Encryption

The Draft Investigatory Powers Bill – what it actually says

The controversial draft Investigatory Powers Bill being proposed by the UK government says almost nothing about encryption.

Guest contributor Philip Le Riche shares his opinion about what it does have to say, and whether he feels the bill is needed.

TalkTalk was hacked. But it’s silly to ask if the data was encrypted

Alan Solomon argues that data encryption is irrelevant in the case of the TalkTalk hack.

Hacked TalkTalk says that it has received ransom demand

TalkTalk has said that it has received a ransom demand, after it suffered a hack which has potentially put the details of up to four million customers at risk.

TalkTalk customer details at risk, after yet another internet attack

What do they say about trouble coming in threes?

UK telecoms operator TalkTalk has revealed that it has once again suffered at the hands of hackers, and that details of four million customers might have been compromised.

Chattering Wi-Fi devices are a short hop away from the crown jewels of your network

Sit down, make yourself a cup of tea, and learn how poorly-secured Wi-Fi devices could potentially be a target for criminals keen to break into your home network.

Bob Covello reports.

Google insists on full-disk encryption for new Android 6.0 devices

In a boost for user privacy, Google now requires full device encryption on new Android 6.0 devices.

David LaVeque reports.

One step closer to an encrypted web. Next stop: HTTPS for everyone

All major web browsers are now trusting Let’s Encrypt’s free security certificates, bringing a more secure and private web that much closer.

Opinion: Maybe you shouldn’t junk LastPass just yet

LastPass’s announcement has upset a lot of users, but should you dump the password manager for another product?

Guest contributor Bob Covello shares his thoughts.

Encryption is the only guarantee of data destruction in the cloud

Guest columnist Bob Covello argues that the only absolute guarantee that data you store in the cloud will never be accessed by an unauthorised party is to encrypt it.

OWA backdoored to steal thousands of firm’s usernames and passwords

Outlook Web App runs on your company’s servers to give you access to your business email when you’re at home or out on the road.

But one firm found that its systems had been backdoored, giving hackers access to thousands of passwords…

MI5’s website uses obsolete encryption protocol – and they’re fine with that

Is British intelligence service MI5 following best security practice on its website?

Or have they just scraped a C grade?

Cracked Ashley Madison passwords consistent with years of poor security

There are many lessons to be learnt from the Ashley Madison hack – but one we’re realising loud and clear is that many computer users continue to use very dumb and predictable passwords.

David Bisson reports.

Ashley Madison users warned of password risk

Hacked adultery website Ashley Madison appears to have coughed up a piece of data that was previously felt secure: its users’ passwords.

Lavaboom’s warrant canary has expired

This isn’t something which inspires confidence in a service which was designed with the thought of keeping secure communications out of the hands of law enforcement agencies.

Lavaboom has gone Lavabust.

Whither Wuala? Encrypted file storage service bites the dust

It may never be made clear as to why Wuala decided to shut down, but its rapid farewell can only make one wonder if there is the remotest chance, like others before it.

What a shame it doesn’t have a warrant canary.

bitdefender.com

Silenced for two years by Volkswagen, car hackers reveal their paper into security hole

Researchers explain how they managed to wirelessly lockpick car immobilisers – a technique which could also be used by sophisticated car thieves, stealing expensive cars to order.

Read more in my article on the Hot for Security blog.