Sophos - Naked SecurityEvernote, the online note-taking service, has says that it has suffered a serious security breach which saw hackers steal usernames, associated email addresses and encrypted passwords.
Sophos - Naked SecurityThe Kim Dotcom saga took yet another turn today when the New Zealand Court of Appeal knocked back one of the big fella's earlier minivictories again US law enforcers.
Paul Ducklin takes you through the timeline of the story so far, and tries to guess what happens next...
Sophos - Naked SecurityFor over 12 centuries an intense battle has been fought between the code-makers and the code-breakers. But despite decades of cryptanalysis, there are many ciphertexts which have gone unsolved, leaving us in mystery.
Here's our top ten list, can you solve them?
Sophos - Naked SecurityFacebook said that when retrieving a user's email address via graph API, app developers were receiving a 10-digit number once for every 1,000 users, more or less (mileage varies), instead of the properly formatted email address the documentation states that the field should return.
Sophos - Naked SecurityWebhosting management company cPanel recently announced a worrying sort of compromise: the possible theft of its customers' root passwords.
Paul Ducklin looks at what happened, and what's being done to avoid a repeat of this worrying situation...
Sophos - Naked SecurityFellow Naked Security writer and industry stalwart Graham Cluley just emailed from San Francisco to tell us that we won the Best Corporate Security Blog in the 2013 Security Bloggers' Awards!
Way to go, team! (And thanks to all our readers who nominated us in the first place.)
Sophos - Naked SecurityAttackers could - until Google issued a fix last Thursday, that is - bypass Google accounts' two-step login verification, reset a user's master password, and gain full profile control, just by capturing a user's application-specific password.
"You do have to worry about your computer security, but you also need to worry about everybody else's"Sophos - Naked SecurityTechnology journalist Mat Honan and Cloudflare CEO Matthew Prince have something in common - they've both been hacked by the UGNazi hacktivist group.
And, I'm afraid what they had to say spells bad news for those of us who love to use the internet and embrace cloud-based technologies to manage our lives more easily.
Sophos - Naked SecurityThe number of people using peer-to-peer (P2P) services to download music fell by 17% last year, compared to 2011, according to a report released yesterday.
Sign up now »
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.