Bank tests heartbeat-encoded wristbands for online authentication
MAR 16th 2015
When it comes to passwords, there are so many things to worry about. At Naked Security, we've talked about a lot of them.
How long or complex they need to be, the bad choices people make when choosing them (think pets' names), why passwords shouldn't be reused, how they should be recorded and stored, and how easily they can be cracked.
CATCH THE WAVE - WINNERS
MAR 9th 2015
The trend towards Cloud-managed security is growing so during last year, Sophos ran a promotion called "Catch the Wave" to tell the channel and Enduser about their cloud solution.
The solution is the only integrated security solution that lets you secure Windows, Mac and Mobile devices in one easy-to-use cloud-based management console.
Apple fixes FREAK in iOS, OS X and Apple TV - and numerous other holes besides
MAR 9th 2015
Apple has just announced its latest round of security updates.
OS X in its 10.8, 10.9 and 10.10 flavours (Mountain Lion, Mavericks and Yosemite) gets Security Update 2015-002.
US regulator says Anthem "refuses to cooperate" in security audit
MAR 9th 2015
Anthem "refused to cooperate" with US regulators attempting to conduct vulnerability scans and configuration tests on its IT systems.
The Inspector General of US Office of Personnel Management's (OPM) recently attempted to schedule a security audit of the health insurance giant.
Anatomy of a certificate problem - Comodo's "PrivDog" software in the spotlight
MAR 2ND 2015
An adware program called SuperFish hogged the cryptography news lately.
Lenovo tried a bit of an experiment by pre-installing this adware on some of its consumer notebooks.
The company was apparently under the impression that its customers would be pleased to have a free utility that brought them better-quality ads by peeking inside their secure transactions.
Old-school landline phones to protect elderly from "it's me" scammers
MAR 2ND 2015
Imagine a con artist were to call your grandmother.
"Ore ore" ("It's me, it's me!") they'd say, in the years-old scam.
Then, the swindler would pretend that he was a relative in trouble and that he needed cash.
Google's Project Zero backs off a bit - will now give up to 14 days' grace
Google's been under the pump - a bit, anyway - over its Project Zero.
If you've missed the controversy, it goes something like this:
- Google's bug-hunters find an exploitable vulnerability in your code.
- Google tells you about it.
- You get 90 days to make and ship a fix.
- If you fail to make it in time, for whatever reason, Google tells the world how to use the exploit.
Microsoft pulls PowerPoint-killing patch KB2920732
Microsoft has decided to withdraw one of the patches it released this month after complaints from users who couldn't open PowerPoint.
The patch - KB2920732 - was meant to be a boon rather than a bane but failed to deliver its promised aim of stability, mostly with video playback. Instead, many users started to complain about issues.
According to Windows Central, a pretty big problem arose straight after the patch was installed - PowerPoint would no longer open on devices running Windows RT.
Anonymous takes down dozens of "terrorist" social media accounts in #OpISIS
Anonymous hacktivists, in conjunction with RedCult, have ramped up efforts to disrupt ISIS by zeroing in on social media accounts allegedly used by the terrorist group for recruitment and propaganda purposes.
Against a backdrop of increased military action by allied forces against ISIS, hackers flying the Anonymous flag have unveiled a new operation - dubbed #OpISIS - which aims to take down websites and email accounts, as well as expose Islamic militants, according to a message recently posted on PasteBin.