Clik here to view.
“Heartbleed heartache” – should you REALLY change all your passwords right away?
There is one important reason why you might not want to rush out and change all your passwords on all your services right this minute, and it's a sort-of Catch-22. Paul Ducklin explains...
View ArticleClik here to view.
Proposed law seeks to make retailers financially responsible for data breaches
Fallout from the epic Target data breach continues, as state lawmakers seek to hold retailers liable for financial damages caused by breaches spawned by their businesses, rather than financial...
View ArticleClik here to view.
Sending a "Heartbleed" password reset email? Please don't include a login link!
We'd like to urge any of you who are thinking of sending out "heartbleed" password reset emails: *please avoid those login links*. Help us to help everyone get geared up to avoid phishing attacks.
View ArticleClik here to view.
SSCC 142 - Heartbleed explained, Patches assessed, Apple chastised [PODCAST]
Chet and Duck explain what you can do about the big ticket security news items of the past week. The epic "Heartbleed" bug in OpenSSL, the last patches ever for XP and Office 2003, and Apple's attitude...
View ArticleClik here to view.
In-flight WiFi providers go above and beyond to help feds spy on us
Documents have come to light in which Gogo brags about how it not only complies with a federal law for compliance with law enforcement; it actually goes above and beyond requirements to give law...
View ArticleClik here to view.
$50 million Carder.su thief pleads guilty
Cameron Harrison of Georgia, US, was part of a large credit card fraud gang associated with the Carder.su website, believed to be responsible for around $50 million in losses around the globe.
View ArticleClik here to view.
"Heartbleed" - would 2FA have helped?
Because of the global password reset pandemic caused by Heartbleed, lots of Naked Security readers have asked, "Wouldn't 2FA have helped?" Paul Ducklin takes a look...
View ArticleClik here to view.
Heartbleed, Google Play and XP – 60 Sec Security [VIDEO]
How hard is Heartbleed recovery? How hard does Google Play try to keep the garbage out? And how hard are you trying to get over XP? 60 Second Security has the answers in a short, fun security video.
View ArticleClik here to view.
Monday review – the hot 20 stories of the week
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
View ArticleClik here to view.
WhatsApp, Facebook get a privacy finger wagged at them by FTC
The Commission suggests that, post-mega-acquisition (which has been OKed), WhatsApp should get users' permission before changing data collection.
View ArticleClik here to view.
Facebook wages war on Like-baiting and spammy posts
It's a full frontal assault on cute kittens and the Pages that pimp them out for Likes. Facebook's tweaked its algorithms to try to scrape off the clingy, whiny, needy stories published by Pages that...
View ArticleClik here to view.
Zeus malware – nine charged with conspiracy to steal millions of dollars
The US Department of Justice (DOJ) has charged nine individuals over their alleged involvement in a criminal organisation that stole millions of dollars from victims' bank accounts.
View ArticleClik here to view.
Please vote for Sophos Naked Security in the European Security Blogger Awards...
The second annual European Security Blogger Awards are coming up soon, and we're up for a prize in two categories. We'd love you to vote for us! (This time you don't have to vote in every category.)
View ArticleClik here to view.
Obama leaves loophole open for NSA to exploit zero-day vulnerabilities
No, the US White House didn't know about Heartbleed and didn't exploit the OpenSSL bug to snoop, it said, but it's reserving the prerogative to use zero-day exploits as a wedge to pry out intelligence...
View ArticleClik here to view.
Notorious troll and hacker Weev has conviction overturned
The courts have overturned Weev's conviction without having to deal with the sticky subject of the Computer Fraud and Abuse Act. They did it on grounds that surprised nobody: namely, venue.
View ArticleClik here to view.
Heartbleed jabs its first victims: UK parents’ site Mumsnet, Canadian tax agency
Two high-profile organisations, the UK parenting site Mumsnet and the Canada Revenue Agency, are the first known victims of the Heartbleed OpenSSL vulnerability to experience data breaches.
View ArticleClik here to view.
No Heartbleed holes in Java, but here comes a sea of patches anyway
Oracle's quarterly Patch Tuesday updates are out. Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication". The silver lining? No Heartbleed bug in Java Standard Edition...
View ArticleClik here to view.
Cyber extortionists swipe cosmetic surgery records, try to blackmail Harley...
Cyber crooks may have broken into Harley Medical Group, a cosmetic surgery firm with 21 clinics in the UK, to filch the intimate details of about 480,000 potential patients and then try to extort money...
View ArticleClik here to view.
Massive FBI facial recognition database raises privacy fears
The FBI is building a massive facial recognition database that could contain as many as 52 million images by 2015, including 4.3 million non-criminal images, according to information obtained by the...
View ArticleClik here to view.
Hardware maker LaCie admits to year-long credit card breach
The major hardware maker has admitted to a nearly year-long credit card breach - just the latest in a string of companies that have suffered Adobe ColdFusion vulnerabilities-related exploits.
View Article