Encryption

TalkTalk customer details at risk, after yet another internet attack

What do they say about trouble coming in threes?

UK telecoms operator TalkTalk has revealed that it has once again suffered at the hands of hackers, and that details of four million customers might have been compromised.


1 min read

Chattering Wi-Fi devices are a short hop away from the crown jewels of your network

Sit down, make yourself a cup of tea, and learn how poorly-secured Wi-Fi devices could potentially be a target for criminals keen to break into your home network.

Bob Covello reports.


2 min read

Google insists on full-disk encryption for new Android 6.0 devices

In a boost for user privacy, Google now requires full device encryption on new Android 6.0 devices.

David LaVeque reports.


1 min read

One step closer to an encrypted web. Next stop: HTTPS for everyone

All major web browsers are now trusting Let’s Encrypt’s free security certificates, bringing a more secure and private web that much closer.


1 min read

Opinion: Maybe you shouldn’t junk LastPass just yet

LastPass’s announcement has upset a lot of users, but should you dump the password manager for another product?

Guest contributor Bob Covello shares his thoughts.


1 min read

Encryption is the only guarantee of data destruction in the cloud

Guest columnist Bob Covello argues that the only absolute guarantee that data you store in the cloud will never be accessed by an unauthorised party is to encrypt it.


1 min read

OWA backdoored to steal thousands of firm’s usernames and passwords

Outlook Web App runs on your company’s servers to give you access to your business email when you’re at home or out on the road.

But one firm found that its systems had been backdoored, giving hackers access to thousands of passwords…


1 min read

MI5’s website uses obsolete encryption protocol – and they’re fine with that

Is British intelligence service MI5 following best security practice on its website?

Or have they just scraped a C grade?


1 min read

Cracked Ashley Madison passwords consistent with years of poor security

There are many lessons to be learnt from the Ashley Madison hack – but one we’re realising loud and clear is that many computer users continue to use very dumb and predictable passwords.

David Bisson reports.


1 min read

Ashley Madison users warned of password risk

Hacked adultery website Ashley Madison appears to have coughed up a piece of data that was previously felt secure: its users’ passwords.


1 min read

Lavaboom’s warrant canary has expired

This isn’t something which inspires confidence in a service which was designed with the thought of keeping secure communications out of the hands of law enforcement agencies.

Lavaboom has gone Lavabust.


50 sec read

Whither Wuala? Encrypted file storage service bites the dust

It may never be made clear as to why Wuala decided to shut down, but its rapid farewell can only make one wonder if there is the remotest chance, like others before it.

What a shame it doesn’t have a warrant canary.


1 min read

bitdefender.com

Silenced for two years by Volkswagen, car hackers reveal their paper into security hole

Researchers explain how they managed to wirelessly lockpick car immobilisers – a technique which could also be used by sophisticated car thieves, stealing expensive cars to order.

Read more in my article on the Hot for Security blog.


0 sec read

I love chess, but I don’t trust FIDE’s website with my password or passport

FIDE, the world’s chess federation, is storing online passwords insecurely, and asking players to upload scans of their passport and other ID documents without even using HTTPS.


2 min read

The government shouldn’t be the reason you encrypt your data

Guest contributor Bob Covello believes that the government shouldn’t be the main reason you encrypt your data.

By banging on about how the government can crack encryption, we give people a reason not to bother with it.


1 min read

Trojanised TrueCrypt serves up malware to Russian-speaking targets

A Russian language version of TrueCrypt contains a secret backdoor trojan, researchers discover.

However, because it was careful to pick and choose who was targeted, the malware distribution has gone unnoticed for a long time.


1 min read