Disqus reveals data breach, but wins points for transparency

Disqus has public announced that its user database leaked in 2012, exposing the usernames, email addresses, sign-up dates, and last login dates of more than 17 million users.

Read more in my article on the Hot for Security blog.


Apple fixes flaw that displayed actual password rather than password hint

If you’re running macOS High Sierra on your desktop or laptop, stop right now and make sure you have applied the latest security update.

Read more in my article on the Hot for Security blog.

‘I don’t need to understand how encryption works,’ admits UK Home Secretary

Amber Rudd is fed up with “sneering” and “patronising” technology experts.

Adobe’s security team reveals its private PGP key

A careless finger fumble can easily put the security of your organisation at risk. Take care if cutting-and-pasting PGP keys!

Smashing Security #039: Woah – are we talking to a cyborg?

Hackers could change emails in your inbox *after* they are delivered, the web is getting more and more encrypted, and hacked robots can be commanded to umm… stab you.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by cyborg Scott Helme.

‘Real people’ do not want secure communications, claims UK Home Secretary Amber Rudd

UK Home Secretary Amber Rudd argues that “real people” would be happy with imperfect, breakable security.


iOS VPN apps removed from Apple’s Chinese App Store

Apple has bowed to pressure from the regime in Beijing, and removed some VPN apps from the Chinese version of its iOS App Store.

Read more in my article on the We Live Security blog.

Spyware abuses Telegram messaging app to target Iranian Android users

Unsuspecting Iranian users of the Telegram app, best watch out – or they could find themselves the target of Android spyware.

David Bisson reports.

Smashing Security #033: 1Password, net neutrality, and spatchcock chicken

Is password manager 1Password treating its customers unfairly? Are autonomous cars driving us around the bend? And what is this Net Neutrality thing anyway?

All this and more is discussed in the latest edition of the “Smashing Security” podcast.

Petya ransomware developer releases master decryption key, giving hope for victims

The original developer of the Petya ransomware has released a master decryption key that works for all prevision versions of its enciphering creation.

But before you get too excited, it doesn’t work for NotPetya…

David Bisson reports.

Ransomware attack against University College London blamed on poisoned website

A London-based university has temporarily disabled some of its systems in the wake of a widespread ransomware attack.

David Bisson reports.

How to buy Bitcoins, and where you can do it

If you wanted to buy Bitcoins, or – gulp! – needed to buy Bitcoins, would you know how?

David Bisson talks you through the process.

Don’t let politicians use the excuse of murderous assholes to scapegoat the internet

In the wake of terrorist attacks in the UK, politicians are beating a familiar drum: it’s the internet’s fault.

Windows XP ‘did not contribute much’ to WannaCry infection totals

Even in the absence of encrypted files, no one wants a Blue Screen of Death.

David Bisson reports.

Companies keeping Bitcoin on hand in case of ransomware attacks

Companies are stockpiling Bitcoin just in case they suffer a ransomware attack and need to quickly regain access to their data.

David Bisson reports.

A ‘great security tool’ that encrypts files? Think again! It’s ransomware

The authors of FrozrLock, a new ransomware-as-a-service (RaaS), are marketing their platform on the dark web as a “great security tool.”

David Bisson reports.