https

Smashing Security #145: Apple and Google willy wave while home assistants spy – DoH!

Apple’s furious with Google over iPhone hacking attacks against Uyghur Muslims in China, DNS-over-HTTPS is good for privacy but makes ISPs angry, and concern over digital assistants listening to our private moments continues to rise.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist John Leyden.


2 min read

TV Licence website said it was secure. It wasn’t

The official UK TV licensing website was allowing licence purchasers to submit their personal identifiable information and bank details in unsafe, unencrypted plaintext.


2 min read

Smashing Security #088: PayPal’s Venmo app even makes your drug purchases public

Not one of Google’s 85,000 employees has had their accounts compromised by phishing in a year.  How have they done it? Find out in this podcast.

Also, we discuss with special guest Scott Helme how websites still using HTTP are now marked as “not secure” by Google Chrome, and if you’re buying drugs via PayPal’s Venmo app you should say goodbye to privacy.

All this and much much more is discussed in the latest edition of the award-winning “Smashing Security” podcast hosted by computer security veterans Graham Cluley and Carole Theriault.


1 min read

Google Chrome users met with ‘Not secure’ warnings when visiting HTTP sites

If you’re still running a website that is using insecure HTTP then it’s probably too late.

Some of your website’s visitors are going to be greeted with a message that tells them that they can’t trust your website to be secure.


1 min read

welivesecurity.com

All HTTP websites to soon be marked as ‘not secure’ by Google Chrome

If you’re still running a website that is using insecure HTTP then it’s time to wake up and drink the coffee.

Because unless you take action soon, you’re going to find many of your visitors are going to distrust your website.

Read more in my article on the We Live Security blog.


0 sec read

Smashing Security podcast #046: Good beard bad beard

Bearded man entangled in dark web drugs market bust, Google researches how to make browser security warnings less confusing, and “bedroom entertainment systems” (ahem) probed for security holes.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Rich Baldry.


58 sec read

Smashing Security #039: Woah – are we talking to a cyborg?

Hackers could change emails in your inbox *after* they are delivered, the web is getting more and more encrypted, and hacked robots can be commanded to umm… stab you.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by cyborg Scott Helme.


1 min read

Unencrypted website? Expect to start being shamed by Google Chrome from January

Too many websites are being lax with the security of your passwords and credit card information, and Google says enough is enough.

Read more in my article on the Hot for Security blog.


0 sec read

Comodo stands down from trademark tussle with Let’s Encrypt

Looks like Comodo has had second thoughts about entering a trademark dispute over the term “Let’s Encrypt”, as Steve Ragan at CSO Online reports: A Comodo staffer, Robin Alden, said that the company had abandoned their let’s encrypt trademarks. “Comodo has filed for express abandonment of the trademark applications at this time instead of waiting


21 sec read

Let’s Encrypt and Comodo in trademark tussle

The non-profit Let’s Encrypt project, set up to help more websites switch on HTTPS for free, has found itself in a kerfuffle with Comodo, one of the largest commercial vendors of website certificates. Let’s Encrypt writes: Some months ago, it came to our attention that Comodo Group, Inc., is attempting to register at least three


48 sec read

bitdefender.com

Now all WordPress.com sites can benefit from HTTPS encryption

Good news for security and privacy.

Millions of users hosting their sites on the wordpress.com servers will be able to force the use of HTTPS encryption – for free.

Read more in my article on the Hot for Security blog.


0 sec read

Inquiry into TalkTalk hack has its own web security issue

As the UK Parliament is not following best practices on its own website one wonders how the gall to investigate the TalkTalk breach…


39 sec read

One step closer to an encrypted web. Next stop: HTTPS for everyone

All major web browsers are now trusting Let’s Encrypt’s free security certificates, bringing a more secure and private web that much closer.


1 min read

I love chess, but I don’t trust FIDE’s website with my password or passport

FIDE, the world’s chess federation, is storing online passwords insecurely, and asking players to upload scans of their passport and other ID documents without even using HTTPS.


2 min read

Reddit, Wikipedia, Bing and the FBI agree – an encrypted web is a safer web

Reddit is the latest in a series of popular websites to announce that it will be switching to HTTPS by default, protecting their visitors with secure connections.


1 min read

Can you spot the difference between Google, Yahoo, and Bing?

Think you can spot the difference between the world’s top search engines?

Hint: it’s security-related.


1 min read