11 Heartbleed Facts

Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable – and the list keeps growing. Just how many products and websites need to be patched, and related digital certificates revoked and reissued, before the Heartbleed vulnerability will be mitigated? But information about the vulnerability,

Hacked – 33 # Harley Medical Group

Hackers have targeted Harley Medical Group, one of the leading cosmetic surgery provider in the UK, and have apparently made off with personal information of 480,000 users.

Security time bomb is still ticking

Heartbleed, the bug that has preoccupied thousands of websites and millions of users over the past week, may well have been the biggest security flaw in internet history but it is unlikely to be the last. Our entire security infrastructure is a mess because both ordinary people and elite security experts often harbour fundamental misunderstandings

Crypto-email service Lavaboom

Lavaboom, a German-based and supposedly NSA-proof email service, will go into private beta this week. Its mission is to spread the Edward Snowden gospel by making encrypted email accessible to all. Although it has been referred to in various parts of the interwebs as an heir to Lavabit, the now-defunct encrypted email service used by

An Operating System for Anonymity

When NSA whistle-blower Edward Snowden first emailed Glenn Greenwald, he insisted on using email encryption software called PGP for all communications. But this month, we learned that Snowden used another technology to keep his communications out of the NSA’s prying eyes. It’s called Tails. And naturally, nobody knows exactly who created it. Tails is a

Heartbleed – Intranet & VPN Connections

How the game-changing crypto bug affects internal servers, clients, and VPN networks – and what to do about it. The long-term ramifications of the Heartbleed encryption flaw in the widely deployed open-source OpenSSL library are slowly coming into focus: how cyberspies and sophisticated cybercrime gangs can or already have used the bug to infiltrate an

TrueCrypt audit

On Monday, after seven months of discussion and planning, the first-phase of a two-part audit of TrueCrypt was released. The results? iSEC, the company contracted to review the bootloader and Windows kernel driver for any backdoor or related security issue, concluded (PDF) that TrueCrypt has: “no evidence of backdoors or otherwise intentionally malicious code in

Securely erase data on an SSD

Solid state drives are frequently referred to as the best upgrade you can make to your PC. Trading off disk space for speed is an increasingly popular option, but just like USB sticks and SD memory cards, SSDs can only be written to a limited number of times. This presents some interesting problems, particularly when

Multiple OS security

I have a laptop with windows 7 OS and Mac OS. Do I have to run security programs for both OS? Yes, they are two separate computers for all intents and purposes. 

Hacked # 552 million identities in 2013

After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history. Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a significant shift in cybercriminal behavior, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick

PGP email ‘crack’ : What REALLY happened?

The leak of a PGP-encrypted email between Ed Snowden’s pet journalist Glenn Greenwald and a lawyer has created a bit of a fuss in crypto circles. Jesselyn Radack, a national security and human rights brief, ‪said an encrypted email sent by her to Greenwald was this week leaked by persons unknown to Cryptome, the long-running

How to ‘backdoor’ an encryption app

I came across this in my archives. Makes interesting reading on a slow Sunday morning. It seems all we ever needed to get encryption into the mainstream was… ubiquitous NSA surveillance. Who knew? Since I’ve written about encryption software before on this blog, I received several calls this week from reporters who want to know

The Outing of Satoshi Nakamoto

In Newsweek, finance editor Leah McGrath Goodman claims to have outed the mysterious creator of the digital currency Bitcoin. The Japanese-American man lives in California and incredibly, is actually named Satoshi Nakamoto. Bitcoin Community Responds With Disbelief, Anger, Fascination But for many in the Bitcoin community, even those who have been obsessed with Nakamoto for

Android Offers Secuity For Privacy Swap

This security-minded move started a while ago when Google introduced its “Verify Apps” functionality, which validates apps’ safety right when you install them, either from the Play Store or elsewhere. Now the scope of that project is expanding. Verify Apps will check back in now and then, even after apps have been installed, just to

I Hack For Uncle Sam

Over the next three years, the US Army will be filling its brand new cyber warfare institute at West Point with the best and brightest hackers it can find. Not just hackers, however: the institute will bring together psychologists, lawyers, mathematicians — anyone who can help the United States win the inevitable cyber war. Isn’t