Heartbleed bug *can* expose private SSL keys

If you administer a server and have so far put off revoking and reissuing your SSL certificates, it might be time to think again.

If you don’t, you could be putting your users and online customers in jeopardy.

1 min read

Did the Heartbleed bug leak your Yahoo password?

Amazingly, the OpenSSL Heartbleed bug appears to have been around for about two years. Which means that – in theory at least – this gaping security hole could have been actively exploited by unauthorised parties for a long period of time.

1 min read

The Heartbleed bug: serious vulnerability found in OpenSSL cryptographic software library

System administrators, I hope you weren’t planning to have an easy day today?

The potentially disastrous news is that a serious security flaw has been uncovered in versions of OpenSSL’s transport layer security (TLS) protocols.

1 min read

You’ve uploaded files to Dropbox. But just how private are they?

Dropbox admits it is checking files shared publicly on its systems for copyright infringements.

If you don’t like it, you have to start securely encrypting your data *before* you upload it to the cloud.

2 min read

Gmail goes HTTPS-only, inside and out!

Here’s some good news for the privacy conscious, and anyone who thinks the NSA may have overstepped the mark with their digital surveillance of Google…

1 min read

After losing 850,000 Bitcoins worth over $470 million, MtGox sets up a telephone hotline

MtGox, the Bitcoin exchange which dramatically shut its doors last week after it revealed hackers had stolen approximately $477 million worth of the digital currency, has opened a telephone hotline for affected customers.

But will your call be answered?

1 min read

Details of over one million Forbes readers leaked online (including mine)

Over one million readers of the Forbes website might be wise to change their password, and keep an eye open for suspicious emails, after a group of notorious hackers gained access to user information and published it online.

1 min read

Orange hacked. 800,000 French customers have their personal data stolen

French telecom firm Orange says that it lost nearly 800,000 customer details.

The good news: Orange says the passwords can’t be used.

The bad news: we don’t have a clue what that means. Were they encrypted? Were encrypted passwords salted and hashed? Orange isn’t saying.

1 min read

Did the NSA and GCHQ hack this cryptography professor’s PC?

Anyone working in cryptography research now needs to consider themselves a potential target for state-sponsored cyber-attack, even from countries who you might consider to be on the same side as you.

1 min read

Alan Turing receives a Royal Pardon posthumously

Alan Turing, the British mathematicial genius who cracked the German Enigma code and helped bring an end to World War II, has received a royal pardon 59 years after his death.

48 sec read

The NSA’s $10 million ‘bribe’ to get RSA to use backdoored encryption algorithm

The NSA arranged a secret $10 million deal with security firm RSA that ultimately resulted in the company incorporating a flawed algorithm for generating random numbers into its products, creating a backdoor into encrypted communications.

1 min read

Don’t call it ‘the cloud’. Call it ‘someone else’s computer’

“Cloud” is a lovely, fluffy, comforting word.

Is that why we trust it more than saying we’re storing our data on “someone else’s computer”?

52 sec read

Free WiFi proxy revealed to be sneakily Bitcoin mining on unsuspecting users’ computers

Always be wary of software which seems to be too good to be true. It may well be trying to make money at your expense.

1 min read

David Cameron on the techniques, ability and *brilliance* of GCHQ and the NSA

British PM David Cameron says the news has been full of stories of the sheer brilliance of the GCHQ and the NSA.

Do you think their internet surveillance has been brilliant? And what do you think of Google and Microsoft’s initiative to deter paedophiles?

1 min read

The top 50 woeful passwords exposed by the Adobe security breach

In a screw-up of colossal proportions, Adobe didn’t properly protect the password data on its servers… and now we can all see the most common passwords used by its customers.

3 min read

How to crack GCHQ’s hacker recruitment puzzle

Professor Alan Woodward reveals how to crack GCHQ’s online puzzle – designed to help them recruit codebreakers and hackers.

6 min read