorporate cryptographic backdoors that can be accessed by MI5 and GCHQ.

heatsoftware.com

The Logjam vulnerability – what you need to know

Researchers discover a new attack against encrypted communications on the internet.

Read more in my article on the Optimal Security blog.

Technology firm says it is quitting the UK because of government internet surveillance plans

The first of many?

The UK government’s plans for a Snooper’s Charter and backdoors on secure messaging applications don’t prove popular with one technology company.

Barclays, Halifax and Tesco banks still vulnerable to POODLE attack

Six months after the world was warned about the POODLE bug, some online banks don’t seem to have received the memo.