SSL

Lenovo’s Superfish security fiasco ends in a slap on the wrist

Computer manufacturer barely notices $3.5 million fine after customers’ privacy and security was put at risk.


1 min read

DROWN attack: 33% of all HTTPS servers declared at risk

Web servers around the world are at risk from a serious security vulnerability, dubbed the DROWN attack, which could allow hackers to steal private information.


1 min read

BB-8 Star Wars droid toy. The insecurity is strong with this one

Star Wars fans! Did Santa bring you a remote control BB-8 droid for Christmas?

Lucky you. But sadly, security is not its strong point.


1 min read

Inquiry into TalkTalk hack has its own web security issue

As the UK Parliament is not following best practices on its own website one wonders how the gall to investigate the TalkTalk breach…


39 sec read

MI5’s website uses obsolete encryption protocol – and they’re fine with that

Is British intelligence service MI5 following best security practice on its website?

Or have they just scraped a C grade?


1 min read

heatsoftware.com

The Logjam vulnerability – what you need to know

Researchers discover a new attack against encrypted communications on the internet.

Read more in my article on the Optimal Security blog.


0 sec read

Barclays, Halifax and Tesco banks still vulnerable to POODLE attack

Six months after the world was warned about the POODLE bug, some online banks don’t seem to have received the memo.


51 sec read

OpenSSL patched against high severity denial-of-service bug, and other flaws

Phew! The high severity OpenSSL bug is not another Heartbleed, but a denial-of-service flaw instead.

Make sure you learn about it (and other vulnerabilities fixed) and take appropriate action.


1 min read

Brace yourself. Mystery OpenSSL high severity vulnerability due to be fixed on Thursday

Vulnerability in OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, is described as “highly serious”.


1 min read

And it’s goodbye to HTTP from this website…

Graham Cluley’s security website goes HTTPS… for your private viewing pleasure.


1 min read

Bye bye to bloatware! Bruised Lenovo promises ‘a cleaner, safer PC’

Maybe there’s something good that can come out of the SSL-busting Superfish debacle. Lenovo, you better be telling us the truth. We’ll be watching you.


1 min read

Lenovo’s website hijacked (briefly) by High School Musical-loving hackers

Just when they probably imagined they were over the worst… Lenovo’s website has been hijacked – and emails compromised – by the Lizard Squad gang.


1 min read

What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

If you thought Superfish, pre-installed on Lenovo computers, was bad – you ain’t seen nothing yet.


1 min read

The POODLE bug internet vulnerability! Watch this video then check your browser

In case you haven’t heard, the boffins at Google have discovered a vulnerability that is pretty serious.

It’s called the POODLE vulnerability, or as I like to think of it “the POODLE bug”. And if left unchecked it could be exploited by hackers.


1 min read

Apple patches iPhones, iPads, iMacs and MacBooks against critical security holes

If you are using Apple computers or iDevices, I recommend that you update your operating system as soon as possible – because on Tuesday the Cupertino-based firm published some critical security updates.


1 min read

Gmail goes HTTPS-only, inside and out!

Here’s some good news for the privacy conscious, and anyone who thinks the NSA may have overstepped the mark with their digital surveillance of Google…


1 min read