Security News
2024 – News
19-11-2024: Malware delivered via malicious QR codes sent in the post. [Graham Cluley]
18-11-2024: Most of 2023's top exploits were zero-days. [Schneier] [CISA]
14-11-2024: Five Eyes infosec agencies list 2024's most exploited software flaws. [The Register]
13-11-2024: These are the passwords you shouldn't be using. [The Verge]
06-11-2024: IoT devices in password-spraying botnet. [Schneier] [Ars Technica]
05-11-2024: Not possible to hide from NRO swarm of SpaceX-built satellites. [Ars Technica]
29-10-2024: Law enforcement deanonymize Tor users. [Schneier] [Marx] [Tor] [Restore Privacy]
22-10-2024: The Chinese have not broken encryption using quantum computing. [Schneier]
09-10-2024: Two new tools from same group can infect air-gapped devices. [Ars Technica]
07-10-2024: Largest recorded DDoS is 3.8Tbps. [Schneier] [Cloudflare]
01-10-2024: Evil Corp's ties with Russia and NATO member attacks. [The Register] [BBC News] [Tripwire]
27-09-2024: Meta pays price for 100s of millions of passwords stored in plaintext. [Ars Technica]
26-09-2024: Tor Project and Tails to merge. [The Register] [Ars Technica]
20-09-2024: Social engineering attach using captchas. [Schneier] [SANS]
17-09-2024: DC builds are CNI, so objections may be overruled. [The Register]
11-09-2024: Rogue WHOIS server gives researcher superpowers. [Ars Technica]
09-09-2024: Australia threatens to force encryption backdoors. [Schneier] [UpGuard]
03-09-2024: YubiKey side-channel attack. [Schneier] [The Verge] [Engadget] [Ars Technica]
14-08-2024: NIST finalizes trio of post-quantum encryption standards. [The Register] [Schneier]
05-08-2024: Low-profile Dark Angels reap record ransoms. [Krebs]
02-08-2024: Israeli hacktivists brag about taking down Iran's internet. [The Register]
01-08-2024: Cloudflare again under pressure for enabling abusive sites. [Ars Technica]
31-07-2024: Nearly 7% of all Internet traffic is malicious. [Schneier] [Cloudflare]
26-07-2024: Secure boot process compromised. [Schneier] [Ars Technica] [ExtremeTech]
17-07-2024: Almost 7% of all Internet traffic is malicious. [Schneier] [CrowdStrike]
10-07-2024: Long-lived MD5 flaw in RADIUS. [Schneier] [The Register] [Ars Technica]
20-06-2024: Recovering public keys from signatures. [Schneier] [Key Material]
17-06-2024: Upload moderation threat to E2EE. [Restore Privacy]
01-06-2024: Six VPN apps infect systems with botnet malware. [Restore Privacy]
30-05-2024: 911 S5 botnet dismantled. [Tripwire] [Schneier] [Justice]
29-05-2024: Multi-day DDoS storm hits Internet Archive. [The Register]
22-05-2024: Unredacting pixelated text. [Schneier] [BishopFox]
16-05-2024: Zero-trust DNS. [Schneier] [Ars Technica]
15-05-2024: BreachForums seized by FBI. [Ars Technica] [Graham Cluley] [Schneier]
06-05-2024: Your VPN may not be as secure as you think. [Krebs] [Schneier] [Ars Technica]
02-05-2024: UK bans default passwords. [Schneier] [The Record]
18-04-2024: Cisco Hypershield. [The Register]
16-04-2024: Millions of login attempts hitting networks globally. [Ars Technica]
08-04-2024: New security vulnerability in HTML emails. [Schneier] [Lutra Security]
29-03-2024: Lessons from British Library ransomware attack. [Schneier] [British Library]
28-03-2024: Thread hijacking - phishes that prey on curiosity. [Krebs]
28-03-2024: Hardware vulnerability in Apple M-series chips. [Schneier]
14-03-2024: KeyTrap DNS vulnerability. [Geoff Huston]
13-03-2024: Incognito Market - the not-so-secure dark web drug marketplace. [Graham Cluley]
12-03-2024: ToR introduces new "WebTunnel" bridge to help bypass censorhip. [Restore Privacy]
11-03-2024: Tuta Mail adds quantum resistant encryption via TutaCrypt. [Restore Privacy]
01-03-2024: Judge orders NSO to reveal Pegasus source code. [The Register]
27-02-2024: Red Sea submarine cables damaged - likely by Houthis. [The Register] [Network Computing] [DC Knowledge]
25-02-2024: LockBit ransomware gang reappears again after takedown. [Graham Cluley] [The Register]
20-02-2024: LockBit ransomware operation disrupted, free decryptors available. [Restore Privacy] [The Register] [The Register] [The Verge] [ExtremeTech]
19-02-2024: ECHR rejects encryption backdoors. [Schneier]
13-02-2024: Passkeys might really kill passwords. [The Verge]
02-02-2024: Indian startup "hacked the world", then censorship, then backlash. [Ars Technica]
02-02-2024: Cloudflare hacked by nation state using Okta token. [Restore Privacy]
02-02-2024: Former CIA hacker sentence to 40 years. [BBC News] [The Register]
31-01-2024: US disrupts Chinese botnet supporting attacks on critical systems. [Restore Privacy] [The Register] [Ars Technica]
24-01-2024: MOAB repository contains 12TB of stolen credentials. [ExtremenTech] [Restore Privacy]
18-01-2024: One of the largest password dumps uncovered. [Ars Technica]
12-01-2024: The year of the passkey is still far away. [Engadget]
05-01-2025: A “ridiculously weak“ password causes disaster for Orange España. [Ars Technica] [Kentik] [BenJojo]
2023 – News
19-12-2023: SSH just got a lot weaker. [Ars Technica]
10-12-2023: FTC warning: be skeptical about QR codes. [The Verge] [Ars Technica]
02-11-2023: Microsoft is overhauling its software security after major Azure cloud attacks. [The Verge]
11-10-2023: Cisco can't stop using hard-coded passwords. [Schneier] [Cisco]
15-09-2023: How Google Authenticator made one company’s network breach much, much worse. [Ars Technica]
12-09-2023: FBI hacker leaks Airbus data after breaching Turkish Airlines. [Restore Privacy] [Krebs]
11-09-2023: Huge DDoS attack against US financial institution thwarted. [The Register]
05-09-2023: Experts fear criminals are cracking keys stolen in LastPass breach. [Krebs] [The Verge] [Schneier]
29-08-2023: US hacks QakBot, removes botnet infections. [Krebs] [The Register] [The Verge] [Restore Privacy]
18-08-2023: Google announces new algorithm that makes FIDO encryption safe from quantum computers. [Ars Technica]
18-08-2023: Bots are better than humans at solving CAPTCHAs. [Schneier] [ARXIV PDF]
17-08-2023: LinkedIn under attack, accounts seized. [Tripwire]
16-08-2023: UK Electoral Commission hacked. [Schneier] [Electoral Commission]
12-08-2023: Inside the Black Hat NOC - volunteers work in geek heaven. [The Register]
09-08-2023: TunnelCrack attack diverts VPN traffic outside protected tunnel. [Restore Privacy] [The Register]
09-08-2023: Most AMD CPUs since 2017 vulnerable to Inception data-leak attacks. [The Register]
09-08-2023: Intel CPU "Downfall" bug leaks encryption keys are more. [The Register] [Ars Technica]
07-08-2023: AI model can listen to your keystrokes with 95% accuracy. [ExtremeTech] [Schneier] [Ars Technica]
25-07-2023: Backdoor in TETRA police radios. [Schneier] [Vice] [Wired] [Tetraburst] [Ars Technica]
19-07-2023: Attackers find new ways to deliver DDoSes with “alarming” sophistication. [Ars Technica]
17-07-2023: Tracking down a suspect through cell phone records. [Schneier] [CNN]
13-07-2023: What are passkeys, and why are they suddenly everywhere? [Engadget]
25-06-2023: Tor Browser is very much still a thing and getting updates [The Register]
18-06-2023: Microsoft Outlook outages due to DDoS attack. [The Verge] [The Register]
19-05-2023: Security risks of new .zip and .mov domains. [Schneier] [BleepingComputer] [Ars Technica]
09-05-2023: Feds seize 13 more DDoS-for-hire platforms. [Ars Technica] [Krebs]
02-05-2023: AI is being used to generate whole spam sites. [The Verge]
02-05-2023: Samsung tells employees not to use AI tools like ChatGPT, citing security concerns. [The Verge] [Engadget]
28-04-2023: China again signals desire to shape global IPv6 standards. [The Register]
26-04-2023: Palantir shows off an AI that can go to war. [Engadget]
24-04-2023: UK threatens end-to-end encryption. [Schneier]
11-04-2023: AI can now crack most passwords in less than a minute. [ExtremeTech]
05-04-2023: FBI and other shut down Genesis Market. [Schneier] [Krebs] [Engadget]
30-03-2023: ChatGPT on BGP routing security. [ipSpace]
14-03-2023: Ransomware attacks have entered a heinous new phase. [Ars Technica]
28-02/2023: LastPass hack: employee home computer hacked, corporate vault taken. [Ars Technica] [Engadget] [The Verge] [ExtremeTech]
18-02-2023: Browser-in-the-browser attacks now hit directly through email. [Restore Privacy]
14-02-2023: Security study of 10 million VPN servers raises worrying issues. [Restore Privacy]
26-01-2023: Hiding malicious packets behind LLC SNAP header. [ipSpace]
26-01-2023: RSA’s demise from quantum attacks is exaggerated. [Ars Technica]
25-01-2023: NSA publishes IPv6 security guidance. [The Register] [NSA PDF]
17-01-2023: The FBI identified a ToR user. [Schneier] [Vice Motherboard]
16-01-2023: Hacked Cellebrite and MSAB software released. [Schneier]
11-01-2023: Widespread logic controller flaw raises the specter of Stuxnet. [Ars Technica]
06-01-2023: Remote vulnerabilities in cars. [Schneier] [Sam Curry]
03-01-2023: Breaking RSA with a quantum computer. [Schneier] [Arxiv PDF]
2022 – News
23-12-2022: Phishing attacks that bypass 2FA are on the rise. [Restore Privacy]
22-12-2022: LastPass hack worse than first reported. [Engadget] [Ars Technica] [Schneier] [LastPass] [Graham Cluley]
13-12-2022: FBI’s vetted info sharing network ‘InfraGard’ hacked. [Krebs] [ExtremeTech]
12-12-2022: Effective, fast, and unrecoverable: Wiper malware is popping up everywhere. [Ars Technica]
03-12-2022: How Chinese netizens swamped China’s Internet controls. [Ars Technica]
03-12-2022: Darknet markets generate millions in revenue selling stolen personal data. [Ars Technica]
23-11-2022: Security experts have been secretly decrypting systems for Zeppelin ransomware victims for two years. [Graham Cluley]
18-11-2022: Successful hack of time-triggered Ethernet. [Schneier] [Ars Technica]
01-11-2022: New ransomware attack tries to frame security researchers. [ExtremeTech]
30-09-2022: Security vulnerabilities found in covert CIA websites. [Schneier]
30-09-2022: FBI catches ex-NSA employee trying to sell top-secret intelligence documents. [The Verge] [The Register] [Schneier]
29-09-2022: Fake CISO profiles on LinkedIn target Fortune 500s. [Krebs]
21-09-2022: DDoS records keep coming. [Ars Technica]
07-09-2022: New Trident 4C ASIC includes real-time threat analysis option. [Packet Pushers]
07-09-2022: LockBit ransomware gang is surprisingly professional. [Schneier] [Bleeping Computer]
24-08-2022: DDoS threat landscape requires better solutions. [Network Computing]
16-08-2022: The new USB Rubber Ducky is more dangerous than ever. [The Verge] [Schneier]
11-08-2022: I’m a security reporter and got fooled by a blatant phish. [Ars Technica]
10-08-2022: Phishers who breached Twilio and fooled Cloudflare could easily breach others, too. [Ars Technica]
08-08-2022: NIST's post-quantum cryptography standards. [Schneier]
02-08-2022: Post-quantum encryption contender is taken out by single-core PC and 1 hour. [Ars Technica] [The Register] [Schneier]
16-07-2022: Hackers are targeting industrial systems with malware. [Ars Technica] [The Register]
12-07-2022: Ongoing phishing campaign can hack you even when you’re protected with MFA. [Ars Technica] [Schneier]
30-06-2022: Microsoft Exchange servers worldwide hit by stealthy new backdoor. [Ars Technica]
28-06-2022: Wide range of routers are under attack by new, sophisticated malware. [Ars Technica]
28-06-2022: Google warns of sophisticated malware distributed with the help of ISPs. [ExtremeTech]
26-06-2022: How you might be tricked into installing government spyware. [Android Police]
15-06-2022: Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets. [Ars Technica]
05-05-2022: Apple, Google, and Microsoft want to kill the password with “Passkey” standard. [Ars Technica] [Krebs]
05-05-2022: 15.3 million request-per-second DDoS attack. [Schneier] [Cloudflare]
02-05-2022: Botnet that hid for 18 months boasted some of the coolest tradecraft. [Ars Technica] [Schneier]
14-04-2022: US Government warns of new malware attacks on ICS/SCADA systems. [Graham Cluley] [Schneier] [CISA] [Engadget] [Ars Technica]
05-04-2022: Germany shuts down servers for Russian darknet marketplace Hydra [The Verge] [Ars Technica] [Engadget] [BBC News]
09-03-2022: New method that amplifies DDoSes by 4 billion-fold. [Ars Technica]
01-03-2022: DDoSers are using a potent new method to deliver attacks of unthinkable size. [Ars Technica]
15-02-2022: Researchers find threat group that has been active for 5 years. [Ars Technica]
15-02-2022: BlackByte ransomware group breaches critical US infrastructure [Engadget]
09-02-2022: Breaking 256-bit elliptic curve encryption with a quantum computer. [Schneier] [AVS Quantum Science]
08-02-2022: DDoS attacks expected to get bigger and nastier. [DC Knowledge]
29-01-2022: Microsoft fends off record-breaking 3.47Tbps DDoS attack. [Ars Technica]
26-01-2022: White House instructs agencies to adopt zero trust. [The Verge] [Engadget]
25-01-2022: A bug lurking for 12 years gives attackers root on every major Linux distro. [Ars Technica]
24-01-2022: Linux-targeted malware increased by 35%. [Schneier] [Crowdstrike]
19-01-2022: 9yo kids are launching DDoS attacks against schools. [Bitdefender]
16-01-2022: Cross-platform backdoor RAT for Windows, macOS and Linux discovered. [Ars Technica]
14-01-2022: Russia’s FSB says it has taken down REvil hacker group at US request [The Verge] [Ars Technica] [The Register] [Krebs] [Engadget] [Graham Cluley]
2021 – News
20-12-2021: Evaluating your network security for 2022. [No Jitter]
20-12-2021: Zero trust with zero visibility can't stop ransomware. [Network Computing]
20-12-2021: More on NSO Group and Cytrox. [Schneier] [Citizen Lab]
16-12-2021: "Incredible and terrifying" NSO zero-click iPhone exploit. [Engadget] [Ars Technica]
13-12-2021: NSO Group's Pegasus spyware used against US State Department officials. [Schneier] [Reuters] [The Register]
21-12-2021: The secret Uganda deal that has brought NSO to the brink of collapse. [Ars Technica]
27-12-2021: Spyware scandal rocks Polish government. [The Verge]
10-12-2021: The Internet's biggest players are all affected by critical Log4Shell 0-day. [Ars Technica] [ITP Techblog] [Graham Cluley] [The Register] [Schneier] [Wired]
13-12-2021: The Log4Shell 0-day -- what is it and how bad is it really? [Ars Technica]
15-12-2021: Enterprises see exponential growth in Log4Shell attacks. [DC Knowledge]
15-12-2021: US demands Christmas Eve fix for Log4Shell hack fix. [BBC News]
15-12-2021: Patch fixing critical Log4J 0-day has its own vulnerability that’s under exploit. [Ars Technica]
23-12-2021: Log4J and JNDI exploit -- why so bad? [Computerphile YouTube]
08-12-2021: New German government is pro-encryption and anti-backdoors. [Schneier] [Euractiv]
07-12-2021: Someone is running lots of TOR relays. [Schneier] [The Record] [Slashdot] [Ars Technica]
03-12-2021: iPhones of US diplomats hacked using NSO Group "0-click" exploits. [Ars Technica] [The Verge] [Engadget]
24-11-2021: Apple sues NSO Group. [Schneier] [Apple] [Ars Technica] [The Verge] [Engadget] [BBC News] [The Register]
11-11-2021: Researchers wait 12 months to report vulnerability with 9.8 severity rating. [Ars Technica] [The Register]
03-11-2021: US blacklists Israeli NSO Group. [Ars Technica] [The Verge] [BBC News] [Schneier]
01-11-2021: Trojan source bug threatens the security of all code. [Krebs] [Schneier]
27-10-2021: Police arrest 150 suspects after dark web marketplace closure. [The Verge]
25-10-2021: NYT journalist hacked with NSO spyware. [Schneier] [CitizenLab]
22-10-2021: FBI, others crush REvil using ransomware gang’s favorite tactic against it. [Ars Technica] [The Verge]
26-10-2021: REvil group outraged at "bandit-mugging behavior of the United States". [Graham Cluley]
28-10-2021: REvil gang member identified living luxury lifestyle in Russia. [The Register]
22-10-2021: Nation-state attacker of telecommunications networks. [Schneier] [CrowdStrike]
21-10-2021: How hackers hijacked thousands of high-profile YouTube accounts. [Ars Technica]
21-10-2021: Problems with MFA. [Schneier] [Roger Grimes, LinkedIn]
21-10-2021: US Government warns of BlackMatter ransomware attacks against critical infrastructure. [Tripwire]
19-10-2021: Ransomware attacks against water treatment plants. [Schneier] [CISA]
12-10-2021: Microsoft mitigated one of the largest DDoS attacks ever recorded. [The Verge] [The Register]
29-09-2021: The rise of one-time password interception bots. [Krebs]
25-09-2021: He escaped the Dark Web's biggest bust - now he's back. [Ars Technica]
25-09-2021: LastPass psychology of passwords report. [Geekzone] [LastPass] [LastPass PDF]
21-09-2021: Ransomware victims panicked while FBI secretly held REvil decryption key [Ars Technica] [Schneier] [Washington Post] [Gizmodo]
03-09-2021: Zero-trust model model gains lustre following Azure security flaw. [DC Knowledge]
09-08-2021: New “Glowworm attack” recovers audio from devices’ power LEDs. [Ars Technica]
03-08-2021: Paragon - another cyberweapons arms manufacturer. [Schneier] [Forbes]
18-07-2021: NSO spyware was allegedly used to target activists and journalists. [Engadget] [The Verge] [BBC News] [Schneier] [Networking Nerd] [BBC News] [The Verge] [Engadget]
07-07-2021: Why the password isn’t dead quite yet. [Ars Technica]
28-06-2021: LinkedIn data leak leaves 700 million users exposed. [Restore Privacy] [PocketNow]
08-06-2021: Vulnerabilities in weapon systems. [Schneier]
29-05-2021: US soldiers leaked nuclear info by using flashcard apps. [The Verge] [The Register] [BitDefender]
10-05-2021: Ransomware shuts down US pipeline. [Schneier] [Graham Cluley] [The Verge] [Graham Cluley] [Krebs] [Engadget]
24-04-2021: The Pentagon reportedly gave a small company control of its IP addresses to find security issues. [The Verge] [Engadget] [Ars Technica]
21-04-2021: In epic hack, Signal developer turns the tables on forensics firm Cellebrite. [Ars Technica] [The Register] [Engadget] [ExtremeTech] [Schneier]
15-04-2021: DNI's annual threat assessment. [Schneier] [ODNI PDF]
07-03-2021: A new type of supply-chain attack with serious consequences is flourishing. [Ars Technica]
04-03-2021: Three top Russian cybercrime forums hacked. [Krebs] [Graham Cluley]
28-01-2021: Orca's "State of Public Cloud Security" reveals how most cloud security breaches happen. [Graham Cluley]
20-01-2021: How most large cloud breaches happen. [Graham Cluley]
14-01-2021: Cybercriminals are bypassing MA to access cloud services. [Tripwire]
13-01-2021: Authorities have taken down the dark web’s largest illegal marketplace. [The Verge] [The Register]
2020 – News
24-12-2020: SolarWinds hackers also targeted security firm CrowdStrike. [Engadget]
18-12-2020: Long-standing vulns in 5G protocols open the door for attacks on smartphone users. [The Register]
17-12-2020: Mexican drug cartels with high-tech spyware. [Schneier] [The Guardian]
15-12-2020: Cruise line operator Hurtigruten crippled in ransomware attack. [Graham Cluley]
09-12-2020: FireEye hacked. [Schneier] [FireEye] [The Verge] [Ars Technica] [BBC News] [Engadget] [The Register] [Graham Cluley]
20-10-2020: Trickbot is scrambling to stay alive. [Ars Technica]
12-10-2020: Microsoft helped disrupt the infamous Trickbot botnet. [Engadget] [NZ Herald] [Stuff]
30-09-2020: Quantum-safe cryptography: hype vs reality. [ipSpace]
23-09-2020: 179 arrested in 'Operation DisrupTor' dark web drug takedown. [Engadget]
13-08-2020: NSA and FBI warn that new Linux malware threatens national security. [Ars Technica] [The Register]
12-08-2020: Tor battles to fend off swarm of Bitcoin-stealing exit relays. [The Register]
03-08-2020: Secret questions not as good as you'd think. [ITP Techblog]
26-07-2020: Hackers actively exploit high-severity networking vulnerabilities. [Ars Technica]
09-07-2020: Traffic analysis of home security cameras. [Schneier] [QMUL PDF]
02-07-2020: Law enforcement arrests hundreds after compromising encrypted chat system. [The Verge] [BBC News] [Engadget]
25-06-2020: Two record DDoSes disclosed this week underscore their growing menace. [Ars Technica] [The Register]
19-06-2020: Australia cyberattacks. [BBC News]
16-06-2020: Multiple “CIA failures” led to theft of agency’s top-secret hacking tools. [Ars Technica] [Schneier] [Washington Post]
12-06-2020: Facebook helped develop a Tails exploit. [Schneier] [Gizmodo] [The Register]
10-06-2020: Honda halts production at some plants after being hit by a cyberattack. [Ars Technica] [BBC News] [The Verge] [Engadget]
31-05-2020: Cisco backend servers deployments compromised via SaltStack. [The Register]
21-04-2020: Another story of bad 1970s encryption. [Schneier]
08-04-2020: RSA-250 factored. [Schneier]
20-02-2020: Hackers were inside Citrix for 5 months. [Krebs]
12-02-2020: One of the most destructive botnets can now spread to nearby Wi-Fi networks. [Ars Technica]
07-02-2020: Researchers steal data from computer using monitor brightness. [ExtremeTech]
05-02-2020: Network segmentation blown apart by Cisco CDPwn security bugs. [The Register]
13-01-2020: Microsoft CEO: encryption backdoors are a ‘terrible idea’. [The Verge]
07-01-2020: PGP keys, software security, and much more threatened by new SHA1 exploit. [Ars Technica] [Schneier] [IACR PDF]
2019 – News
16-12-2019: Security vulnerabilities found in the RCS texting protocol. [Schneier] [Wired]
22-11-2019: The NSA warns of TLS inspection. [Schneier] [NSA PDF]
21-11-2019: GPS manipulation. [Schneier] [MIT Technology Review]
06-11-2019: 8chan gets back online -- and is promptly forced off again. [Ars Technica]
06-11-2019: How 8chan (or “8kun”) got (briefly) back online [Ars Technica].
05-11-2019: ISPs lied to Congress to spread confusion about encrypted DNS. [Ars Technica]
02-11-2019: NordVPN users’ passwords exposed in mass credential-stuffing attacks. [Ars Technica]
25-10-2019: Dark web site taken down without breaking encryption. [Schneier] [Wired]
22-10-2019: Hackers steal secret crypto keys for NordVPN. [Ars Technica] [Krebs] [The Verge] [Engadget] [ExtremeTech] [Schneier] [The Register]
10-10-2019: Twitter transgression proves why its flawed 2FA system is such a privacy trap. [Ars Technica]
09-10-2019: Ransomware victim hacks attacker, turning the tables by stealing decryption keys. [Tripwire]
27-09-2019: Police raid ‘bulletproof’ hosting company run out of former NATO bunker. [The Verge] [Krebs] [Ars Technica] [The Register] [Schneier] [AP News] [SECjuice]
01-10-2019: Mariposa botnet author, Darkcode Crime forum admin arrested in Germany. [Krebs]
24-09-2019: Russian national confesses to biggest bank hack in US history [Ars Technica] [The Register]
20-09-2019: World’s most destructive botnet returns with stolen passwords and email in tow. [Ars Technica]
20-08-2019: How malformed packets caused CenturyLink’s 37-hour, nationwide outage. [Ars Technica]
09-08-2019: New DoS attack exploits algorithms to knock sites offline. [Engagdet]
09-08-2019: The most comprehensive ethical hacking course ever created. [ExtremeTech]
06-08-2019: Russian hackers are using IoT devices to infiltrate networks. [Engadget]
06-08-2019: Has public Wifi become more secure? [ITP Techblog]
06-08-2019: Ransomware, “wiper” malware attacks have more than doubled. [Ars Technica]
05-08-2019: The risk of weak online banking passwords. [Krebs]
05-08-2019: GermanWiper isn’t ransomware -- it’s worse than that. [Graham Cluley]
29-07-2019: IoT botnet launched massive 13-day DDoS attack against streaming service. [Graham Cluley]
20-07-2019: NSA contractor sentenced to nine years over theft of classified info. [Engadget] [The Register]
11-07-2019: Whitehats use DoS attack to score key victory against ransomware crooks. [Ars Technica]
26-06-2019: Global phone networks attacked by hackers. [BBC News]
21-06-2019: Backdoor built into Android firmware. [Schneier] [Ars Technica]
25-06-2019: Tracing the supply chain attack on Android. [Krebs]
18-06-2019: Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks. [Ars Technica]
13-06-2019: DDoS attack that knocked Telegram secure messaging service offline linked to Hong Kong protests. [Graham Cluley] [BBC News] [The Verge]
07-06-2019: Cyber-thieves turn to 'invisible net' to set up attacks. [BBC News]
05-06-2019: New exploit shows warnings of world-wide worm attacks are real. [Ars Technica]
04-06-2019: Microsoft says mandatory password changing is “ancient and obsolete". [Ars Technica]
25-05-2019: Hackers used NSA tool to attack Baltimore’s computer systems. [The Verge] [Engadget]
27-05-2019: Baltimore ransomware attack: NSA faces questions. [BBC News] [Ars Technica]
03-06-2019: No ‘Eternal Blue’ exploit found in Baltimore City ransomware. [Krebs] [Ars Technica]
16-05-2019: Global takedown shows the anatomy of a modern cybercriminal supply chain. [Wired]
15-05-2019: A tough week for IP address scammers. [Krebs]
14-05-2019: Microsoft warns of major WannaCry-like Windows security exploit. [The Verge] [Engadget]
13-05-2019: Cisco bug has massive global implications. [Wired] [The Register]
13-05-2019: Spying on personal alarms and GPS trackers is as simple as sending an SMS. [Graham Cluley]
10-05-2019: Cryptanalyzing a pair of Russian encryption algorithms. [Schneier] [Motherboard]
07-05-2019: Feds take down dark web index and news site Deep Dot Web. [The Verge]
07-05-2019: The CIA sets up shop on Tor, the Anonymous Internet. [Wired]
07-05-2019: Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak. [Ars Technica] [The Register] [Wired] [Engadget] [Schneier]
24-04-2019: Microsoft knows password-expiration policies are useless. [Engadget]
09-04-2019: Mysterious safety-tampering malware infects a second critical infrastructure site. [Ars Technica] [Wired]
09-04-2019: Well-funded surveillance operation infected both iOS and Android devices. [Ars Technica] [ExtremeTech]
05-04-2019: Unhackable cryptography? [Schneier] [Quanta Magazine]
02-04-2019: Hackers don't just want to pwn networks, they literally want to OWN your network. [The Register]
29-03-2019: Hidden backdoor in Intel processors is really a debug port. [The Register]
27-03-2019: Researchers find 36 security flaws in LTE. [Engadget]
26-03-2019: Personal data left on used laptops. [Schneier] [Rapid7] [Gizmodo]
20-03-2019: Aluminium plants hit by cyber-attack, global company turns to manual operations. [Hot for Security] [BBC News] [The Register] [Ars Technica] [Graham Cluley] [DC Knowledge]
21-03-2019: How Lockergoga took down Hydro. [DoublePulsar]
03-04-2019: In its ransomware response, Norsk Hydro is an example for us all. [Graham Cluley]
17-03-2019: How a wireless keyboard lets hackers take full control of connected computers. [Ars Technica] [HardOCP] [David Sopas, YouTube]
05-03-2019: ji32k7au4a83 is a surprisingly bad password. [The Verge]
26-02-2019: Next-gen blackholing to counter DDoS. [NANOG 75 YouTube]
26-02-2019: Four years of breaking HTTPS with BGP hijacking. [NANOG 75 YouTube]
26-02-2019: The Pentagon wants to replace passwords with the way you move or walk. [HardOCP] [Washington Post]
25-02-2019: Android is helping kill passwords on a billion devices. [Wired] [Engadget]
25-02-2019: Flaws in 4G and 5G can lead to spying on location and calls. [The Verge] [Engadget] [No Jitter]
17-02-2019: The Facebook phishing scam that could dupe even vigilant users. [Ars Techncia]
13-02-2019: US Air Force defector allegedly helped Iran hack Americans. [Wired]
04-02-2019: Quantum computing doesn’t threaten good encryption -- yet. [DC Knowledge]
03-02-2019: Why SMS-based 2FA sucks: UK bank falls victim to SS7 attacks. [Android Police]
22-01-2019: Hacking construction cranes. [Schneier] [Trend Micro]
18-01-2019: Short take - HTTPS interception. [Network Collective] [Russ White]
17-01-2019: New massive security breach exposes 773 million passwords. [ExtremeTech]
10-01-2019: A new type of network is on the rise to combat the quantum threat to encryption. [DC Knowledge]
07-01-2019: NSA to release a free tool for reverse engineering malware. [Engadget] [HardOCP] [ZDNet]
2018 – News
24-12-2018: Cryptojacking took over in 2018. [Wired]
24-12-2018: MD5 and SHA-1 still used in 2018. [Schneier] [SWDGE PDF]
24-12-2018: Someone is learning how to take down the internet, and learning fast. [Stuff]
20-12-2018: Most common corporate-network security problems. [DC Journal]
13-12-2018: Iranian phishers bypass 2FA protections offered by Yahoo Mail and Gmail. [Ars Technica] [Schneier] [ExtremeTech]
12-12-2018: Hackers are targeting nuclear, defense, energy, financial businesses. [The Register]
30-11-2018: It's nearly 2019, and your network can get pwned through an oscilloscope. [The Register]
30-11-2018: Marriott breach leaves 500 million exposed with passport, card numbers stolen. [Ars Technica] [Krebs] [Graham Cluley] [The Register] [BBC News] [Stuff] [HardOCP] [Marriott] [Engadget]
30-11-2018: Mass router hack exposes millions of devices to potent NSA exploit. [Ars Technica]
28-11-2018: Encrypted traffic reaches a new threshold. [Network Computing]
28-11-2018: The murky world of smartphone forensics. [NZ Herald]
19-11-2018: Blackout for thousands of dark web pages. [BBC News]
19-11-2018: Using a free VPN? Skip the middleman and send your data direct to China. [The Register]
19-11-2018: What happened to cyber-911? [Schneier]
19-11-2018: A little phishing knowledge may be a dangerous thing. [The Register]
13-11-2018: OneSpan: the passwordless web is coming courtesy of FIDO2. [Graham Cluley]
13-11-2018: Google goes down after major BGP mishap routes traffic through China. [Ars Technica] [The Register] [BBC News] [Wired] [HardOCP] [ThousandEyes Twitter]
13-11-2018: France proposes to make Internet safer, but USA, Russia, China disagree. [The Register]
05-11-2018: GCSB releases cyber resiliency report. [Geekzone] [NCSC PDF]
05-11-2018: Focus on cyber security puts Huawei under the spotlight. [ITP Techblog] [PocketNow]
02-11-2018: PortSmash attack punches hole in Intel's Hyper-Thread CPUs, leaves with crypto keys. [The Register] [HardOCP] [ZDNet] [Ars Technica]
30-10-2018: Cell phone security and heads of state. [Schneier]
20-10-2018: 3 out of 4 employees are a security risk. [Russ White] [Dark Reading]
19-10-2018: Miscreants use pilfered NSA hacking tools to pwn boxes in nuke, aerospace worlds. [The Register]
10-10-2018: China's clampdown on Tor pushes its hackers into foreign backyards. [The Register]
09-10-2018: Withstanding the infinite: DDoS defense in the terabit era. [NANOG 74 YouTube]
14-09-2018: A decade-old attack can break the encryption of most PCs. [Wired]
14-09-2018: Quantum computing and cryptography. [Schneier]
14-09-2018: What you can do when you steal a laptop, reflash the BIOS, and reboot it. [The Register]
14-09-2018: The Register takes the US government's insider threat training course. [The Register]
27-08-2018: WireGuard VPN review: A new type of VPN offers serious advantages. [Ars Technica]
12-08-2018: Australia on the cusp of showing the world how to break encryption. [The Register]
10-08-2018: Satellite hacks are real and the consequences are frightening. [ExtremeTech]
10-08-2018: Encryption doesn't stop someone from working out what you're up to. [The Register]
08-08-2018: Honeypot DDoS monitoring. [Russ White] [APNIC Blog]
06-08-2018: Cracking the passwords of some WPA2 Wi-Fi networks just got easier. [The Register]
03-08-2018: Network security analysis - a new approach. [Network Computing]
01-08-2018: Fin7: the inner workings of a billion-dollar hacking group. [Wired] [HardOCP] [Reuters] [Ars Technica] [Engadget]
01-08-2018: GCHQ on quantum key distribution. [Schneier] [NCSC]
01-07-2018: Cryptojacking malware: what it is and how to fix it. [ReadWriteWeb]
25-07-2018: Major Bluetooth vulnerability. [Schneier] [CERT] [Ars Technica] [No Jitter]
23-07-2018: The secret Internet war over bots. [Wired]
23-07-2018: Google: security keys neutralized employee phishing. [Krebs] [HardOCP] [Engadget] [Android Police] [ExtremeTech] [Schneier]
18-07-2018: Dark Web going darker due to exposure. [HardOCP] [SecurityWeek]
09-07-2018: The worst cybersecurity breaches of 2018 so far. [Wired]
07-06-2018: Cybercrooks are switching to Telegram. [The Register]
06-06-2018: Defending against botnets. [Russ White] [PDF]
06-06-2018: VPNFilter malware infecting 500,000 devices is worse than we thought. [Ars Technica] [The Register] [ExtremeTech] [HardOCP] [Schneier] [Russ White]
06-06-2018: Google’s Mark Risher: why everything we know about passwords is wrong. [The Verge]
06-06-2018: Cloudflare experiments with hidden Tor services. [The Register]
05-06-2018: End-to-end encryption doesn’t stop the FBI reading your messages. [Graham Cluley]
30-05-2018: The limit of HTTPS. [Russ White] [APNIC Blog]
22-05-2018: Cloudflare: DDoS moves to Layer 7. [The Register]
21-05-2018: Biggest web security vulnerabilities haven’t changed much. [DC Knowledge]
17-05-2018: Microsoft's Azure green-lit for use by US spies. [The Register]
15-05-2018: DDoS attacks in 2018 are very large. [EtherealMind] [OURSA YouTube]
14-05-2018: Details on a new PGP vulnerability. [Schneier] [EFail] [Wired] [Ars Technica] [The Register]
11-05-2018: This Tool Can Hack Your Accounts Even with Two-Factor Authentication. [ExtremeTech]
07-05-2018: Password re-use is dangerous - so what about stopping it with password-sharing? [The Register]
06-05-2018: How to keep hackers out of your Facebook and Twitter accounts. [Wired]
03-05-2018: It's world (terrible) password (advice) day. [The Register]
03-05-2018: Nigerian email scammers are more effective than ever. [Wired]
02-05-2018: NIST issues call for "lightweight cryptography" algorithms. [Schneier] [NIST]
27-04-2018: The hidden risks of ssh. [DC Journal]
25-04-2018: DDoS-for-hire service Webstresser dismantled. [Krebs] [The Register] [Graham Cluley] [HardOCP] [The Hacker News] [Engadget]
25-04-2018: Cracking the crypto war. [Wired]
27-04-2018: Ray Ozzie’s plan for unlocking encrypted phones gets a chilly reception. [Ars Technica] [Schneier]
07-05-2018: Ray Ozzie’s crypto proposal - a dose of technical reality. [Ars Technica]
23-04-2018: Cisco switch attacks represent new wave of network exploits. [Network Computing]
19-04-2018: The security risks of logging in with Facebook. [Wired]
16-04-2018: Government hackers: made some malware, don't be surprised if it bites you. [The Register]
12-04-2018: Cloudflare launches "Spectrum" DDoS protection service for all Internet traffic. [THG] [The Register]
10-04-2018: Practical passwordless authentication comes a step closer with WebAuthn. [Ars Technica] [The Verge] [Engadget] [Wired] [HardOCP] [PCMag] [HEXUS]
26-03-2018: FCC to block 'national security risk' companies (Huawei, ZTE) from US's $8.5bn broadband pot. [The Register] [The Verge] [Ars Technica]
26-03-2018: Magical thinking on Internet security. [Russ White] [Farsight Security]
26-03-2018: Adding backdoors at the chip level. [Schneier] [Springer Link] [PDF]
23-03-2018: World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved. [The Register] [EtherealMind]
22-03-2018: The real cause of large DDoS - IP spoofing. [EtherealMind] [CloudFlare]
22-03-2018: Blocking malware with DNS. [Russ White] [APNIC Blog]
20-03-2018: Side channel attacks in the wild: the smart home. [Russ White]
13-03-2018: Weighing privacy vs security for the Internet's address book. [Wired]
09-03-2018: Crypto zealots. [Geoff Huston]
05-03-2018: World's biggest DDoS attack record broken after just five days. [The Register] [Graham Cluley] [Schneier] [Ars Technica]
08-03-2018: Corero reveals 'kill-switch' to suppress memcached DDoS attacks. [THG] [The Register]
03-03-2018: First IPv6 DoS. [The Register]
01-03-2018: New carrier-based authentication system seeks to replace SMS 2FA. [THG] [Android Police]
01-03-2018: GitHub code tub hit with record-breaking 1.35Tbps DDoS. [The Register] [Engadget] [Krebs] [Graham Cluley]
05-03-2018: World's largest DDoS motives come clear. [HardOCP] [DigitalOcean]
28-02-2018: Large DDoS amplification attacks now possible via memcached servers. [THG]
14-02-2018: A potent botnet is exploiting a critical router bug that may never be fixed. [Ars Technica]
12-02-2018: Cryptojacking threatens critical infrastructure. [Wired] [HardOCP] [Scott Helme]
31-01-2018: Ransomware scammers get scammed themselves by Tor proxy hack. [ExtremeTech]
31-01-2018: New click-to-hack tool: one script to exploit them all... [The Register]
30-01-2018: US AG says Feds have already infiltrated Dark Net. [The Register]
26-01-2018: Lenovo's fingerprint scanner has a hardcoded password. [The Register]
24-01-2018: Tor Browser 7.5 launches with support for next-gen Onion services. [THG]
20-01-2018: Why this intercontinental quantum-encrypted video hangout is a big deal. [Wired]
15-01-2018: BitTorrent users beware: Flaw lets hackers control your computer. [Ars Technica]
12-01-2018: IoT-based DDoS threats loom. [Network Computing]
11-01-2018: Cisco can now sniff out malware inside encrypted traffic. [The Register]
06-01-2018: WD My Cloud drives have a built-in backdoor. [HardOCP] [TechSpot] [Graham Cluley] [ExtremeTech]
02-01-2018: Automatic autofill of your username and password? Not a good idea. [Graham Cluley]
2017 – News
29-12-2017: The rise of cryptojacking and how to stop it. [THG] [Wired]
28-12-2017: Microsoft asserts that "It’s time to kill the password." [Hexus] [HardOCP] [TechSpot] [NZ Herald] [Stuff]
18-12-2017: Lessons learned from the Estonian national ID security flaw. [Schneier] [Cybernetica]
17-12-2017: Hackers shut down plant by targeting its safety system. [Engadget] [HardOCP] [Reuters]
15-12-2017: We need to talk about mathematical backdoors in encryption algorithms. [The Register]
13-12-2017: Mirai IoT botnet co-authors plead guilty. [Krebs] [BBC News] [The Verge] [Ars Technica] [Engadget] [Wired] [Graham Cluley]
11-12-2017: New group of hackers targeting banks around the world. [HardOCP] [Bloomberg]
11-12-2017: HP laptops found to have hidden keylogger. [BBC News] [Graham Cluley] [Hexus] [HardOCP] [Github Blog] [THG] [ExtremeTech]
13-12-2017: How to remove a keylogger from your HP laptop. [Lifehacker]
08-12-2017: Despite takedowns, botnets aren't going away any time soon. [DC Knowledge]
06-12-2017: Satori botnet rears its head, exploiting IoT vulnerabilities. [BitDefender]
06-12-2017: Evidende that Ethiopia is spying on journalists shows that commercial spyware is out of control. [Wired]
05-12-2017: Phishing schemes are using encrypted sites to seem legit. [Wired]
05-12-2017: International team takes down virus-spewing Andromeda botnet. [The Register]
04-12-2017: Underwater net cables are prime targets for terrorists and Russia. [The Register]
29-11-2017: Internet-paralyzing Mirai botnet comes roaring back with new strain. [Ars Technica]
28-11-2017: Ethereum founder unveils roadmap for next-gen blockchain. [THG]
27-11-2017: Don't shame idiots about their idiotically weak passwords. [The Register]
26-11-2017: Quantum encryption is now fast enough for voice calls. [Engadget] [HardOCP] [phys.org] [The Register]
21-11-2017: Over 400 of the world's most popular website record your every keystroke. [HardOCP] [Motherboard] [Schneier]
14-11-2017: Long article on the NSA and the Shadow Brokers. [Schneier] [NYT]
10-11-2017: Hack of attack-for-hire service vDOS snares New Mexico man. [Krebs]
09-11-2017: DDoS-for-Hire Service Launches Mobile App. [Krebs]
09-11-2017: History of networking -- RAVEN and Internet surveillance. [Network Collective]
08-11-2017: Four years later, Yahoo still doesn’t know how Russia hacked 3 billion accounts. [HardOCP] [TechCrunch]
07-11-2017: Cloudflare uses lava lamps to encrypt the Internet. [HardOCP] [CloudFlare]
07-11-2017: Which is the greatest botnet on the whole? [The Register]
07-11-2017: Flaw crippling millions of crypto keys is worse than first disclosed. [Ars Technica]
06-11-2017: A third of the Internet is under attack. [HardOCP] [UCSD]
06-11-2017: Galizia's murder and the security of WhatsApp. [Schneier]
03-11-2017: Tor’s next-gen onion system works to keep servers hidden. [Engadget] [The Register] [THG] [Ars Technica] [Lifehacker]
01-11-2017: Hackers continue to abuse digital certs. [HardOCP] [The Register]
27-10-2017: Critical flaws found in maritime comms system. [HardOCP] [HelpNetSecurity] [Wired]
26-10-2017: 2FA codes could get replaced by physical objects. [The Verge]
25-10-2017: BadRabbit: new wave of cyber attacks hits Russia and other nations. [HardOCP] [Reuters]
26-10-2017: BadRabbit runs out of steam – but be prepared for the next ransomware attack. [Graham Cluley]
27-10-2017: BadRabbit ransomware uses leaked 'EternalRomance' NSA exploit. [HardOCP] [The Hacker News] [Ars Technica]
23-10-2017: The economics of DDoS. [Russ White] [Arbor Networks]
22-10-2017: US energy, nuke and aviation sectors under sustained attack. [The Register] [HardOCP] [US-CERT]
20-10-2017: Your browser could be mining cryptocurrency for a stranger. [Wired] [Lifehacker]
20-10-2017: The Reaper botnet could be worse than Mirai. [Wired] [Graham Cluley] [Schneier]
27-10-2017: Assessing the threat the Reaper botnet poses to the Internet. [Ars Technica]
19-10-2017: Cryptojacking is everywhere, it's getting worse each day. [HardOCP]
17-10-2017: Discovering the threats below the surface on the Dark Web. [ReadWriteWeb]
16-10-2017: The TPM encryption many major companies rely on has a serious flaw. [Engadget] [The Register] [Ars Technica]
16-10-2017: KRACK attack against WiFi encryption. [Schneier] [Ars Technica] [BBC News] [The Register] [THG] [HardOCP] [BleepingComputer] [ExtremeTech] [The Verge] [Wired] [Engadget] [Stuff] [Krebs] [Network Computing] [ITP Techblog] [Graham Cluley] [Computerphile YouTube]
16-10-2017: Microsoft has already fixed the Wi-Fi attack vulnerability. [The Verge]
16-10-2017: 41% of Android phones are vulnerable to Wi-Fi attack. [The Verge]
17-10-2017: The flawed system behind the KRACK WiFi meltdown. [Wired]
17-10-2017: Why the KRACK WiFi mess will take decades to clean up. [Wired]
23-10-2017: What does the WPA2 vulnerability mean for IoT? [ReadWriteWeb]
27-10-2017: More articles on KRACK. [Russ White] [Errata Security] [Krebs] [linux.com]
13-10-2017: Large scale cyber attack warning. [HardOCP] [UKRInform]
11-10-2017: 'Crypto Anchors' might stop the next Equifax-style megabreach. [Wired]
11-10-2017: New encryption legislation coming? [HardOCP] [Reuters]
08-10-2017: VPN logs helped unmask alleged 'net stalker. [The Register] [HardOCP] [ExtremeTech] [Graham Cluley]
06-10-2017: DDoS protection: Arbor Networks vs. Kentik. [Network Computing]
05-10-2017: Russian hackers used Kaspersky software to find vulnerable NSA docs. [The Verge] [Wired] [Engadget] [Schneier] [Ars Technica]
11-10-2017: Israel warned the US about Kaspersky after hacking its network. [Engadget] [The Register] [Schneier] [ExtremeTech]
11-10-2017: Kaspersky, Russia, and the antivirus paradox. [Wired]
03-10-2017: How to fight the new breed of DDoS attacks on data centers. [DC Knowledge]
27-09-2017: Why DDoS attacks are on the rise. [DC Knowledge]
26-09-2017: Cloudflare: DDoS will now be "something for the history books". [HardOCP] [Motherboard Vice]
20-09-2017: HVAC hackers attack more than the thermostat. [HardOCP] [BleepingComputer]
18-09-2017: This is why you shouldn’t use texts for two-factor authentication. [The Verge] [The Register] [HardOCP] [Forbes]
18-09-2017: CCleaner, distributed by anti-virus firm Avast, contained malicious backdoor. [Graham Cluley] [Lifehacker] [The Register] [HardOCP] [TNW] [ExtremeTech] [The Verge] [Wired]
18-09-2017: Feds in California are aggressively going after Silk Road, AlphaBay vendors. [Ars Technica]
14-09-2017: New Bluetooth malware affects billions of devices, requires no pairing. [ExtremeTech] [Schneier]
08-09-2017: Budding malware author uses same Skype ID across job applications and IoT botnet ads. [Graham Cluley]
08-09-2017: Shadow Brokers releases NSA UNITEDRAKE manual. [Schneier] [Document Cloud PDF]
08-09-2017: Five benefits of next-generation firewalls. [Network Computing]
06-09-2017: Hackers lie in wait after penetrating US and Europe power grid networks. [Ars Technica] [The Verge] [Wired]
05-09-2017: Security flaw in Estonian national ID card. [Schneier] [Estonian World]
01-09-2017: Massive Locky ransomware campaign sends out 23 million emails in 24 hours. [Graham Cluley]
01-09-2017: Russian hacking tools codenamed White Bear exposed. [Schneier] [SecureList]
31-08-2017: Is quantum encryption the key to cyber-security? [BBC News]
30-08-2017: Is it time to build an anti-DDoS alliance? [Russ White] [Senki]
28-08-2017: SS7 network vulnerabilities is big business. [HardOCP] [Daily Beast]
28-08-2017: One of first-known Android DDoS malware infects phones in 100 countries. [Ars Technica] [Krebs]
24-08-2017: Why it’s still a bad idea to post or trash your airline boarding pass. [Krebs]
24-08-2017: DreamHost smashed in DDoS attack: who's to blame? [The Register]
24-08-2017: Plug the security holes in your two-factor authentication. [Lifehacker]
24-08-2017: Massive government data leak in Sweden. [Schneier] [Privacy News Online]
22-08-2017: Insider attack on lottery software. [Schneier] [CNBC] [HardOCP] [DMR]
16-08-2017: Imperva discovers 'Pulse Wave' DDoS attacks. [THG]
13-08-2017: Password policies of 40 popular online services analyzed. [HardOCP] [BleepingComputer]
12-08-2017: Russian group that hacked DNC used NSA attack code in attack on hotels. [Ars Technica] [The Register]
08-08-2017: The man who put us through password hell regrets everything. [Engadget] [Stuff, Stuff] [NZ Herald] [Graham Cluley] [BBC News] [Wired] [Russ White] [Shelly Palmer]
05-08-2017: Protect the white hat hackers who are just doing their job. [Wired] [Ars Technica]
21-08-2017: GCHQ knew FBI was planning to arrest WannaCry's 'accidental hero' before he travelled to the USA. [Graham Cluley] [The Register]
04-08-2017: Penetrating a Casino's network through an Internet-connected fishtank. [Schneier] [Washington Post]
01-08-2017: Encryption substitute. [Russ White] [ScribD]
31-07-2017: NetFlix crafted DDoS. [Russ White] [Medium] [The Register]
31-07-2017: Facebook COO Sheryl Sandberg: crypto ban won't help trap terrorists. [The Register]
30-07-2017: The very best hacks from Black Hat. [Wired]
29-07-2017: Tor's Dingledine: dark web doesn't exist, and people use network for privacy, not crime. [The Register]
28-07-2017: How Netflix DDoSed itself to help protect the entire Internet. [Wired]
28-07-2017: Zero-day vulnerabilities against Windows in the NSA tools released by the Shadow Brokers. [Schneier] [Rapid7]
28-07-2017: Cyber spies use fake profile as a 'honey pot' to trap male workers. [NZ Herald]
27-07-2017: The opsec blunders that landed a Russian politician's fraudster son in the clink for 27 years. [The Register]
26-07-2017: Russia passes bill banning proxies, TOR, VPNs. [HardOCP] [Info Security]
26-07-2017: How to improve your privacy in Windows 10. [Stuff]
26-07-2017: Spies, cops don't need to crack WhatsApp: they'll just hack your smartphone. [The Register]
26-07-2017: The great Ethereum hack. [Russ White] [FreeCodeCamp]
22-07-2017: Letting cyberattack victims hack back is a very unwise idea. [Wired]
20-07-2017: Cisco 2017 midyear cybersecurity report. [Cisco] [THG]
19-07-2017: Let's harden Internet crypto so quantum computers can't crack it. [The Register] [Wired]
19-07-2017: China's 'future-proof' crypto. [The Register] [BBC News]
10-08-2017: Chinese satellite sends 'hack-proof' message. [BBC News]
18-07-2017: Leaked memo says hackers may have compromised UK power plants. [Engadget]
18-07-2017: Quantum computing could make today's encryption obsolete. [DC Knowledge]
17-07-2017: Inside the cyber-attack on the UK parliament. [BBC News]
13-07-2017: AlphaBay taken down by law enforcement across 3 countries. [Ars Technica] [Gizmodo] [The Register] [The Verge] [Wired]
16-07-2017: Dark web chaos as AlphaBay's Alexandre Cazes found dead in Thai jail. [Stuff]
20-07-2017: AlphaBay and Hansa dark web markets shut down. [BBC News] [The Register] [Krebs] [The Verge] [Ars Technica] [Engadget] [Gizmodo] [The Register] [NZ Herald] [ExtremeTech] [HardOCP] [The Hacker News]
20-07-2017: After AlphaBay’s demise, customers flocked to dark market run by Dutch police. [Krebs]
22-07-2017: After AlphaBay and Hansa, there are only more dark web takedowns to come. [The Verge]
24-07-2017: AlphaBay and Hansa: about those dark web marketplaces takedowns. [The Register]
01-08-2017: Dark web markets boom after AlphaBay and Hansa busts. [BBC News]
22-08-2017: After years of investigation, feds bust one of AlphaBay’s largest drug rings. [Ars Technica]
10-07-2017: 2FA is a mess. [The Verge] [The Register]
09-07-2017: Trump talked to Putin about creating a 'Cyber Security unit'. [Engadget] [Gizmodo] [Ars Technica]
10-07-2017: Donald Trump backtracks on Russia joint cybersecurity unit. [BBC News]
07-07-2017: US military will finally start encrypting soldiers' emails. [Engadget]
07-07-2017: Hacking Team is back. [Engadget]
06-07-2017: Why isn't everyone running DNSSEC? [Russ White] [APNIC Blog]
06-07-2017: It's easier than ever to steal someone's keys. [Schneier] [KeyMe]
06-07-2017: After criticism, US Defense Department will implement new encryption standards next year. [Gizmodo]
06-07-2017: Let’s Encrypt to support wildcard certificates starting January 2018. [THG] [The Register] [Ars Technica]
06-07-2017: Drugs and manufacturing equipment imported over the dark web. [Stuff]
05-07-2017: Hackers are targeting nuclear power plant operators in the US. [The Verge] [ReadWriteWeb] [Ars Technica] [Wired] [The Register]
05-07-2017: A major Dark Net market is down and users are worried they got scammed. [Gizmodo]
03-07-2017: HTTPS Certificate Revocation is broken. [Ars Technica] [HardOCP] [Scott Helme]
03-07-2017: What it's like when pro phishers assail your inbox. [Wired]
01-07-2017: The biggest cybersecurity disasters of 2017 so far. [Wired]
30-06-2017: The encryption debate should end right now. [Wired] [ITP Blog]
30-06-2017: Latest ransomware techniques show need for layered security. [PacketU] [Voxy]
29-06-2017: Shadow Brokers hike prices for stolen NSA exploits. [The Register]
29-06-2017: Let’s Encrypt issues 100 million certificates to help secure the web. [THG]
28-06-2017: Why you'll be sorry when encryption is broken. [NZ Herald]
27-06-2017: GoldenEye ransomware campaign spreads throughout Europe. [THG]
27-06-2017: Idea to encrypt stuff on the web at rest hits the IETF's Standard Track. [The Register]
26-06-2017: The FAA is arguing for security by obscurity. [Schneier] [Federal Register]
24-06-2017: Windows 10 source code leak is an embarrassment for Microsoft. [Engadget] [Gizmodo] [HardOCP] [The Register]
27-06-2017: Microsoft confirms Windows code leak, but size, details disputed. [ExtremeTech]
24-06-2017: Hackers attempt to break into UK MPs' email accounts, as Houses of Parliament targeted by cyber attack. [Graham Cluley] [Stuff] [Engadget] [The Verge] [The Register]
26-06-2017: UK Parliament hack a brute-force attack. [The Register]
26-06-2017: UK Parliament maintains restrictions after hacking. [DC Knowledge]
23-06-2017: If these universities had run an ad blocker they might have been saved from ransomware attack. [Graham Cluley]
21-06-2017: The simple trick used by hackers to pinch your mobile number and wreak havoc on your life. [NZ Herald]
20-06-2017: A new way to deal with DDoS. [Russ White] [ECI Telecom]
20-06-2017: Many companies have been ‘hacked’, but please don’t make it THIS easy. [Graham Cluley]
19-06-2017: Bot attacks getting more difficult to detect. [HardOCP] [Dark Reading]
19-06-2017: New techniques to hijack social media accounts. [Schneier] [AccessNow]
19-06-2017: What the average worker doesn't know about security will scare you. [DC Knowledge]
19-06-2017: Backdoor backlash: European Parliament wants better privacy. [The Register]
16-06-2017: Brit hacker admits he siphoned info from US military satellite network. [The Register] [Graham Cluley] [BBC News]
15-06-2017: Inside a porn-pimping spam botnet. [Krebs]
14-06-2017: Data vs analysis in counterterrorism. [Schneier] [The Guardian]
14-06-2017: Internet hygiene still stinks despite botnet and ransomware flood. [The Register]
13-06-2017: Win XP patched to avert new outbreaks spawned by NSA-leaking Shadow Brokers. [Ars Technica] [The Verge] [The Register] [THG] [ExtremeTech] [Engadget]
21-06-2017: Is continuing to patch WinXP a mistake? [Schneier]
13-06-2017: Hovering Over Links Can Install New Malware. [ExtremeTech]
13-06-2017: Who’s afraid of the big, bad botnet? [The Register]
11-06-2017: How your mouse movement could be used to stop identity theft. [Gizmodo]
07-06-2017: Internet cameras have hard-coded password that can’t be changed. [Ars Technica]
06-06-2017: DDoS trends in the last 20 years. [NANOG YouTube]
06-06-2017: Latest on spear phishing attacks. [Schneier] [PDF]
06-06-2017: Following the money hobbled vDOS attack-for-hire service. [Krebs] [Russ White]
06-06-2017: Telegram is the 'app of choice' for terrorists. [Stuff]
05-06-2017: Leaked NSA report says Russians tried to hack state election officials. [Ars Technica] [Engadget] [Schneier]
13-06-2017: Russian hackers probed election systems in 39 states. [The Verge] [Ars Technica] [Gizmodo] [ExtremeTech]
21-06-2017: US official: Russia 'hacked' 21 US states in election. [BBC News]
05-06-2017: Recovering a stored password from a web browser. [Network Computing]
02-06-2017: Fireball malware's flames infect a quarter of a billion computers. [Graham Cluley] [Wired] [HardOCP]
31-05-2017: If you think WannaCry was huge, wait for EternalRocks. [DC Knowledge]
30-05-2017: How to get away with hacking the Department of Homeland Security. [Graham Cluley]
30-05-2017: Shadow Brokers lay out pitch – and name price – for monthly zero-day subscription service. [The Register] [Ars Technica]
29-05-2017: The impact of encryption. [Russ White] [Network Collective] [YouTube]
29-05-2017: NTP updated to spook-harden user comms. [The Register]
27-05-2017: Internet providers have backdoor access to customers' modems. [NZ Herald]
23-05-2017: The future of ransomware. [Schneier]
17-05-2017: 560 million email credentials have been leaked. [Lifehacker]
16-05-2017: 'Shadow Brokers' threaten to release more hacking tools in June. [Engadget]
17-05-2017: Fearing Shadow Brokers leak, NSA reported critical flaw to Microsoft. [Ars Technica]
11-05-2017: US spymasters trash Kaspersky: AV tools can't be trusted. [The Register]
12-05-2017: US intelligence chiefs don't trust Kaspersky - but why? [Graham Cluley]
11-05-2017: Persirai IoT botnet threatens to hijack over 120,000 IP cameras. [Graham Cluley]
10-05-2017: SS7 flaws exploited to hack smartphone 2FA systems. [Schneier]
09-05-2017: NSA confirms Russia hacked French election infrastructure. [Wired]
09-05-2017: Corsa adds IPv4 blacklist to support DDoS appliances. [Packet Pushers]
09-05-2017: I side with the 'bad guys' on encryption. [Stuff]
06-05-2017: The hijacking flaw that lurked in Intel chips is worse than anyone thought. [Ars Technica] [ExtremeTech]
05-05-2017: Modern phishing attempts look more legit, but the methods haven't changed much. [Lifehacker]
05-05-2017: Tips for World Password Day. [Voxy]
03-05-2017: Watch hackers sabotage an industrial robot arm. [Wired]
02-05-2017: Email hackers cost couple their new home. [Graham Cluley] [Krebs]
01-05-2017: FIDO: multi-factor authentication should be included in NIST’s cybersecurity framework. [THG]
30-04-2017: Secure messaging app showdown: WhatsApp vs. Signal. [Lifehacker]
29-04-2017: Hacker holds Netflix to ransom over ‘Orange is the New Black’. [Graham Cluley] [HardOCP] [DataBreaches] [The Verge] [Gizmodo] [BBC News] [Ars Technica]
27-04-2017: A vigilante is putting a huge amount of work into infecting IoT devices. [Ars Technica]
26-04-2017: Interpol unplugs nearly 9,000 Asian command and control networks. [The Register]
22-04-2017: US court hits Russian PoS hacker with record 27 year jail sentence. [Graham Cluley] [Krebs]
21-04-2017: Why I hacked the government. [BBC News]
19-04-2017: The Hajime IoT worm fights the Mirai botnet for control of your devices. [Graham Cluley] [BBC News] [ExtremeTech]
03-05-2017: Hajime malware is turning 300,000 IoT devices into zombies. [ReadWriteWeb]
14-04-2017: How to spot a link you shouldn't click on. [Gizmodo]
13-04-2017: Criminals getting closer to state actors. [Russ White] [Halbheer]
12-04-2017: For a while the infamous Mirai botnet could have exploited your IoT devices to mine Bitcoins. [Graham Cluley]
11-04-2017: Feds deliver fatal blow to botnet that menaced world for 7 years. [Ars Technica] [Wired]
10-04-2017: How HTTPS website security is making the Internet safer from snoopers. [Gizmodo]
10-04-2017: Security threats keep network teams busy. [Network Computing]
10-04-2017: Internet Society to G20 nations: The web must be fully encrypted. [The Register]
08-04-2017: Forget Mirai – Brickerbot malware will kill your crap IoT devices. [The Register] [Engadget]
06-04-2017: Advanced Chinese hacking campaign infiltrates IT service providers across the globe. [HardOCP] [ZDNet]
06-04-2017: This hacker can talk his way into a data center. [DC Knowledge]
05-04-2017: How hackers hijacked a bank's entire online operation. [HardOCP] [Wired] [Schneier]
04-04-2017: Google and Lookout detail super-sophisticated 'Chrysaor' Android malware. [Android Police]
04-04-2017: Botnets in the cloud. [Russ White] [Microsoft Azure]
03-04-2017: Russian hackers have used the same backdoor for two decades. [Wired]
31-03-2017: When the 'S' in HTTPS also stands for shady. [Engadget]
29-03-2017: Strange Mirai botnet brew blamed for powerful application layer attack. [The Register]
28-03-2017: Odds are in favour of quantum encryption. [Russ White] [CSA]
27-03-2017: Encryption is a good thing. [Graham Cluley]
21-03-2017: Fix crap Internet of Things security, booms Internet daddy Cerf. [The Register]
19-03-2017: Phishing scams even fool tech nerds - here's how to avoid them. [Wired] [HardOCP] [US DoJ] [The Verge]
15-03-2017: Sound waves can be used to fool your phone's motion sensors. [Engadget] [HardOCP]
14-03-2017: 'Walnut' attack uses sound to trick sensors in cars, phones, and other devices. [THG]
13-03-2017: Most people still don't know how to protect themselves online. [The Register]
13-03-2017: The CIA's "Development Tradecraft DOs and DON'Ts". [Schneier] [WikiLeaks]
11-03-2017: 'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows. [The Register] [Coding Horror]
10-03-2017: Google’s new bot-stopping reCAPTCHA is completely invisible. [ExtremeTech] [Gizmodo] [Google] [HardOCP] [NZ Herald] [THG]
08-03-2017: This is why you shouldn’t trust flashy crypto apps. [The Verge]
07-03-2017: The dark web is disappearing. [Gizmodo]
05-03-2017: For true cyber security, using a USB firewall is essential. [Gizmodo]
03-03-2017: How to snoop-proof any phone or tablet. [Gizmodo]
03-03-2017: The golden age of email hacks is only getting started. [Wired]
03-03-2017: Jumping air gaps with blinking lights and drones. [Schneier] [ZDNet] [Wired] [BGU PDF]
28-02-2017: Security slip-ups in 1Password and other password managers 'extremely worrying'. [The Register]
28-02-2017: Protect your online privacy with the 5 best VPNs. [ExtremeTech]
24-02-2017: Major data breach strikes Cloudflare. [ExtremeTech] [Gizmodo] [HardOCP] [THG] [Wired] [The Register]
23-02-2017: SHA-1 collision found. [Schneier] [Google Security] [THG] [The Register] [The Verge] [Wired] [HardOCP] [Engadget] [Russ White]
03-02-2017: SHA-1 crack just got real: System Centre uses it to talk to Linux. [The Register]
08-03-2017: One in five websites still use outdated SHA-1 encryption algorithm. [HardOCP] [The Register]
12-02-2017: Ex-FBI man spills on why hackers are winning the security game. [The Register]
10-02-2017: Crossing border security? Here's how you protect your data. [Graham Cluley] [Zdziarski]
15-02-2017: Want to protect your data at the border? Delete it. [The Verge]
22-02-2017: What to do when border officials ask for your passwords. [Ars Technica]
06-02-2017: Security firms need to stop exaggerating hackers' abilities. [Graham Cluley] [BBC News]
03-02-2017: iOS cracking tools reportedly used by FBI released to public. [Engadget]
03-02-2017: An Anonymous group just took down a fifth of the dark web. [The Verge] [Engadget] [The Register] [Graham Cluley] [HardOCP] [Newsweek]
03-02-2017: How the US Secret Service breaks into smart phones. [Schneier] [CS Monitor]
01-02-2017: Security and Internet of Things. [Schneier]
01-02-2017: Malwarebytes releases Global State of Malware Report. [Geekzone] [Malwarebytes PDF]
30-01-2017: Half the web is now encrypted, making everyone safer. [Wired]
30-01-2017: DC police surveillance cameras were infected with ransomware before inauguration [Ars Technica]
27-01-2017: Quantum computers vs hackers, round 1. [Wired]
18-01-2017: Who is Anna-Senpai, the Mirai Worm Author? [Krebs] [Schneier] [Engadget] [The Register]
18-01-2017: IPv6 vulnerable to fragmentation attacks that threaten core internet routers. [The Register]
13-01-2017: Blocking attacks from the Incredibly Insecure Internet of Things -- IIIoT. [Secure64]
13-01-2017: WhatsApp vulnerability allows snooping on encrypted messages. [The Guardian] [Android Police] [BBC News] [The Register] [HardOCP] [Schneier]
14-01-2017: Reported “backdoor” in WhatsApp is in fact a feature, defenders say. [Ars Technica] [Lifehacker] [Gizmodo]
14-01-2017: WhatsApp vulnerability could allow Facebook and others to read messages. [Graham Cluley]
14-01-2017: Open Whisper Systems defends Whatsapp against 'backdoor' claims. [Engadget]
13-01-2017: Google wants to make encryption easier for everyone. [Engadget] [The Register]
13-01-2017: NSA-leaking Shadow Brokers lob Molotov cocktail before exiting world stage. [Ars Technica] [Engadget]
11-01-2017: Bible verses are easy to guess, so don't use them as your password. [Lifehacker] [BoingBoing]
11-01-2017: The state of DNS security. [Russ White]
11-01-2017: Shamoon disk-wiping attackers can now destroy virtual desktops. [Ars Technica]
09-01-2017: The Orphaned Internet – Taking Over 120K Domains via a DNS vulnerability in AWS, Google Cloud, Rackspace and Digital Ocean. [EtherealMind]
06-01-2017: US grid in ‘imminent danger’ from cyber-attack, study says. [DC Knowledge]
05-01-2017: 20+ VPNs rated on privacy and security side-by-side. [CompariTech]
05-01-2017: The back-door feature problem. [Russ White] [CAIDA, PDF]
02-01-2017: The biggest security threats coming in 2017. [Wired]
2016 – News
29-12-2016: Your 5 totally achievable security resolutions for the New Year. [Wired]
23-12-2016: The year encryption won. [Wired]
22-12-2016: Encryption backdoors are against US national interest. [HardOCP] [ZDNet]
22-12-2016: NIST requests ideas for crypto that can survive quantum computers. [The Register] [THG] [Schneier]
21-12-2016: Don't pay up to decrypt – cure found for CryptXXX ransomware, again. [The Register]
20-12-2016: How to safely delete private data forever. [Gizmodo]
20-12-2016: Hackers suspected of causing power outage in Ukraine. [Graham Cluley]
16-12-2016: DDoS in 2017: Strap yourself in for a bumpy ride. [The Register]
15-12-2016: The new security normal. [Russ White] [MarketWatch]
15-12-2016: One billion affected by Yahoo hack. [BBC News] [Krebs] [The Register] [Lifehacker] [HardOCP] [Reuters] [Wired] [Ars Technica] [Graham Cluley] [ExtremeTech] [Hexus] [THG]
15-12-2016: Stolen Yahoo data includes government employee information. [DC Knowledge]
15-12-2016: Were Yahoo hackers state-sponsored? [BBC News]
15-12-2016: Security experts slam Yahoo management for using old crypto. [The Register]
15-12-2016: What can you do with a billion Yahoo passwords? Lots of bad things. [Ars Technica]
15-12-2016: In wake of billion-account hack, Verizon reportedly not so hot for Yahoo. [Ars Technica]
16-12-2016: Pressure on Yahoo grows after massive hack attack. [BBC News]
22-12-2016: Response: important security information for Yahoo users. [EtherealMind]
15-03-2017: Russian spies indicted in massive Yahoo account breach. [Engadget] [NZ Herald] [BBC News] [The Register] [HardOCP] [NYT] [Wired] [ExtremeTech] [Krebs] [Graham Cluley]
16-03-2017: How Russian hackers took hold of Yahoo. [Gizmodo] [NZ Herald]
16-03-2017: Russia denies Yahoo hack involvement. [BBC News]
20-03-2017: Lessons from Yahoo hack: Simple tips to safeguard your email. [NZ Herald]
13-12-2016: DDoS-for-hire takedown: 34 arrests made by Europol, FBI, and others. [Graham Cluley] [BBC News]
09-12-2016: The Mirai botnet that broke the Internet isn't going away. [Wired]
08-12-2016: Can ISPs step up and solve the DDoS problem? [The Register]
07-12-2016: Terabit-scale multivector DDoS attacks: the new normal in 2017. [DC Journal]
03-12-2016: There’s a new DDoS army, and it could soon rival record-setting Mirai. [Ars Technica]
02-12-2016: Canada wants software backdoors, mandatory decryption capability and records storage. [THG]
02-12-2016: Feds bust huge 'Avalanche' hacker network in global sting operation. [Gizmodo]
26-11-2016: Locky ransomware uses decoy image files to ambush Facebook, LinkedIn accounts. [Ars Technica] [Gizmodo] [Check Point] [Engadget]
22-11-2016: Akamai on the record KrebsOnSecurity attack. [Krebs]
17-11-2016: The encryption conundrum: Should tech compromise or double down? [The Register]
16-11-2016: Clever USB stick installs backdoor on locked PCs. [Wired] [Gizmodo] [Schneier] [Russ White]
16-11-2016: Experts to Congress: You must act on IoT security. [The Register]
14-11-2016: IoT goes nuclear. [Russ White] [eyalro]
13-11-2016: New attack reportedly lets 1 modest laptop knock big servers offline. [Ars Technica]
11-11-2016: Russian banks floored by withering DDoS attacks. [The Register]
04-11-2016: Cheap IoT threatens the Internet. [Russ White] [Monday Note]
04-11-2016: Mirai IoT botnet blamed for 'taking Liberia off the internet'. [BBC News]
04-11-2016: Did the Mirai botnet really take Liberia offline? [Krebs] [Graham Cluley]
04-11-2016: DDoSing a country. [Russ White] [ISOC]
01-11-2016: This office printer is actually a rogue cell tower. [Gizmodo] [The Register] [Wired] [Ars Technica]
01-11-2016: The Dark Web isn't all guns and drugs. [Engadget]
29-10-2016: U.S. feds hope cyberattacks will wither under new “strategic principles”. [ReadWriteWeb]
28-10-2016: AI learns how to craft crude crypto all by itself. [The Register] [Schneier]
28-10-2016: Eavesdropping on typing over VoIP. [Schneier] [Cornell arXiv: PDF]
28-10-2016: Web devs want to make the Internet of S**t worse -- much worse. [The Register]
28-10-2016: That Botnet-of-Things malware is getting a nasty makeover. [Ars Technica] [Arbor Networks]
27-10-2016: Internet of S**t things claims another scalp: DNS DDoS smashes StarHub. [The Register]
25-10-2016: Multiple DNS providers and DDoS. [Russ White] [ISOC]
25-10-2016: Corero warns of impending 'tens of terabits per second' DDoS attacks. [THG]
24-10-2016: The Internet needs a security update. [Russ White] [CircleID]
22-10-2016: Why cybersecurity certifications suck. [ipSpace] [Errata Security]
20-10-2016: Some perspective on IoT devices and DDoS attacks. [Russ White] [Arbor Networks]
20-10-2016: Attackers logging your keystrokes via Skype. [Graham Cluley] [THG]
19-10-2016: Spreading the DDoS disease and selling the cure. [Krebs]
18-10-2016: SHA3-256 is quantum-proof, should last billions of years. [The Register]
17-10-2016: Virtual kidnapping. [Schneier] [Washington Post]
15-10-2016: How a chunk of the web disappeared this week: GlobalSign's global HTTPS mistake explained. [The Register]
14-10-2016: Hackers hit a nuclear plant. [Wired]
14-10-2016: Huge DDoS attacks are about to get bigger: Mirai bots infect Sierra Wireless gateways. [The Register] [Ars Technica]
02-12-2016: Meet the two hackers behind October’s big DDoS attack. [ReadWriteWeb]
12-10-2016: Internet routing security initiative gains traction. [Network Computing]
11-10-2016: NSA could put undetectable “trapdoors” in millions of crypto keys. [Ars Technica]
10-10-2016: These 60 dumb passwords can hijack over 500,000 IoT devices into the Mirai botnet. [Graham Cluley]
05-10-2016: CloudFlare shows Tor users the way out of CAPTCHA hell. [The Register]
03-10-2016: The venerable, vulnerable firewall. [Russ White] [CircleID]
29-09-2016: The biggest attack in internet history. [Russ White] [LawFare]
29-09-2016: The growing problem of bots that fight on line. [Russ White] [MIT Technology Review]
27-09-2016: 152k cameras in 990Gbps record-breaking dual DDoS. [The Register] [Ars Technica]
25-09-2016: Australian border cops say they've cracked 'dark net' drug sales. [The Register]
23-09-2016: Malware figures out it's running on VMs and refuses to execute. [The Register] [Schneier] [SentinelOne]
20-09-2016: CloudFlare launches a three-pronged attack to encrypt the entire web. [Wired]
20-09-2016: Quantum comms succeed over metro-scale fibre networks. [The Register]
19-09-2016: Some Cisco customers are being hacked with NSA's exploit tools. [THG] [Graham Cluley]
19-09-2016: Dark web drug sellers shutter location-tracking EXIF data from photos. [The Register]
18-09-2016: Arbor Networks marks 20 years of DDoS attacks targeting ISP networks. [Geekzone]
13-09-2016: Someone is learning how to take down the Internet. [Schneier] [BBC News] [Russ White] [LawFare] [ExtremeTech]
12-09-2016: How 911 emergency services across the United States could be knocked offline by a mobile botnet. [Graham Cluley]
08-09-2016: Verisign DDoS report Q2 2016. [Russ White] [Verisign]
07-09-2016: The limits of SMS for 2-factor authentication. [Krebs]
31-08-2016: FBI Director wants 'adult conversation' about backdooring encryption. [The Register] [HardOCP] [AP]
31-08-2016: Building a new Tor that can resist next-generation state surveillance. [Ars Technica]
30-08-2016: Your browser's password manager probably isn't enough. [Wired]
29-08-2016: iPhone zero-day used by UAE government. [Schneier]
31-08-2016: NSO Group. [Schneier]
26-08-2016: The NSA is hoarding vulnerabilities. [Schneier]
25-08-2016: A hacking group is selling iPhone spyware to governments. [Wired]
23-08-2016: Boffins design security chip to spot hidden hardware trojans in processors. [The Register]
23-08-2016: Password strength meters still aren't trustworthy. [Lifehacker] [Sophos]
23-08-2016: FBI improved a dark web child pornography site. [Engadget] [Gizmodo]
19-08-2016: Lawless government hacking. [Russ White] [EFF]
17-08-2016: Cisco confirms NSA-linked zeroday targeted its firewalls for years. [Ars Technica]
17-08-2016: The Shadow Brokers mess is what happens when the NSA hoards zero-days. [Wired]
24-08-2016: NSA-linked Cisco exploit poses bigger threat than previously thought. [Ars Technica]
15-08-2016: Hackers claim to auction data they stole from the NSA-linked spies. [Wired] [Ars Technica] [Gizmodo]
16-08-2016: Major NSA/Equation Group leak. [Schneier]
16-08-2016: No-one wants to buy those stolen NSA-linked cyber weapons. [Wired] [HardOCP] [Washington Post]
16-08-2016: Confirmed: hacking tool leak came from “omnipotent” NSA-tied group. [Ars Technica]
16-08-2016: Snowden speculates leak of NSA spying tools is tied to Russian DNC hack. [Ars Technica] [Engadget] [The Register] [BBC News] [The Register]
17-08-20916: NSA website goes down as hackers auction stolen ‘cyber weapons’. [Graham Cluley]
19-08-2016: Your guide to the ‘Shadow Brokers’ NSA theft, which puts the Snowden leaks to shame. [ExtremeTech]
19-08-2016: New Snowden docs suggest Shadow Broker leak was real. [Engadget] [Gizmodo]
22-08-2016: This hacker says he stole more NSA hacking tools. [Gizmodo]
24-08-2016: Equation Group exploit hits newer Cisco ASA, Juniper Netscreen. [The Register]
23-09-2016: NSA operative might have accidentally leaked its hacking tools. [Engadget] [Reuters]
16-12-2016: Shadow Brokers re-emerge, with NSA’s secret exploits for sale. [Graham Cluley]
15-08-2016: Someone seems to be trying to spy on VeraCrypt's security audit. [Graham Cluley] [The Register]
15-08-2016: Tor users in the States were hacked by Australian authorities. [Graham Cluley]
15-08-2016: Blogger turns tables on cyber-scammer by infecting them with ransomware. [Graham Cluley] [Kwiatkowsi] [BBC News]
13-08-2016: NTP is still a security risk. [Russ White] [CircleID]
12-08-2016: The new way to make strong passwords - it's way easier. [NZ Herald] [Stuff]
10-08-2016: Tor promises not to build backdoors into its services. [Engadget]
09-08-2016: How the Iranian government hacks dissidents. [Schneier] [Washington Post]
04-08-2016: Hacking US infrastructure: How vulnerable is it? [ExtremeTech]
03-08-2016: Forget security training, it's never going to solve Layer 8 - people. [The Register]
02-08-2016: Frequent password changes are the enemy of security. [Ars Technica] [Graham Cluley]
02-08-2016: Meet the men who spy on women through their webcams. [Graham Cluley] [Ars Technica]
02-08-2016: 200 million Yahoo passwords being sold on the Dark Web? [Graham Cluley]
02-08-2016: The AdGholas malvertising network used steganography. [Graham Cluley]
02-08-2016: Australian spooks' email guide banishes MS Word macros, JavaScript. [The Register]
01-08-2016: Russia claims it can collect encryption keys. [Engadget] [HardOCP] [DailyDot]
01-08-2016: Secure email service GhostMail shutting down in fear of being abused. [Graham Cluley]
01-08-2016: Meet the chaps who run the Black Hat NoC and let malware roam free. [The Register]
31-07-2016: Moxie Marlinspike, the anarchist bringing encryption to us all. [Wired]
31-07-2016: U.S. Government says SMS codes aren’t safe. [HardOCP] [VentureBeat] [Ars Technica]
28-07-2016: Your wireless keyboard could be giving your secrets away. [Stuff] [Schneier] [Wired]
27-07-2016: New attack bypasses HTTPS protection on Macs, Windows, and Linux. [Ars Technica] [Russ White]
27-07-2016: Choosing a next-generation firewall: 7 factors. [Network Computing]
26-07-2016: Millions of wireless keyboards can let hackers see what you're typing. [Gizmodo]
26-07-2016: Crypto-heist threatens to tank blockchain-based future. [ExtremeTech]
22-07-2016: Malicious computers caught snooping on Tor-anonymized Dark Web sites. [Ars Technica] [ExtremeTech]
26-07-2016: Boffins snoop on snooping Tor nodes. [The Register]
20-07-2016: Now you can hide your smart home on the Darknet. [Wired]
19-07-2016: DDoS trends: Bigger, badder but not longer. [The Register] [HardOCP] [ZDNet]
13-07-2016: Meet Riffle, the next-gen anonymity network that hopes to trounce Tor. [The Register] [Graham Cluley] [ExtremeTech]
12-07-2016: The FBI says its malware isn’t malware because the FBI is good. [Gizmodo] [Graham Cluley]
12-07-2016: SCADA malware caught infecting European energy company. [The Register] [Ars Technica]
18-07-2016: Security firm clarifies power-station 'SCADA' malware claim. [The Register]
11-07-2016: MIT anonymity network promises to be more secure than Tor. [Engadget]
11-07-2016: HTTPS is not a magic bullet for Web security. [Ars Technica]
11-07-2016: Amazingly insecure industrial control systems + internet = no. [The Register]
09-07-2016: HTTPS crypto’s days are numbered. Here’s how Google wants to save it. [Ars Technica] [ExtremeTech] [Schneier]
08-07-2016: Researchers discover Tor nodes designed to spy on hidden services. [Schneier] [BoingBoing]
01-07-2016: Chinese gambling site served near record-breaking complex DDoS. [The Register]
30-06-2016: LizardStresser recruits an army of zombie webcams to launch DDoS attacks. [Graham Cluley] [Russ White] [Arbor Networks]
29-06-2016: Interview with an NSA hacker. [Schneier] [The Intercept]
28-06-2016: 25,000 malware-riddled CCTV cameras form network-crashing botnet. [The Register] [Engadget]
27-06-2016: Researchers steal data using noise from your PC's fans. [HardOCP] [PCWorld] [Wired] [ExtremeTech]
26-06-2016: Stop using SMS for 2FA. [Wired]
24-06-2016: How malware could steal data from an air-gapped PC – via its fan. [Graham Cluley]
23-06-2016: Tor onion hardening will be tear-inducing for feds. [The Register]
22-06-2016: Fraudsters are buying IPv4 addresses. [Schneier] [The Register]
22-06-2016: Stuxnet was the opening shot of decades of non-stop cyber warfare. [The Register]
20-06-2016: Fishing for a cure to DDoS attacks. [DC Journal] [Russ White]
17-06-2016: Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate. [The Register] [Schneier]
09-06-2016: Massive DDoS attacks reach record levels. [HardOCP] [Network World]
06-06-2016: TeamViewer confirms number of hacked user accounts is “significant". [Ars Technica] [The Register]
04-06-2016: How spies, anyone can grab crypto keys from the air. [The Register]
02-06-2016: Cisco warns IPv6 ping-of-death vulnerability is everyone's problem. [The Register]
08-06-2016: IPv6 ping-of-death hits Junos, too. [The Register]
01-06-2016: Hardware backdoor hides in a tiny slice of a computer chip. [Wired]
01-06-2016: The impossible task of creating a “Best VPNs” list today. [Ars Technica]
31-05-2016: Tor Browser 6.0 released with DuckDuckGo search engine support enabled by default. [THG]
25-05-2016: Major DNS provider hit by mysterious, focused DDoS attack. [Ars Technica]
24-05-2016: Poisoned Word document attack refuses to work if it believes it is being watched. [Graham Cluley]
18-05-2016: Mozilla fails to get the details on the FBI's malware hack. [Engadget]
26-05-2016: Judge throws out evidence after FBI refuses to reveal Tor vulnerability. [THG]
04-06-2016: FBI: Exploit that revealed Tor-enabled child porn users wasn’t malware. [Ars Technica]
25-06-2016: FBI’s use of Tor exploit is like peering through “broken blinds". [Ars Technica] [Engadget]
18-05-2016: LinkedIn password breach much bigger than thought: 117 million. [Ars Technica] [BBC News] [Graham Cluley] [The Register] [Krebs] [HardOCP] [Kaspersky] [Stuff]
19-05-2016: LinkedIn plays down '117 million users' breach data sale. [The Register]
23-05-2016: LinkedIn's poor handling of 2012 data breach comes back to haunt it. [Graham Cluley]
01-06-2016: How LinkedIn’s password sloppiness hurts us all. [Ars Technica]
17-05-2016: Lego robots versus gesture security. [Russ White] [Motherboard]
17-05-2016: Random number generator 'improved'. [BBC News] [The Register] [THG] [Russ White] [TheNewStack]
12-05-2016: The Ukrainian hacker who became the FBI’s best weapon - and worst nightmare. [Wired]
12-05-2016: FBI director warns that feds will bring more encryption-related cases. [Ars Technica]
09-05-2016: NIST starts planning for post-quantum cryptography. [Schneier] [NIST PDF] [The Register] [ComputerWorld] [ExtremeTech]
08-05-2016: FBI can obtain a warrant if you run Tor come December. [HardOCP] [The Merkle]
05-05-2016: Stop resetting your passwords, says UK govt's spy network. [The Register]
03-05-2016: Privacy and cybercrime update. [Russ White]
03-05-2016: The future of encryption is in these politicians hands. [Wired]
03-05-2016: Global Threat Intelligence report ahead of Government Cyber Security Summit. [Stuff]
27-04-2016: Hacking group “PLATINUM” used Windows’ own patching system against it. [Ars Technica]
25-04-2016: Hackers who got caught by a typo were trying to take over the world. [Gizmodo] [Reuters]
25-04-2016: Clapper: Snowden sped up sophistication of crypto, “it’s not a good thing”. [Ars Technica]
22-04-2016: Over 1 million Facebook users login anonymously over Tor. [THG]
21-04-2016: Lock-hackers crack restricted keys used to secure data centres. [The Register]
14-04-2016: A scheme to encrypt the entire web is actually working. [Wired]
14-04-2016: The US is attacking Islamic State with 'cyber bombs'. [Gizmodo] [Reuters] [Ars Technica] [Engadget] [ExtremeTech]
28-04-2016: As US drops “cyber bombs,” ISIS retools its own cyber army. [Ars Technica]
12-04-2016: Are cryptoworms the future of ransomware? [Graham Cluley]
08-04-2016: Is this how a hacker got the Panama papers? [Gizmodo]
08-04-2016: Security experts react negatively to Burr-Feinstein anti-encryption bill. [THG] [Gizmodo] [Wired] [HardOCP] [TechDirt] [Engadget] [The Register] [Schneier] [Monday Note]
12-04-2016: What you should know about Congress's latest attempt to criminalize encryption. [Lifehacker]
13-04-2016: Read the full Senate bill requiring encryption backdoors. [Engadget]
14-04-2016: Burr-Feinstein anti-encryption draft officially released, Wyden promises filibuster. [THG]
14-04-2016: US anti-encryption law is so 'braindead' it will outlaw file compression. [The Register]
03-05-2016: Julian Sanchez on the Feinstein-Burr bill. [Schneier] [Just Security] [Just Security] [Russ White]
29-05-2016: Senate anti-encryption bill is effectively dead, for now. [Engadget] [The Register]
07-04-2016: Reuters: White House refuses to openly back encryption law. [Engadget]
07-04-2016: Bypassing phone security through social engineering. [Schneier]
05-04-2016: WhatsApp adds end-to-end encryption. [BBC News] [Ars Technica] [Wired] [Stuff] [Graham Cluley] [Schneier] [Android Police] [Engadget]
04-04-2016: Gmail, Facebook Messenger BREACHed once again. [The Register]
03-04-2016: Tor accuses CloudFlare of blocking its anonymizing network. [Engadget]
01-04-2016: The artist using museums to amplify Tor’s anonymity network. [Wired]
31-03-2016: Why do the Feds usually try to unlock phones? It’s drugs, not terrorism. [Wired]
31-03-2016: UK cops tell suspect to hand over crypto keys in US hacking case. [Ars Technica]
31-03-2016: ISIS encryption opsec. [Schneier]
30-03-2016: Senator Wyden recalls SOPA fight in bid to defeat encryption-weakening efforts. [The Register] [THG]
30-03-2016: CloudFlare: 94 percent of the Tor traffic we see is “per se malicious". [Ars Technica]
30-03-2016: The Apple-FBI battle is over, but the new crypto wars have just begun. [Wired] [Schneier]
30-03-2016: The anatomy of a nation-state hack attack. [BBC News]
30-03-2016: Poll results: Internet users don't understand security or privacy. [The Register] [Stuff]
29-03-2016: FBI: No, we won't tell you how we unmask and torpedo illegal Tor users. [The Register] [BBC News] [Gizmodo]
25-10-2016: Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits. [The Register]
25-03-2016: Stealthy malware targeting air-gapped PCs leaves no trace of infection. [Ars Technica]
23-03-2016: Google, Microsoft, and others publish new email security standard. [HardOCP] [InfoWorld]
22-03-2016: Tor Project works on anti-FBI defenses amid iOS row with Apple. [The Register]
22-03-2016: FBI's Most Wanted: Syrian Electronic Army hacktivists. [The Register] [Engadget] [Schneier] [Graham Cluley]
21-03-2016: Paris terrorists used burner phones, not encryption, to evade detection. [Ars Technica]
17-03-2016: HTTPS is not enough: boffins fingerprint user environments without cracking crypto. [The Register]
17-03-2016: New NIST encryption guidelines. [Schneier] [NIST PDF]
16-03-2016: Thoughts on encryption. [Networking Nerd]
16-03-2016: Reaction: more encryption is bad? [Russ White]
14-03-2016: In the FBI’s crypto war, apps may be the next target. [Wired] [THG] [Schneier]
11-03-2016: Hackers target anti-DDoS firm Staminus. [Krebs] [Ars Technica] [Gizmodo]
10-03-2016: Using mouse movements to track you on the Tor network. [HardOCP] [ZDNet]
09-03-2016: Trivial path for DDoS amplification attacks found by infosec bods. [The Register]
07-03-2016: Apple Macs hit with first-ever ransomware. [ExtremeTech] [Hexus] [THG]
07-03-2016: GCHQ boss: Tech firms should co-operate over encryption. [BBC News] [The Register]
06-03-2016: DDoS attacks up 149% from last quarter. [HardOCP] [TweakTown]
05-03-2016: Quantum computer could mean end of encryption. [HardOCP] [MIT]
03-03-2016: New attack steals secret crypto keys from Android and iOS phones. [Ars Technica]
03-03-2016: Next-generation firewalls put to the test. [Network Computing]
02-03-2016: Schneier: We're sleepwalking towards digital disaster and are too dumb to stop. [The Register]
01-03-2016: What exactly do we mean by 'backdoor'? [The Register]
01-03-2016: DDoS attacks up 149 percent as brassy booter kids make bank. [The Register]
29-02-2016: Tor takes aim against malicious nodes on the network. [The Register]
27-02-2016: Most software already has a “golden key” backdoor: the system update. [Ars Technica]
26-02-2016: Hackers caused Ukrainian power outage, US report concludes. [Ars Technica] [Schneier]
25-02-2016: Tor users are actively discriminated against by website operators. [The Register]
24-02-2016: CloudFlare may consider binning CAPTCHAs for Tor users. [The Register] [Ars Technica]
23-02-2016: Flaws in wireless mice and keyboards let hackers type on your PC. [Wired] [HardOCP] [Bastille] [The Register] [Graham Cluley] [Gizmodo]
19-02-2016: Tor: 'Mystery' spike in hidden addresses. [BBC News]
04-03-2016: Number of Tor hidden sites spikes - along with paranoia. [Ars Technica]
19-02-2016: FBI must reveal the code it used to hack Dark Web pedophiles. [Engadget]
18-02-2016: NSA’s director says Paris attacks “would not have happened” without crypto. [Ars Technica]
15-02-2016: Survey of the dark web. [Schneier] [Taylor & Francis Online]
15-02-2016: US intelligence chief: the Internet of Things will be used to spy and hack. [Graham Cluley]
13-02-2016: FBI wants $38 million in funding to break encryption. [HardOCP] [ZDNet]
11-02-2016: Global crypto survey proves govt backdoors completely pointless. [The Register] [Schneier] [Ars Technica] [Wired]
10-02-2016: GSMA outlines thoroughly sensible IoT security rules. [The Register] [GSMA]
09-02-2016: How to hack the power grid through home air conditioners. [Wired]
09-02-2016: Senator McCain calls for end-to-end encryption ban in US. [THG]
11-02-2016: U.S. encryption ban would force companies to migrate, say researchers. [THG]
05-02-2016: The 8 worst data breaches of all time. [Network Computing]
02-02-2016: More details on the NSA switching to quantum-resistant cryptography. [Schneier] [NSA IAD]
03-02-2016: Study shows Fed encryption fears overblown — but that’s not good news. [ExtremeTech]
04-02-2016: NSA plans to 'Act Now' to ensure quantum computers can't break encryption. [Gizmodo] [NSA IAD]
01-02-2016: Feds don’t need crypto backdoors to spy - your TV and toothbrush will do. [Ars Technica]
30-01-2016: How anti-encryption laws put everyone at risk. [PocketNow]
28-01-2016: Israeli academics claim they can predict botnet attacks. [The Register]
27-01-2016: Tails 2.0 emerges with major new features, security improvements. [THG] [Tails] [Engadget]
27-01-2016: 500Gbps DDoS attack flattens world record. [The Register] [HardOCP] [ZDNet]
23-01-2016: Internet of Things security is so bad, there’s a search engine for sleeping kids. [Ars Technica]
23-01-2016: After FBI briefly ran Tor-hidden child-porn site, investigations went global. [Ars Technica] [Engadget]
22-01-2016: NSA director: 'Encryption is foundational to the future'. [Engadget]
21-01-2016: NSA chief stakes out pro-encryption position. [HardOCP] [The Intercept]
21-01-2016: The end of work passwords. [Stuff]
19-01-2016: Australia and America working on global no-state-hacking pact. [The Register]
17-01-2016: Here’s what Tor’s data looks like as it flows around the world. [Wired]
15-01-2016: Google's creepy plan to kill the password. [Engadget] [HardOCP] [Stuff]
14-01-2016: New York bill would ban strong encryption, mandate backdoors in all devices. [ExtremeTech] [Ars Technica] [HardOCP] [Inedependent]
13-01-2016: Cisco admits hardcoded password in wireless points. [The Register]
13-01-2016: The debate over government 'backdoors' into encryption isn't just happening in the US. [NZ Herald]
12-01-2016: French government may try to ban strong encryption. [THG]
12-01-2016: Dutch police claim they can crack PGP-encrypted BlackBerrys. [ExtremeTech] [The Register]
12-01-2016: Fortinet explains SSH 'backdoor' discovered in firewalls. [The Register] [Ars Technica]
23-01-2016: Thought you were safe from the Fortinet SSH backdoor? Think again. [The Register]
12-01-2016: DD4BC DDoS extortion gang smashed by international cops. [Graham Cluley]
08-01-2016: Facebook, Google, Microsoft, Twitter, Yahoo slag Snooper’s Charter. [Ars Technica] [HardOCP] [ZDNet] [The Register]
08-01-2016: Power grid vulnerability threatens national security. [DC Knowledge]
08-01-2016: Checkpoint hacks across air-gaps. [The Register]
07-01-2016: US leaders meet with tech CEOs to fight terrorism online. [Engadget] [Wired]
07-01-2016: ProPublica launches dark web's first major news site. [Wired] [Engadget]
07-01-2016: FBI hacked the Dark Web to bust 1,500 pedophiles. [Engadget]
07-01-2016: Trend Micro: Internet scum grab Let's Encrypt certs to shield malware. [The Register]
06-01-2016: The father of online anonymity has a plan to end the crypto war. [Wired]
06-01-2016: Hackers cause a blackout for the first time. [HardOCP] [Washington Post] [Engadget]
04-01-2016: Dutch govt says no to backdoors, gives $540k to OpenSSL. [The Register] [BBC News] [Schneier]
04-01-2016: Irked train hackers talk derailment flaws, drop SCADA password list. [The Register]
2015 – News
31-12-2015: Forget anonymity, we can remember you wholesale with machine intel, hackers warned. [The Register]
31-12-2015: Trustworthy x86 laptops? There is a way, says system-level security ace. [The Register]
31-12-2015: Cory Doctorow on software security and the Internet of Things. [Schneier] [The Guardian]
31-12-2015: Microsoft to warn of nation-state hacks. [BBC News]
31-12-2015: Web attack knocks BBC websites offline. [BBC News] [Graham Cluley]
02-01-2016: 'Anti-IS group' claims BBC website attack. [BBC News]
30-12-2015: John McAfee rattles tin for password replacement tech. [The Register]
28-12-2015: 2016 reality: lazy authentication still the norm. [Krebs] [HardOCP]
27-12-2015: Destroying a hard drive permanently. [HardOCP] [Scientific American]
27-12-2015: North Korea’s computer operating system revealed. [HardOCP] [The Guardian] [Engadget] [Hexus] [Stuff] [ExtremeTech] [BBC News] [The Register]
27-12-2015: China anti-terrorism law makes firms give up encryption keys. [Engadget] [ReadWriteWeb] [The Register]
26-12-2015: Researchers propose using patterns and icons for passwords. [Engadget] [HardOCP] [Plymouth University]
22-12-2015: Oracle ordered to admit it deceived users over Java security updates for years. [Graham Cluley]
21-12-2015: Iranian hackers 'targeted' New York dam. [BBC News] [Graham Cluley] [The Register]
18-03-2016: America accuses Iran of hacking the dam, cyber-squirrels rejoice. [Engadget] [The Register]
25-03-2016: Federal grand jury indicts 7 Iranians for “campaign of cyber attacks". [Ars Technica] [Wired]
20-12-2015: The CIA secret to cybersecurity that no-one seems to get. [Wired]
19-12-2015: Clinton wants a Manhattan Project for encryption. [Gizmodo] [The Register] [Ars Technica]
19-12-2015: A cybersecurity bill loathed by tech companies is now law. [Gizmodo]
19-12-2015: Xbox Live pummeled by DDoS attack; hacker group claims responsibility. [Ars Technica]
18-12-2015: Users their own worst enemy when it comes to encrypted messaging apps. [Graham Cluley]
18-12-2015: “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic. [Ars Technica] [The Register] [Engadget] [BBC News] [DC Knowledge] [Graham Cluley] [Gizmodo] [Schneier]
18-12-2015: FBI is investigating the Juniper Networks security hole. [Engadget]
20-12-2015: Juniper admits up to two attacks from 'unauthorised code'. [The Register]
21-12-2015: How to log into any backdoored Juniper firewall – hard-coded password published. [The Register]
22-12-2015: Researches solve Juniper backdoor -- signs point to NSA. [Wired] [THG]
22-12-2015: Cisco probes self for Juniper-style backdoors. [The Register]
23-12-2015: Juniper's VPN security hole is proof that govt backdoors are bonkers. [The Register]
23-12-2015: Juniper backdoors and vendor stone throwing. [Network Inferno]
23-12-2015: NSA helped GCHQ find security holes in Juniper firewalls. [The Intercept]
28-12-2015: NSA/GCHQ exploits against Juniper networking equipment. [Schneier]
08-01-2016: New discovery around Juniper backdoor raises more questions about the company. [Wired]
10-01-2016: Juniper drops NSA-developed code following new backdoor revelations. [Ars Technica] [Graham Cluley]
10-01-2016: Juniper resets 'days since last rogue code incident' clock. [The Register]
19-04-2016: Details about Juniper's firewall backdoor. [Schneier]
28-04-2016: A systematic analysis of the Juniper Dual EC incident. [Russ White] [IACR]
14-07-2016: Crypto flaw made it easy for attackers to snoop on Juniper customers. [Ars Technica]
09-09-2021: More detail on the Juniper hack and the NSA PRNG backdoor. [Schneier] [Bloomberg]
16-12-2015: Former national security officials urge government to embrace rise of encryption. [NZ Herald]
16-12-2015: Meet CISA, a de facto cyber patriot act. [THG] [The Register]
16-12-2015: Unisys predicts entirely new classes of cyberthreats will require fresh countermeasures in 2016. [Stuff]
16-12-2015: Fact-checking the debate on encryption. [Ars Technica]
15-12-2015: Dumb human errors can undermine the security of encrypted communication apps. [Gizmodo]
14-12-2015: Moonfruit takes customers’ sites offline, as it prepares for DDoS attack. [Graham Cluley]
14-12-2015: Twitter warns users of possible 'state sponsored' attacks. [Graham Cluley] [Stuff] [Ars Technica]
14-12-2015: A Tor alternative uses spam traffic to hide messages. [Gizmodo]
13-12-2015: Tor's new executive director is a digital privacy legend. [Engadget]
12-12-2015: Your VPN may be worthless. [Engadget]
11-12-2015: Silicon Valley's Congresswoman comes to the defense of Tor. [The Register] [Wired]
10-12-2015: FBI Director: Silicon Valley’s encryption is a “business model problem". [Ars Technica] [Gizmodo]
08-12-2015: Internet's root servers take hit in DDoS attack. [The Register] [Ars Technica] [Schneier]
08-12-2015: Getting a Linux box corralled into a DDoS botnet is easier than many think. [Ars Technica]
08-12-2015: How Israel regulates encryption. [Schneier] [LawFare]
08-12-2015: Europe agrees response to cyber-attacks. [BBC News]
07-12-2015: Bank refuses to pay $3,000,000 ransom, hacker exposes customer account details. [Graham Cluley]
07-12-2015: UK research network Janet under ongoing and persistent DDoS attack. [The Register]
08-12-2015: Day 2: Janet still being hit by DDoS attack. [The Register]
15-12-2015: Janet pulls open network info for good after DDoSers exploit it. [The Register]
06-12-2015: France mulls tighter noose around crypto. [The Register] [Gizmodo] [ExtremeTech] [Ars Technica]
08-12-2015: You know you've lost if terrorism means you start banning public Wi-Fi. [Graham Cluley]
11-12-2015: France will not ban WiFi or Tor. [HardOCP] [The Daily Dot] [Engadget]
04-12-2015: White hats, FBI and cops team up for Dorkbot botnet takedown. [The Register] [HardOCP] [Engadget]
03-12-2015: Watching amateur coders foil a 'bioterrorist plot'. [Engadget]
03-12-2015: Seven years on, the Conficker worm is not dead... but dominating. [Graham Cluley]
03-12-2015: Fake LinkedIn profiles used by hackers. [BBC News]
03-12-2015: Industrial control system gateway fix opens Heartbleed, Shellshock. [The Register]
01-12-2015: Sued for using HTTPS: big brands told to cough up in crypto patent fight. [The Register] [Ars Technica] [Gizmodo]
04-12-2015: Big names settle out of court with CryptoPeak in HTTPS patent spat. [The Register]
25-11-2015: Encryption stops criminals -- weakening it doesn't make sense. [Graham Cluley]
23-11-2015: Dell does a Superfish, ships PCs with easily cloneable root certificates. [Ars Technica] [The Register] [ExtremeTech] [Engadget] [Graham Cluley] [Krebs] [THG]
23-11-2015: Dell's dodgy security certificate is an hard to remove. [The Register]
24-11-2015: Dell acknowledges security hole in new laptops. [HardOCP] [Reuters] [The Register] [BBC News]
24-11-2015: Dell apologizes for HTTPS certificate fiasco, provides removal tool. [Ars Technica] [Graham Cluley] [ExtremeTech]
24-11-2015: Dell promised security -- then delivered a huge security hole. [Wired]
25-11-2015: Dell computers bundled with backdoor that blurts hardware fingerprint to websites. [The Register] [Ars Technica]
25-11-2015: Second Dell backdoor root cert found. [The Register]
21-11-2015: TrueCrypt is safer than previously reported, detailed analysis concludes. [Ars Technica] [HardOCP] [The Register]
20-11-2015: Price list for secret hacker techniques. [HardOCP] [Wired]
19-11-2015: The internet of insecure, untrustworthy things. [Graham Cluley]
19-11-2015: KilerRat spying software takes njrat to the next level. [Graham Cluley]
18-11-2015: Tor is getting a major security upgrade. [ExtremeTech]
18-11-2015: DoD head enlists Silicon Valley to transform the military. [Wired]
18-11-2015: UK says it will hit back against Internet attacks. [Graham Cluley]
17-11-2015: Congress considers letting US companies hack Chinese attackers. [Engadget] [HardOCP] [AP]
17-11-2015: Why the G20’s new “anti-hacking” agreement is pointless. [Ars Technica]
16-11-2015: Paris attacks blamed on strong encryption and Snowden. [Schneier] [Gizmodo] [NZ Herald] [Wired] [Krebs]
16-11-2015: ISIS encrypted communications with Paris attackers. [Ars Technica] [BBC News]
17-11-2015: Islamic State is plotting deadly cyber-attacks. [BBC News]
18-11-2015: Congressmen want parts of the Internet ISIS use shut down. [The Register]
18-11-2015: UK to create cybersecurity forces to fight off ISIS hackers. [Engadget] [Gizmodo]
18-11-2015: Paris terrorists didn't use encryption. [Schneier]
18-11-2015: Encryption row intensifies. [BBC News]
19-11-2015: Telegram encrypted messaging service cracks down on ISIS broadcasts. [Ars Technica] [Engadget] [BBC News]
19-11-2015: Tech firms fight anti-encryption demands after Paris murders. [The Register] [BBC News]
19-11-2015: ISIS' opsec manual reveals how it handles cybersecurity. [Wired]
19-11-2015: Let's have an argument about encryption. [Engadget]
20-11-2015: Clinton, others: stop helping terrorists, Silicon Valley – weaken your encryption. [The Register] [ExtremeTech] [Wired] [Engadget] [Gizmodo] [Wired]
20-11-2015: Tech goliaths stand firm against demands for weaker encryption after Paris terror attacks. [The Register]
20-11-2015: Politicians to Silicon Valley: the government is not your adversary. [HardOCP] [cNet]
07-12-2015: Obama calls out encryption in terror strategy speech. [The Register]
16-11-2015: Police body cams found pre-installed with notorious Conficker worm. [Ars Technica]
15-11-2015: Op-ed: (How) did they break Diffie-Hellman? [Ars Technica]
13-11-2015: Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC. [Ars Technica] [Schneier]
13-11-2015: 'Let's Encrypt' service available to everyone on December 3, as public beta opens. [THG]
03-12-2015: Free HTTPS certs for all – Let's Encrypt opens doors to everyone. [The Register] [THG]
08-03-2016: Let’s Encrypt has issued 1 million certificates and counting, boosting HTTPS adoption. [THG]
13-11-2015: Jail for British DDoS attacker, who said too much on Twitter. [Graham Cluley]
12-11-2015: Pay or we’ll knock your site offline -- DDoS-for-ransom attacks surge. [Ars Technica]
11-11-2015: ToR says Feds paid Carnegie Mellon $1M to help unmask users. [THG] [The Register] [Ars Technica] [BBC News] [Gizmodo]
12-11-2015: Why the attack on Tor matters. [Ars Technica]
13-11-2015: FBI: “The allegation that we paid CMU $1M to hack into Tor is inaccurate”. [Ars Technica]
16-11-2015: Did Carnegie Mellon attack Tor for the FBI? [Schneier]
17-11-2015: The million-dollar hole in the FBI 'paying CMU to crack Tor' story. [The Register]
10-01-2015: Two months after FBI debacle, Tor Project still can’t get an answer from CMU. [Ars Technica]
24-02-20-16: Judge confirms what many suspected: Feds hired CMU to break Tor. [Ars Technica] [BBC News] [Gizmodo] [Wired]
11-11-2015: How the FBI got basic security wrong. [HardOCP] [ZDNet]
10-11-2015: Outrageous OPSEC: What happens when skiddies play natsec. [The Register]
10-11-2015: Buggy ransomware locks up your data, then throws away the encryption key. [Graham Cluley]
09-11-2015: Cryptowall 4.0: Update makes world's worst ransomware worse still. [The Register]
08-11-2015: NSA discloses most security flaws, but that's not the whole story. [Engadget] [HardOCP] [NSA]
06-11-2015: CIA email hackers return with major law enforcement breach. [Wired]
06-11-2015: Hackers have infiltrated the US arrest records database. [Engadget] [HardOCP]
06-11-2015: Crypto e-mail service pays $6,000 ransom, gets taken out by DDoS anyway. [Ars Technica] [Graham Cluley] [The Register]
07-11-2015: ProtonMail says it won't ever again pay ransom to DDoS blackmailers. [Graham Cluley]
09-11-2015: ProtonMail DDoS wipeout: Day 6. Yes, we're still under attack. [The Register]
10-11-2015: ProtonMail 'mitigates' DDoS attacks, says security not breached. [The Register]
10-11-2015: More websites hit by Armada Collective DDoS blackmail attacks, but won't pay up. [Graham Cluley]
06-11-2015: Booming crypto ransomware industry employs new tricks to befuddle victims. [Ars Technica]
05-11-2015: Teen hackers strike again, leak info of government employees. [Gizmodo]
05-11-2015: WSJ: Iran hacked the Obama administration after arresting American citizen. [Gizmodo] [WSJ]
05-11-2015: User data plundering by Android and iOS apps is as rampant as you suspected. [Ars Technica] [BBC News]
04-11-2015: Stuxnet-style code signing of malware becomes darknet cottage industry. [The Register]
03-11-2015: Hackers use anti-adblocking service to deliver nasty malware attack. [Ars Technica]
03-11-2015: Hacking tool swipes encrypted credentials from KeePass. [Ars Technica] [The Register]
02-11-2015: The rise of political doxing. [Schneier]
02-11-2015: E-mail crypto is as usable as it ever was, say boffins. [The Register]
02-11-2015: Kim Dotcom is building his own private internet. [Stuff]
01-11-2015: Crypto is for everyone - and American history proves it. [Gizmodo]
30-10-2015: America’s crypto battles. [BBC News]
28-10-2015: It's official: Tor's .onion domains will be kept off the public internet. [The Register]
27-10-2015: Is the NSA trying to warn us that cryptography is dead? [ExtremeTech] [Schneier]
27-10-2015: Hacked shopping mall CCTV cameras are launching DDoS attacks. [Graham Cluley]
27-10-2015: NSA warns of growing danger of cyber-attack by nation states. [BBC News]
26-10-2015: This 11-year-old is selling cryptographically secure passwords for $2 each. [Ars Technica]
24-10-2015: What's the internet community doing about the NSA cracking VPN, HTTPS encryption? [The Register]
24-10-2015: The perfect password that's also easy to remember. [Stuff]
23-10-2015: Microsoft runs the largest botnets to protect Azure customers. [DC Knowledge]
23-10-2015: Chattering Wi-Fi devices are a short hop away from the crown jewels of your network. [Graham Cluley]
23-10-2015: NSA advisory sparks concern of secret advance ushering in cryptoapocalypse. [Ars Technica]
22-10-2015: UK/China cyber security deal: National security attacks still OK. [The Register]
30-03-2016: Former FBI spy hunter: Don’t trust China on ‘no hack’ pact. [The Register]
22-10-2015: The challenges of Internet retailing - DDoS attacks. [Hexus]
22-10-2015: New attacks on NTP can defeat HTTPS and create chaos. [Ars Technica] [The Register]
22-10-2015: 'Get a VPN to defeat metadata retention' is good advice. Sometimes. [The Register]
21-10-2015: German infosec bureaucrats want mail providers to encrypt. [The Register]
20-10-2015: One step closer to an encrypted web. Next stop: HTTPS for everyone. [Graham Cluley]
20-10-2015: Hacker releases new purported personal data for top CIA, DHS officials. [Ars Technica]
19-10-2015: The Australian cyber security report. [Russ White] [Palo Alto]
19-10-2015: GCHQ to pore over blueprints of Chinese built Brit nuke plants. [The Register]
16-10-2015: How to protect yourself from the NSA if you use 1024-bit DH encryption. [Gizmodo]
16-10-2015: How the NSA can break trillions of encrypted Web and VPN connections. [Ars Technica]
15-10-2015: Inside Mandiant's biggest forensics breach battle: Is this Anthem? [The Register]
15-10-2015: Ingenious attack shows how Siri could be hijacked silently from 16 feet away. [Graham Cluley]
14-10-2015: FBI takes down Dridex botnet, seizes servers, arrests suspect. [The Register]
14-10-2015: Encryption is the only guarantee of data destruction in the cloud. [Graham Cluley]
13-10-2015: SYNful Knock is no Stuxnet. [The Register]
12-10-2015: Soviet spying on IBM Selectric typewriters. [Schneier] [NSA PDF] [Ars Technica]
12-10-2015: Where do major tech companies stand on encryption? [Gizmodo]
10-10-2015: China arrests hacking suspects on behalf of the US. [Engadget] [Gizmodo]
13-10-2015: Arrest of Chinese hackers not a first for US. [Krebs]
14-10-2015: FireEye: US-China cyber espionage treaty 'will do nothing'. [The Register]
19-10-2015: China accused of hacking US firms even after cyber-peace treaty. [Engadget] [HardOCP] [Reuters]
08-10-2015: DDoS defences spiked by CloudPiercer tool - paper. [The Register]
07-10-2015: Cisco disrupts $30m Angler hacking operation. [BBC News] [DC Knowledge]
05-10-2015: How to tackle the network intruders. [BBC News]
02-10-2015: Home routers 'vaccinated' by benign virus. [BBC News] [HardOCP] [TechWeek]
01-10-2015: When security experts gather to talk consensus, chaos ensues. [Wired]
01-10-2015: Identifying CIA officers in the field. [Schneier] [Salon]
29-09-2015: Botnet preying on Linux computers delivers potent DDoS attacks. [Ars Technica] [Engadget] [Gizmodo] [HardOCP] [ZDNet]
29-09-2015: Here are the God-mode holes that gave TrueCrypt audit the slip. [The Register] [ExtremeTech] [Engadget]
28-09-2015: How to send and receive encrypted email for free. [ExtremeTech]
26-09-2015: US and China have an 'understanding' to fight cyber economic espionage. [Engadget]
27-09-2015: Analysis: China-US hacking accord is tall on rhetoric, short on substance. [Ars Technica]
30-03-2016: Former FBI spy hunter: Don’t trust China on ‘no hack’ pact. [The Register]
24-09-2015: How the mysterious Dark Net is going mainstream. [TED YouTube]
23-09-2015: Obama administration explored backdoors for bypassing smartphone crypto. [Ars Technica] [Engadget] [HardOCP] [Washington Post]
23-09-2015: How the mysterious Dark Net is going mainstream. [TED: YouTube]
23-09-2015: Bidding for breaches, redefining targeted attacks. [Krebs]
22-09-2015: US Navy develops new system to defend against internet attacks. [Graham Cluley]
21-09-2015: History of hacktivism. [Schneier] [Georgetown Journal]
21-09-2015: SYNful knock attack against Cisco routers. [Schneier] [FireEye: exec, part 1]
21-09-2015: FireEye: The face of hacking is changing – and it's getting uglier. [The Register]
20-09-2015: The rate of Chinese hacking attempts is slowing down. [Engadget]
19-09-2015: The tricky encryption that could stump quantum computers. [Wired]
18-09-2015: MI5's website uses obsolete encryption protocol. [Graham Cluley]
17-09-2015: A guide to ransomware, the scary hack that’s on the rise. [Wired]
17-09-2015: Seven years of malware linked to Russian state-backed cyber espionage. [Ars Technica] [Graham Cluley] [Gizmodo]
17-09-2015: Schneider patches yet another dumb vulnerability. [The Register]
16-09-2015: Obama edges toward full support for encryption – but does he understand what that means? [The Register]
15-09-2015: Cisco routers in at least 4 countries infected by highly stealthy backdoor. [Ars Technica]
15-09-2015: Microsoft throws crypto foes an untouchable elliptic curveball. [The Register]
14-09-2015: How to avoid surveillance... with your phone. [TED YouTube]
14-09-2015: Serious cyber attacks against NZ surge, GCSB figures show. [NZ Herald]
13-09-2015: Near-perfect computer security may be surprisingly close. [Wired]
11-09-2015: How to pick the perfect password. [BBC News]
11-09-2015: 2FA has finally become more convenient. [ReadWriteWeb]
10-09-2015: Library gets cop visit for running exit relay in US. [The Register]
10-09-2015: Monsters defeated in quest to free .onion from clutches of DNS-snooping demons. [The Register] [BBC News] [Gizmodo]
09-09-2015: How highly advanced hackers (ab)used satellites to stay under the radar. [Ars Technica] [The Register]
08-09-2015: Researchers respond to developer’s accusation that they used crypto wrong. [Ars Technica]
08-09-2015: Our insecure Internet of Things is becoming terrifying. [ExtremeTech]
07-09-2015: Why Security Experts Are Using An Ancient Email Format In 2015. [HardOCP] [Motherboard]
07-09-2015: Kill the password. [HardOCP] [TechCrunch]
04-09-2015: Bored Brazilian skiddie claims DDoS against Essex Police. [The Register]
03-09-2015: The declining half-life of secrets. [Schneier] [Peter Swire: PDF]
03-09-2015: Greater Manchester plod site targeted by nuisance DDoS attack. [The Register]
03-09-2015: Vulnerabilities found in Siemens SIMATIC HMI devices. [Graham Cluley]
01-09-2015: Cyberwar: a global guide to nation-state digital attacks. [Wired]
01-09-2015: NSA boss: encrypted software needs government backdoors. [Wired]
04-09-2015: FTC commissioners call for strong encryption, push back against FBI, NSA. [ExtremeTech] [The Register]
06-09-2015: US trade watchdog to FBI: you think the crims won't know about the back door too? [The Register]
30-08-2015: NSA wants encryption that fends off quantum computing hacks. [Engadget]
28-08-2015: LizardStresser: Six people arrested in connection with Lizard Squad’s DDoS attack tool. [Graham Cluley] [BBC News] [Krebs] [HardOCP] [ZDNet] [Engadget]
01-09-2015: UK’s National Crime Agency hit by DDoS attack, following LizardStresser arrests. [Graham Cluley] [The Register] [Ars Technica] [Engadget] [HardOCP]
06-10-2016: Feds charge two in Lizard Squad investigation. [Graham Cluley] [Kotaku] [HardOCP] [US DoJ]
27-08-2015: BitTorrent patched against flaw that allowed crippling DoS attacks. [Ars Technica]
27-08-2015: Cisco's RAT-catchers spot sysadmin-targeted phish. [The Register]
27-08-2015: Iranian phishing. [Schneier] [Citizen Lab]
26-08-2015: Concerns new Tor weakness is being exploited prompt dark market shutdown. [Ars Technica] [BBC News] [Tripwire]
26-08-2015: Tor is being cut up and making security pros cry. [The Register]
25-08-2015: System routes Internet traffic around countries you don't trust. [HardOCP] [IEEE Spectrum]
25-08-2015: Are data breaches getting larger? [Schneier]
24-08-2015: Samsung smart fridge leaves Gmail logins open to attack. [The Register] [Schneier] [Pen Test Partners]
21-08-2015: China using cyberspies in border disputes with India and neighbours. [The Register]
21-08-2015: NSA preps quantum-resistant algorithms to head off crypto-apocalypse [Ars Technica] [Schneier]
21-08-2015: SS7 phone-switch flaw enabled surveillance. [Schneier] [Engadget]
21-08-2015: How firms are fighting off spies and hackers. [BBC News]
20-08-2015: Researchers can steer your emails away from hostile nations. [Engadget]
19-08-2015: Schneier: 'We're in early years of a cyber arms race'. [The Register]
19-08-2015: Hackers exploiting wide-open Portmap to amp up DDoS attacks. [The Register] [DC Knowledge]
17-08-2015: Your torrent client could help hackers hijack your computer. [ExtremeTech]
17-08-2015: The noise around you could strengthen your passwords. [HardOCP] [Wired] [Gizmodo]
16-08-2015: How BitTorrent could let lone DDoS attackers bring down big sites. [Ars Technica]
13-08-2015: NSA funds $300k to build a safer Internet of Things. [The Register]
12-08-2015: Attackers are hijacking critical networking gear from Cisco. [Ars Technica] [Schneier]
12-08-2015: Another salvo in the second crypto war (of words). [Schneier]
12-08-2015: Five years after Stuxnet, your USB drive is still being patched. [Graham Cluley]
12-08-2015: Apple and Google are killing kids with encryption, complain lawyers. [The Register]
11-08-2015: Security tool tricks workers into revealing company secrets. [Wired]
11-08-2015: Random numbers aren't, says infosec expert. [The Register]
10-08-2015: I watched hackers pull off a real life Ocean's 11 heist . [Gizmodo] [DefCon]
07-08-2015: Imperva demos cloud man-in-the-middle attack. [The Register] [HardOCP] [BlackHat]
06-08-2015: Pentagon email hacked, Russia already blamed. [The Register] [HardOCP] [CNBC] [Gizmodo] [Wired] [Gizmodo]
06-08-2015: How the Arab Spring blew the lid off the commercial spyware. [The Register]
04-08-2015: TrueCrypt 'decrypted' by FBI to nail doc-stealing sysadmin. [The Register]
04-08-2015: Chinese VPN service as attack platform? [Krebs]
04-08-2015: Hackers target internet address bug to disrupt sites. [BBC News]
03-08-2015: Next-gen secure email using internet's own DNS – your help needed. [The Register]
31-07-2015: New attack on Tor can deanonymize hidden services with surprising accuracy. [Ars Technica]
31-07-2015: NSA report shows China hacked 600+ US targets over 5 years. [Ars Technica]
31-07-2015: Back doors won't solve Comey's going dark problem. [Schneier]
30-07-2015: Derelict TrueCrypt Russia portal 'is command hub for Ukraine spying op'. [The Register] [Graham Cluley]
30-07-2015: Reports shows Russians hackers used Twitter, photos to breach US computers. [Stuff]
29-07-2015: Bizarre high-tech kidnapping. [Schneier] [Wired]
28-07-2015: Firewalls can't protect today's connected cars. [HardOCP] [Network World]
28-07-2015: Hackers break into Brinks ultra secure safe. [HardOCP] [Network World] [The Register] [Schneier]
28-07-2015: How the way you type can shatter anonymity -- even on Tor. [Ars Technica] [Graham Cluley]
27-07-2015: Researchers hack air-gapped computer with simple cell phone. [Wired] [Engadget] [The Register]
27-07-2015: Even former heads of NSA, DHS think crypto backdoors are stupid. [Ars Technica] [Schneier]
26-07-2015: Websites, please stop blocking password managers -- it’s 2015. [Wired] [HardOCP]
25-07-2015: What amateurs can learn from security pros about staying safe online. [Ars Technica]
24-07-2015: US Treasury's intelligence network was susceptible to cyberattacks. [Engadget]
23-07-2015: Watch how malicious apps can secretly devour your data. [Gizmodo] [Bloomberg]
23-07-2015: Researchers claim they’ve developed a better, faster Tor. [Ars Technica] [Engadget] [BBC News] [The Register] [HardOCP]
22-07-2015: Nigerian prince swaps the sweet talk for keyloggers and exploits. [The Register]
22-07-2015: Google, Facebook, and co launch web blacklist to nail ad scammers. [The Register]
21-07-2015: Black Hat 2015: 32 SCADA, mobile zero-day vulns will drop. [The Register]
18-07-2015: Cyber-security's dirty little secret: It's not as bad as you think. [The Register]
16-07-2015: You need to speak up for Internet security -- right now. [Wired]
16-07-2015: Once-theoretical crypto attack against HTTPS now verges on practicality. [Ars Technica] [The Register]
15-07-2015: "Hornets nest of criminal hackers" destryed by Feds. [Gizmodo] [ExtremeTech]
15-07-2015: The Darkode cybercrime forum, up close. [Krebs]
14-07-2015: Telegram messaging app cops 200Gbps DDoS. [The Register]
11-07-2015: The crypto wars aren't over. [Wired]
10-07-2015: Brit teen who unleashed 'biggest ever DDoS' walks free from court. [The Register]
10-07-2015: Cybercrime kingpin pleads guilty. [Krebs]
09-07-2015: UK politicos easily pwned on insecure Wi-Fi networks. [The Register] [Graham Cluley]
09-07-2015: The risks of mandating backdoors in encryption products. [Schneier]
09-07-2015: Multi-billion dollar corporations hit by mystery hacking gang. [Graham Cluley]
08-07-2015: Encryption backdoors for cops put Internet security at risk. [HardOCP] [ZDNet]
06-07-2015: DDoSers call 1988 and want its routing protocol hacked. [The Register]
03-07-2015: UK’s Cameron wants to ban encryption. [ExtremeTech]
30-06-2015: VPNs may not protect your information as well as you think. [Engadget]
29-06-2015: Chinese hackers take up white hats, become internet gatekeepers. [Stuff]
27-06-2015: Tougher encryption guidelines close a back door for NSA spies. [Engadget]
26-06-2015: US spy chief James Clapper says China lead suspect in cyber hack. [BBC News]
26-06-2015: FBI says crypto ransomware has raked in >$18 million for cybercriminals. [Ars Technica]
25-06-2015: DDoS attacks evolve and skyrocket on the Internet. [Cisco]
24-06-2015: What is the DoD's position on backdoors in security systems? [Schneier]
22-06-2015: “Free” proxies aren’t necessarily free. [Krebs]
22-06-2015: US the world's botnet mothership says Level 3. [The Register]
18-06-2015: Reddit, Wikipedia, Bing and the FBI agree - an encrypted web is a safer web. [Graham Cluley] [Ars Technica]
16-06-2015: Emoji passcodes promise more security than numbers. [Engadget]
17-06-2015: Maybe emoji passwords aren't such a good idea. [Wired]
15-06-2015: Hack of cloud-based LastPass exposes hashed master passwords. [Ars Technica]
16-06-2015: Am I an idiot for still using a password manager? [Gizmodo]
16-06-2015: When breaches happen: LastPass hack showcases the value of strong encryption. [DailyTech]
16-06-2015: Don’t let the LastPass hack destroy your faith in password managers. [Graham Cluley]
15-06-2015: Encrypting Windows hard drives. [Schneier]
12-06-2015: Even with a VPN, open Wi-Fi exposes users. [Ars Technica]
12-06-2015: Europol operation crushes phiendish global phishing ring. [The Register]
11-06-2015: The latest hack lesson? Great defense is never enough. [Wired]
11-06-2015: Decrypted WhatsApp chats laid groundwork for Belgian terror raids. [The Register]
11-06-2015: Mystery continues to surround the nude celebrity iCloud hack. [Graham Cluley]
11-06-2015: FBI seized computers linked to celeb photo leak scandal. [Engadget]
11-06-2015: German parliament cyber-attack still 'live'. [BBC News]
10-06-2014: Russia's to blame for pro-ISIS megahack on French TV network. [The Register]
10-06-2015: Techies to Obama: keep your hands off encryption. [Stuff]
09-06-2015: If the FBI has a backdoor to Facebook or Apple encryption, we are less safe. [BoingBoing] [The Guardian]
09-06-2015: CIA cybersecurity guru Dan Geer doesn’t use a cell phone. [Wired]
09-06-2015: Obama issues HTTPS-only order to US Federal sysadmins. [The Register] [BoingBoing] [TechDirt] [Graham Cluley] [The Register]
09-06-2015: Undetectable NSA-linked hybrid malware hits Intel Security radar. [The Register]
09-06-2015: US Army website defaced by Syrian Electronic Army hackers. [Graham Cluley]
05-06-2015: FBI: Apple and Google are helping ISIS by offering strong crypto. [The Register]
04-06-2015: Russia behind German govt cyber attack -- report. [The Register]
04-06-2015: We stand on the brink of global cyber war, warns encryption guru. [The Register]
01-06-2015: Hola VPN used to perform DDoS attacks, violate user privacy. [Ars Technica] [BBC News] [Graham Cluley] [The Register] [NZ Herald]
10-06-2015: Do you use Hola VPN? You could be part of a DDoS, content theft – or worse. [The Register]
31-05-2015: The US will protect Japan against cyberattacks. [Engadget]
30-05-2015: Unmasking hidden Tor service users is too easy, say infosec bods. [The Register]
29-05-2015: Weaponizing code: America's quest to control the exploit market. [Engadget]
29-05-2015: US tried Stuxnet variant on N. Korean nuke program, failed. [Ars Technica] [BoingBoing] [Reuters] [The Register] [Wired] [Engadget] [Gizmodo] [Graham Cluley] [HardOCP] [Schneier]
28-05-2015: UN says encryption “necessary for the exercise of the right to freedom". [Ars Technica]
27-05-2015: Canary box aims to lure hackers into honeypots before they make headlines. [Ars Technica] [HardOCP]
27-05-2015: The UK government's data law - an attack on encryption? [BBC News]
26-05-2015: Moose: Linux-based worm turns routers into social network bots. [Ars Technica] [The Register] [BBC News]
26-05-2015: Hacker’s List leaks its secrets, revealing true identities of those wanting to hack. [Graham Cluley]
26-05-2015: Blackhat hack trick hits popular routers. [The Register]
25-05-2015: Stallman: Windows and OS X are malware. [The Register] [HardOCP] [The Guardian]
25-05-2015: Google finds that security questions aren't really secure. [Engadget] [BoingBoing] [Google]
23-05-2015: Why you should protect even your most unimportant data. [Lifehacker] [Entrepreneur]
22-05-2015: Google heads list of 16 companies trying to kill passwords. [Engadget] [HardOCP]
22-05-2015: New relay selection fix for Tor to spoil spooks' fun - eventually. [The Register]
21-05-2015: Flawed Android factory reset leaves crypto and login keys ripe for picking. [Ars Technica] [Graham Cluley] [Stuff] [PocketNow]
20-05-2015: 'Logjam' crypto bug could be how the NSA cracked VPNs. [The Register] [Engadget] [Wired] [Schneier] [BoingBoing] [Ars Technica]
20-05-2015: Logjam vulnerability – what you need to know. [Graham Cluley]
20-05-2015: 'Millions' of routers open to absurdly outdated NetUSB hijack. [The Register] [HardOCP] [SecurityWeek]
19-05-2015: Robots.txt tells hackers the places you don't want them to look. [The Register]
18-05-2015: Apple and Google push Obama to prevent encryption backdoors. [Engadget] [Gizmodo] [The Register] [ExtremeTech]
18-05-2015: RSA keys are compromised. [The Register]
18-05-2015: High-level, state-sponsored Naikon hackers exposed. [The Register]
15-05-2015: How the Washington Post was hijacked by the Syrian Electronic Army - again. [Graham Cluley]
13-05-2015: VENOM vulnerability poisons countless VMs. [The Register] [Ars Technica]
14-05-2015: Venom VM bug called “perfect” for NSA, or for stealing bitcoins and passwords. [Ars Technica]
12-05-2015: Self-sustaining botnet made out of hacked home routers. [BoingBoing] [Ars Technica] [The Register]
12-05-2015: Amateurs produce amateur cryptography. [Schneier]
12-05-2015: Is your graphics card hiding a rootkit or keylogger? [Graham Cluley] [The Register]
11-05-2015: Tor Cloud Service is ending. [HardOCP] [Tor Project]
10-05-2015: Russia, China are friends when it comes to Internet security. [Ars Technica]
10-05-2015: Drugs and dosh: The new untraceable money. [Stuff]
08-05-2015: $7500 DDoS extortion hitting Aussie, Kiwi enterprises. [The Register]
05-05-2015: Super secretive malware wipes hard drive to prevent analysis. [Ars Technica] [DailyTech]
01-05-2015: Encryption backdoors are like TSA luggage-locks for the Internet. [BoingBoing] [The Guardian]
01-05-2015: Mozilla: All new web features should require secure HTTP. [Engadget] [The Register] [THG]
01-05-2015: Harbortouch is latest PoS vendor breach. [Krebs]
30-04-2015: SHA-1 crypto hash retirement fraught with problems. [The Register]
30-04-2015: Another layer of defence against cyberattacks. [DC Knowledge]
28-04-2015: DDoSsers use reflection amplification to crank up the volume to 100Gbps+. [The Register]
28-04-2015: A day in the life of a stolen healthcare record. [Krebs]
27-04-2015: 'Use 1 capital' password prompts make them too predictable – study. [The Register]
27-04-2015: Thirty Meter Telescope website falls over in hacktivist DDoS attack. [Graham Cluley]
27-04-2015: Hackers hijack Tesla’s website, Twitter account and email – but how? [Graham Cluley]
26-04-2015: Your Tor-based email isn't as secure as you think. [Engadget] [Tor Project]
25-04-2015: Russian hackers scooped up the President's unclassified email. [Engadget] [Ars Technica] [Gizmodo] [BoingBoing]
24-04-2015: DoD’s new ‘transparent’ policy on cybersecurity is still opaque. [Wired] [Gizmodo]
24-04-2015: Here's why the Pentagon is publishing its cyber-warfare rulebook – if China hasn't already hacked in and read it. [The Register]
24-04-2015: Ransomware decryptor. [BoingBoing] [Kaspersky]
24-04-2015: The further democratization of QUANTUM. [Schneier]
24-04-2015: Federal Trade Commissioner Julie Brill on obscurity [Schneier] [CS Monitor]
24-04-2015: Security researcher: it's "trivial to bypass security tools on Macs". [Gizmodo] [Threat Post]
23-04-2015: Cash register maker used same password – 166816 – non-stop since 1990. [The Register] [BoingBoing] [CSO] [HardOCP]
21-04-2015: White House cyber-general says US must be able to cyber-nuke the cyber-worst. [The Register]
21-04-2015: RSA supremo rips into 'failed' security industry, warns of 'super-mega hack'. [The Register]
21-04-2015: The secrets of webcam hackers. [Graham Cluley]
19-04-2015: Every version of Windows is affected by this vulnerability. [HardOCP] [MakeUseOf]
19-04-2015: Inside Islamic State's spookocracy. [BoingBoing] [Der Spiegel]
18-04-2015: Russians are using undiscovered exploits to hack the US government. [Engadget]
16-04-2015: IBM’s 700TB security threat database enters the cloud. [The Register] [DC Knowledge]
16-04-2015: APT group hacks cyber-spy gang in spy-on-spy pwnage. [The Register]
15-04-2015: Hackers could commandeer new planes through passenger WiFi. [Wired] [HardOCP]
18-04-2015: FBI accosts security researcher over fear that he hacked his flight. [Gizmodo] [HardOCP] [Security Ledger]
20-04-2015: Researcher who joked about hacking a jet plane barred from United flight. [Ars Technica] [BBC News]
21-04-2015: Feds warn airlines to look out for passengers hacking jets. [Wired] [Engadget] [Gizmodo] [BBC News] [The Register]
26-04-2015: Security researcher discovers vulnerabilities: detained by FBI. [HardOCP] [TechDirt]
15-05-2015: FBI: Security researcher claimed to hack, control plane in flight. [Engadget] [Ars Technica] [Stuff] [The Register] [Graham Cluley] [HardOCP] [Wired]
18-05-2015: FBI flight hacker claims queried by security experts. [BBC News]
19-05-2015: Airplane hacking panic -- why it’s surely a storm in a teacup. [The Register]
19-05-2015: More on Chris Roberts and avionics security. [Schneier]
20-05-2015: How a hacker could hijack an airplane from their seat. [Gizmodo]
20-05-2015: FBI probe of plane hack sparks worries over flight safety. [NZ Herald]
26-05-2015: Is it possible for passengers to hack commercial aircraft? [Wired]
15-04-2015: Meet the e-voting machine so easy to hack, it will take your breath away. [Ars Technica] [The Register] [Schneier] [BradBlog]
15-04-2015: Malware attack discovered - what does Kaspersky do? Call in a comic strip artist. [Graham Cluley]
15-04-2015: Elite cyber crime group strikes back after attack by rival APT gang. [Ars Technica]
14-04-2015: The number of people who fall for phishing emails is staggering. [Gizmodo] [Wired]
13-04-2015: Researchers accuse China of over 10 years' cyber espionage and attack. [Gizmodo] [FireEye PDF]
13-04-2015: Anyone can buy the malware used to hack Sony. [Gizmodo] [HardOCP] [cNet]
11-04-2015: Police operation disrupts Beebone Botnet used for malware distribution. [HardOCP] [PCWorld]
10-04-2015: More defenses against psuedo random subdomain attacks. [Secure64]
10-04-2015: BitTorrent's P2P browser for decentralized websites now in beta. [THG]
10-04-2015: Don’t be fodder for China’s ‘Great Cannon'. [Krebs] [Schneier] [CitizenLab]
09-04-2015: Edward Snowden says your password should be MargaretThatcherIs110%SEXY. [Graham Cluley] [Gizmodo] [Lifehacker]
13-04-2015: Snowden's "sexy Margaret Thatcher" password isn't so secure. [Wired]
09-04-2015: Attacking researchers who expose voting vulnerabilities. [Schneier] [EFF]
09-04-2015: Denial of service attacks pour through rift in Network Time Protocol. [The Register]
09-04-2015: Motorola cable modem has hardcoded 'technician' backdoor. [The Register]
08-04-2015: Your home automation things are a security nightmare. [The Register]
07-04-2015: Russia might have hacked the White House. [Engadget] [Stuff]
07-04-2015: UK government website hijacked by Islamist hackers. [Graham Cluley]
04-04-2015: Bugs in Tor network used in attacks against underground markets. [Ars Technica]
03-04-2015: TrueCrypt security audit is good news, so why all the glum faces? [Ars Technica] [Lifehacker] [NCC Group PDF] [The Register] [Gizmodo] [Schneier] [ExtremeTech]
02-04-2015: Google exiles a Chinese certificate authority from the web. [ReadWriteWeb] [THG]
02-04-2015: Mozilla piles on China's SSL cert overlord: we don't trust you either. [The Register]
02-04-2015: Snowden didn't scare many out of US clouds says Forrester. [The Register]
02-04-2015: China DDoS attacks used unencrypted websites to hijack browsers. [Gizmodo]
02-04-2015: Google shares staggering adware infection stats. [Graham Cluley]
01-04-2015: President's order lets the US sanction foreign cyberattackers. [Engadget] [Gizmodo] [The Register]
01-04-2015: Mystery 'Explosive' cyber-spy campaign traced back to Lebanon. [The Register]
01-04-2015: Energy companies around the world infected by newly discovered malware. [Ars Technica]
31-03-2015: Feds subpoena reddit in effort to learn about users behind Dark Web chatter. [Ars Technica]
31-03-2015: GitHub battles “largest DDoS” in site’s history, targeted at anti-censorship tools. [Ars Technica] [THG]
31-03-2015: Massive denial-of-service attack on GitHub tied to Chinese government. [Ars Technica] [DC Knowledge]
03-04-2015: DDoS attacks that crippled GitHub linked to Great Firewall of China. [Ars Technica]
26-03-2015: As crypto wars begin, FBI silently removes sensible advice to encrypt your devices. [BoingBoing] [TechDirt]
26-03-2015: New router DNS attack delivers porn and game ads on mainstream websites. [ExtremeTech]
25-03-2015: DDoS attacks reduce in frequency but grow in volume. [HardOCP] [BetaNews]
27-03-2015: As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent. [Graham Cluley]
24-03-2015: Google discovers new security holes -- is the entire system fundamentally flawed? [ExtremeTech]
23-03-2015: The trick to hacking top-secret computers: just add heat. [Gizmodo] [The Register] [Schneier]
23-03-2015: Hilton Honors flaw exposed all accounts. [Krebs] [Ars Technica] [Graham Cluley]
22-03-2015: LightEater malware attacks millions of BIOS chips. [HardOCP] [BetaNews]
21-05-2015: China finally admits it has an army of hackers for cyberwar. [HardOCP] [Gizmodo]
21-03-2015: Automating remote BIOS attacks. [BoingBoing] [Forbes]
20-03-2015: Hacking BIOS chips isn't just the NSA's domain anymore. [Wired] [Schneier]
20-03-2015: Massive DDoS racks up $30,000-a-day Amazon bill for China activists. [The Register]
19-03-2015: Kaspersky Lab hits back at Bloomberg's Russian spy link hit piece. [The Register] [Graham Cluley]
24-03-2015: Kaspersky hit by new below-the-belt sauna spy attack in the WSJ. [Graham Cluley]
19-03-2015: OpenSSL warns of two high-severity bugs, but no Heartbleed. [Ars Technica] [Graham Cluley]
19-03-2015: GCHQ: Ensure biz security by stopping everyone from talking. [The Register]
18-03-2015: OpenSSL patch to plug severe security holes. [Krebs]
18-03-2015: Dark web’s ‘Evolution Market’ vanishes. [Krebs] [Wired] [Graham Cluley]
18-03-2015: 'Dark web' keeps criminals out of reach of metadata retention laws. [Stuff]
17-03-2015: The NSA is going to love these USB-C charging cables. [Gizmodo]
16-03-2015: China has hacked every major US corporation, former NSA head says. [DC Knowledge]
16-03-2015: ‘AntiDetect’ helps thieves hide digital fingerprints. [Krebs]
16-03-2015: Princeton boffins sniff Tor users' IDs from TCP ACKs and server sweat. [The Register]
14-03-2015: Fearing hackers, US State Dept. has shut off part of its email system. [Gizmodo]
14-03-2015: Computer terror simulation used to recruit 'cyber defenders'. [BBC News]
13-03-2015: CloudFlare keyless SSL scales down internet connections. [EtherealMind]
13-03-2015: Epic Google snafu leaks hidden whois data for 280,000 domains. [Ars Technica] [ExtremeTech] [Engadget]
12-03-2015: CryptoLocker look-alike searches for and encrypts PC game files. [Ars Technica]
11-03-2015: CloudFlare launches nameserver DDoS shield. [The Register]
10-03-2015: Spammers charged over 'largest' email breach. [BBC News]
10-03-2015: Banning Tor unwise and infeasible, MPs told [BBC News] [BoingBoing] [Parliament] [The Daily Dot] [Ars Technica]
10-03-2015: Cutting-edge hack gives super user status by exploiting DRAM weakness. [Ars Technica] [Wired] [Schneier]
10-03-2015: OpenSSL audit kicks off for post-Heartbleed strengthening programme. [The Register]
09-03-2015: Ethiopia is hacking US journalists with commercial spyware. [Engadget]
17-03-2015: Details on hacking team software used by Ethiopian government. [Schneier] [Citizen Lab]
09-03-2015: Tor doesn't want to depend on US government money anymore. [Gizmodo] [The Daily Dot]
09-03-2015: Identifying when someone is operating a computer remotely. [Schneier] [BioCatch]
08-03-2015: UK man arrested on suspicion of US DoD hacking. [Ars Technica] [Engadget]
07-03-2015: Give biometrics the finger: horror tales from the ENCRYPT. [The Register]
06-03-2015: France fingered as source of Syria-spying Babar malware. [The Register]
05-03-2015: DNS enhancement catches malware sites by understanding sneaky domain names. [Ars Technica]
04-03-2015: US air traffic control computer system vulnerable to terrorist hackers. [Ars Technica] [HardOCP] [Engadget]
04-03-2015: FREAK attack: what is it, and what you need to know. [Graham Cluley] [Gizmodo] [ExtremeTech] [Engadget] [Gizmodo] [Stuff] [Schneier]
06-03-2015: All Windows versions vulnerable to FREAK SSL snoop. [The Register] [Ars Technica] [BBC News] [Tripwire] [Stuff] [Gizmodo] [HardOCP] [ComputerWorld]
16-03-2015: HTTPS-crippling FREAK attacks become cheaper and easier to carry out. [Ars Technica]
17-03-2015: HTTPS-crippling FREAK exploit affects thousands of Android and iOS apps. [Ars Technica] [ExtremeTech]
04-03-2015: Tom Ridge can find terrorists anywhere. [Schneier]
02-03-2015: Would you trust 'spyproof' mobes made in Putin's Russia? [The Register]
02-03-2015: Silent Circle revamps secure smartphone. [The Register] [Gizmodo]
05-03-2015: How Blackphone turned a security fail into a win. [ReadWriteWeb]
02-03-2015: The democratization of cyberattack. [Schneier] [Motherboard]
01-03-2015: VPNs: which ones value your privacy? [BoingBoing] [TorrentFreak]
28-02-2015: The U.S. doesn't like it when China wants to build encryption backdoors. [Gizmodo] [HardOCP] [ZDNet] [Engadget] [Graham Cluley]
26-02-2015: It took police three years to fully shut down a money-stealing botnet. [Gizmodo]
26-02-2015: FinFisher, the spyware loved by cruel dictators, stomps all over human rights, says UK govt. [The Register]
26-02-2015: Everyone wants you to have security, but not from them. [Schneier]
26-02-2015: Spam uses default passwords to hack routers. [Krebs]
26-02-2015: PrivDog chews HTTPS, hurls clear text. [The Register]
25-02-2015: "Surreptitiously Weakening Cryptographic Systems". [Schneier] [IACR, PDF]
25-02-2015: Anthem hack puts at least 8.8 million non-customers at risk. [Graham Cluley]
25-02-2015: Police shut down network 'used to steal bank details'. [BBC News]
25-02-2015: FBI says sixty different hacker groups linked to nation-states. [Stuff]
25-02-2015: Feds offer $3m reward for 'CryptoLocker baron'. [The Register]
24-02-2015: Banking malware spreading via Microsoft Word macros. [Graham Cluley]
24-02-2015: Lizard Squad disrupts Google in Vietnam to promote DDoS-for-hire service. [Graham Cluley]
23-02-2015: Ad-blocking software is 'worse than Superfish'. [BBC News] [Lumension]
23-02-2015: Security software found using Superfish-style code, as attacks get simpler. [Ars Technica]
21-02-2015: Accused British hacker, wanted for crimes in US, won’t give up crypto keys. [Ars Technica]
20-02-2015: Hello, NSA? The US State Department can't kick hackers out of its networks – report. [The Register]
20-02-2015: Cybersecurity: Tackling the threat from within. [BBC News]
20-02-2015: Horrors of murky TrueCrypt to be probed once more. [The Register] [IsTrueCryptAuditedYet]
19-02-2015: Lenovo pre-installed malware on laptops. [BoingBoing] [BBC News] [Graham Cluley] [ExtremeTech] [Schneier] [Gizmodo]
19-02-2015: Lenovo ditches adware - but that doesn't fix SSL mega-vulnerability. [The Register] [Engadget] [Ars Technica]
19-02-2015: How to test your PC for the new "Superfish" security vulnerability. [Lifehacker]
19-02-2015: Lenovo honestly thought you’d enjoy that Superfish HTTPS spyware. [Ars Technica]
19-02-2015: How to get unhooked from Lenovo's dangerous Superfish spyware. [ReadWriteWeb] [ExtremeTech] [Gizmodo]
19-02-2015: Lenovo CTO says “We didn’t do enough,” promises to wipe Superfish off PCs. [Ars Technica]
20-02-2015: US cyber-cops declare WAR on Superfish ad-spewing malware lurking in Lenovo laptops. [The Register]
20-02-2015: How could Lenovo miss its Superfish security hole? [Engadget]
21-02-2015: Superfish doubles down, says HTTPS-busting adware poses no security risk. [Ars Technica]
21-02-2015: “SSL hijacker” behind Superfish debacle imperils large number of users. [Ars Technica]
21-02-2015: Windows Defender now removes Superfish malware… if you’re lucky. [Ars Technica]
21-02-2015: Lenovo offers tool to remove hidden adware 'Superfish'. [BBC News] [Gizmodo] [HardOCP] [The Verge] [The Register]
22-02-2015: Microsoft, McAfee vs. SuperFish. [HardOCP] [Mashable]
23-02-2015: Mozilla mulls Superfish torpedo. [The Register]
23-02-2015: Superfish points fingers over ad software. [Stuff]
23-02-2015: Facebook security chap finds 10 Superfish sub-species. [The Register]
23-02-2015: Lenovo CTO: we have no intention of shipping a Superfish product again. [Gizmodo]
24-02-2015: Still smarting from HTTPS-busting Superfish debacle, Lenovo says sorry. [Ars Technica]
24-02-2015: Lenovo users lawyer up over hole-filled, HTTPS-breaking Superfish adware. [Ars Technica] [The Register]
24-02-2015: Give us a week to clean the Superfish, begs Lenovo CTO. [The Register]
25-02-2015: Lenovo falls on its sword as Superfish impact spreads. [ExtremeTech]
25-02-2015: Lenovo's website hacked, apparently by Lizard Squad. [Engadget] [The Register] [The Register] [Graham Cluley] [Ars Technica] [Gizmodo]
26-02-2015: Lenovo's Superfishing trip. [NZ Herald]
27-02-2015: Bruised Lenovo promises 'a cleaner, safer PC'. [Graham Cluley] [ExtremeTech] [THG]
07-03-2015: Two weeks on, Superfish debacle still causing pain for some Lenovo customers. [Ars Technica]
09-03-2015: Lenovo still shipping infected systems as customers grapple with removal. [ExtremeTech]
06-05-2015: There's another 'massive security risk' in Lenovo's computers. [Gizmodo]
12-08-2015: Lenovo crams unremovable crapware on Windows laptops – by hiding it in the BIOS. [The Register] [Lifehacker]
06-09-2017: Lenovo fined over Superfish adware-ridden laptops. [BBC News] [Graham Cluley] [ExtremeTech]
18-02-2015: America already has a Manhattan Project for developing cyber attacks. [Wired]
16-02-2015: How “omnipotent” hackers tied to NSA hid for 14 years -- and were found at last. [Ars Technica]
14-02-2015: Hackers stole hundreds of millions in massive malware bank heist. [Gizmodo] [NYT] [Engadget] [Ars Technica] [Graham Cluley] [The Register] [Krebs]
13-02-2015: Obama’s new order urges companies to share cyber-threat info with the government. [Wired] [Engadget] [The Register]
13-02-2015: Biter bitten as hacker leaks source code for popular exploit kit. [The Register]
12-02-2015: Electronic surveillance failures leading up to the 2008 Mumbai terrorist attacks. [Schneier]
12-02-2015: 1 billion data records stolen last year due to poor security. [HardOCP] [ZDNet]
12-02-2015: Cyber attack takes down Dutch government sites. [BBC News] [The Register]
11-02-2015: A crypto trick that makes software nearly impossible to reverse-engineer. [Wired]
11-02-2015: The consumer data revolt is coming. [HardOCP] [Bloomberg]
11-02-2015: Facebook helps online services warn each other about security threats. [Engadget] [The Register] [HardOCP] [ThreatExchange]
11-02-2015: Jeb Bush redacts correspondents' leaked information. [BBC News] [DailyTech]
13-02-2015: Jeb Bush is sorry he published social security numbers. [Gizmodo]
11-02-2015: Air gaps: Happy gas for infosec or a noble but inert idea? [The Register]
11-02-2015: Steal the hackers' thunder by revealing yourself online. [Stuff]
10-02-2015: Hackers unknowingly gather intel for the NSA. [HardOCP] [Computer World]
10-02-2015: NSA claims Iran learned from Western cyberattacks. [The Intercept] [Wired] [Engadget]
10-02-2015: Did the NSA and the UK’s spy agency launch a joint cyberattack on Iran? [Wired]
10-02-2015: Uber left its lost-and-found database open to anyone on the internet. [Graham Cluley] [The Register]
10-02-2015: US launching a new cyberwarfare agency in wake of Sony attacks. [Engadget] [DC Knowledge] [HardOCP] [Stuff]
10-02-2015: Take a security checkup on Safer Internet Day. [Google]
10-02-2015: It’s Safer Internet Day. So where is our Internet of Secure Things? [Graham Cluley]
10-02-0215: Fearing an FBI raid, researcher publishes 10 million passwords/usernames. [Ars Technica] [The Register] [HardOCP] [BGR] [Schneier] [Gizmodo] [The Guardian] [Xato]
09-02-2015: DARPA's Memex for searching the deep Web. [BoingBoing] [Scientific American] [DARPA] [Wired]
06-02-2015: The world’s email encryption relies on a guy who is going broke. [Gizmodo]
06-02-2015: Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach. [Ars Technica]
06-02-2015: China to blame in Anthem attack? [Krebs]
07-02-2015: Phishers pounce on Anthem breach. [Krebs] [Graham Cluley] [Gizmodo] [Ars Technica]
08-02-2015: Anthem's stolen customer data not encrypted. [HardOCP] [cNet]
09-02-2015: Anthem breach may have started in April 2014. [Krebs]
05-02-2015: Siemens: SCADA bugs abound. [The Register]
05-02-2015: Your crypto apps are useless unless you check them for backdoors. [Ars Technica]
04-02-2015: Here's why your bank account is less secure than your Gmail. [Gizmodo]
04-02-2015: The utterly crazy story of the death threat hacker. [Graham Cluley] [The Register]
03-02-2015: The Hells Angels are old pros at encryption . [Gizmodo]
03-02-2015: Cybersecurity: Defending 'unpreventable' cyber attacks. [BBC News]
02-02-2015: Femmes fatales steal Syrian opposition’s Skype chats and military plans. [Graham Cluley] [BBC News] [The Register] [Ars Technica] [Gizmodo]
01-02-2015: The British Army is creating a battalion of "Facebook Warriors". [Gizmodo] [HardOCP] [Neowin]
31-01-2015: The army just open-sourced its security software. [Gizmodo] [Engadget]
30-01-2015: WhatsApp privacy hole exposes users’ private profile photos. [Graham Cluley] [The Register]
29-01-2015: China, FBI and UK all want backdoors in Western technology. [The Register] [Graham Cluley]
29-01-2015: China’s new rules for selling tech to banks have US companies spooked. [Wired]
29-01-2015: The Internet of Dangerous Things. [Krebs]
29-01-2015: Mozilla dusts off old servers, lights up Tor relays. [The Register]
29-01-2015: IT vendors cry foul at new Chinese security rules requiring built-in backdoors. [Ars Technica]
28-01-2015: Use a Raspberry Pi as a Tor/VPN router for anonymous browsing. [Lifehacker] [Make]
28-01-2015: No, Department of Justice, 80% of Tor traffic is not child porn. [Wired] [HardOCP]
28-01-2015: Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users. [Ars Technica] [HardOCP] [Security Week]
27-01-2015: FTC warns of the huge security risks in the Internet of Things. [Wired] [FTC] [The Register]
27-01-2015: Hacktivists step up web attack volumes. [BBC News] [Stuff]
27-01-2015: Facebook and Instagram get knocked offline... for about an hour. [BBC News] [Engadget] [The Register]
27-01-2015: Facebook back up after site crash. [Stuff]
27-01-2015: Lizard Squad claims to take down Facebook, Instagram, Tinder (briefly). [Gizmodo]
27-01-2015: Lizard Squad blamed for Facebook downtime. Facebook says “Err... no”. [Graham Cluley]
27-01-2015: Facebook outage affects sites that used social network’s login system. [DC Knowledge]
28-01-2015: Facebook blames internal glitch for blackout. [NZ Herald] [Stuff] [The Register] [HardOCP] [Chicago Tribune]
27-01-2015: 'Path to Hell': Davos elites warned about catastrophic cyber attacks. [Stuff]
26-01-2015: Lizard Squad threatens Malaysia Airlines with data dump: We did too hack your site. [The Register]
23-01-2015: Internet attack could shut down US gas stations. [Ars Technica] [HardOCP]
22-01-2015: A brief attempt at explaining the madness of cryptocurrency. [Engadget]
22-01-2015: Did feds mount a sustained attack on Tor to decloak crime suspects? [Ars Technica]
21-01-2015: What Obama gets wrong about digital security. [Gizmodo]
21-01-2015: Playing NSA, hardware hackers build USB cable that can attack. [Ars Technica]
21-01-2015: The 25 most popular passwords of 2014. [Lifehacker] [Engadget] [HardOCP] [PRWeb] [BBC News] [Stuff]
20-01-2015: Life inside a DDOS "booter site". [BoingBoing] [Ars Technica]
20-01-2015: NSA: We're in your botnet. [The Register]
19-01-2015: The daunting challenge of reporting on cyberwar. [BBC News]
18-01-2015: New "Skeleton Key" malware allows bypassing of passwords. [HardOCP] [Neowin]
17-01-2015: NSA brags about turning the tables on cyberwarfare hackers. [Engadget]
17-01-2015: Need a hacker? Check out Hacker's List. [HardOCP] [PCMag]
17-01-2015: New Snowden documents show scope of United States' cyber war plans: infiltrate and control or destroy enemy systems and networks. [Der Spiegel]
16-01-2015: 'Cyber attack war games' to be staged by UK and US. [BBC News]
16-01-2015: Here are some dummies giving Jimmy Kimmel their passwords on national TV. [Gizmodo]
16-01-2015: Freelance hackers will bust into your boyfriend's email... for a fee. [ReadWriteWeb]
16-01-2015: The problem with the White House cybersecurity proposals. [BoingBoing] [UoC]
15-01-2015: Thousands of French websites face DDoS attacks since Charlie Hebdo massacre. [DC Knowledge] [BBC News]
15-01-2015: Got a GE industrial Ethernet switch? Get patching. [The Register]
15-01-2015: Cryptolocker 3.0 scum bounce victims over Invisible net. [The Register] [PCWorld]
14-01-2015: NSA official: Support of backdoored Dual_EC_DRBG was “regrettable”. [Ars Technica] [The Register]
13-01-2015: Obama renews push for comprehensive cybersecurity legislation. [Engadget] [HardOCP] [Yahoo News] [Gizmodo] [BBC News] [Wired] [BoingBoing]
14-01-2015: Obama's proposed laws against hacking will negatively impact cybersecurity professionals, create a cyber police state. [Errata Security]
15-01-2015: Mr President, is this a war on hackers – or a war on people stopping hackers? [The Register]
13-01-2015: Thunderstrike! How a radar-proof rootkit could infect your Mac. [Graham Cluley]
13-01-2015: Attackers planting banking Trojans in industrial systems. [The Register]
12-01-2015: Keysweeper: creepy keystroke logger camouflaged as USB charger. [BoingBoing] [Keysweeper] [Ars Technica] [Coolest Gadgets]
12-01-2015: Hackers claiming ties to ISIS take control of Pentagon social accounts. [Engadget] [BBC News] [Stuff] [Gizmodo] [The Register] [Wired] [HardOCP] [Fox News] [BoingBoing] [Ars Technica]
13-01-2015: US military’s CENTCOM Twitter account hacked – were they not using 2FA? [Graham Cluley]
13-01-2015: It doesn’t really matter if ISIS sympathizers hacked Central Command’s Twitter. [Wired]
13-01-2015: What are the odds CENTCOM really was hacked by ISIS? Next to zero. [BoingBoing] [The Daily Beast]
13-01-2015: Centcom - a PR disaster, not cyberwar. [BBC News]
09-01-2015: Security hole found in North Korea’s home-grown OS. [Ars Technica] [The Register]
12-01-2015: Hands-on with North Korea's web browser. [WhiteHatSec]
12-01-2015: North Korea’s official news site delivers malware. [Ars Technica]
09-01-2015: Lizard stresser runs on hacked home routers. [Krebs] [Ars Technica]
09-01-2015: MI5 boss: We need to break securo-tech, get 'assistance' from data-slurp firms. [The Register]
09-01-2015: Post-POODLE, OpenSSL shakes off some fleas. [The Register]
08-01-2015: 8chan, related sites go down in Lizard Squad-powered DDoS. [Ars Technica]
08-01-2015: Browsing in privacy mode isn't as secure as you think. [ReadWriteWeb]
08-01-2015: Pro-Russian cyberattacks bring down German government websites. [Engadget]
07-01-2015: Immobilise national property register left 28 million doors wide open for burglars to plunder data. [Graham Cluley] [The Register]
07-01-2015: Spies do 'happy dance' after encryption cracked. [Stuff]
06-01-2015: The biggest security threats we’ll face in 2015. [HardOCP] [Wired]
06-01-2015: Lavabit founder wants to make “dark” e-mail secure by default. [Ars Technica] [BoingBoing]
05-01-2015: Why today's security measures just don't cut it. [Wired] [HardOCP] [cNet]
05-01-2015: Gogo Inflight Internet is intentionally issuing fake SSL certificates. [Neowin]
03-01-2015: 2014 was the biggest year for malware yet. [HardOCP] [Digital Trends]
09-01-2015: 2014: the year of infrastructure vulnerability. [DC Knowledge]
03-01-2015: Cyber criminals demand a modern approach to security. [Stuff]
01-01-2015: North Korea/Sony story shows how eagerly US media still regurgitate government claims. [The Intercept]
01-01-2015: The most dangerous people on the internet right now. [Wired]
2014 – News
31-12-2014: The hackers who hit Sony also threatened CNN. [HardOCP] [Engadget] [The Intercept] [Ars Technica] [Engadget] [Gizmodo]
31-12-2014: FBI investigating whether companies are engaged in revenge hacking. [Bloomberg] [Engadget]
30-12-2014: The year’s biggest winners and losers in privacy and security. [Wired]
30-12-2014: Security research at The Hague: the mobile malware threat. [HotHardWare]
29-12-2014: Inside the NSA's war on internet security. [HardOCP] [Der Spiegel]
29-12-2014: Tor de farce: NSA fails to decrypt anonymised network. [The Register]
30-12-2014: The encryption tools the NSA still can't crack revealed in new leaks. [Gizmodo] [THG]
30-12-2014: New NSA leaks: does crypto still work? [BoingBoing] [Cryptographic Engineering]
31-12-2014: NSA has VPNs in Vulcan death grip -- no, really, that’s what they call it. [Ars Technica]
31-12-2014: Newly published NSA documents show agency could grab all Skype traffic. [Ars Technica] [BoingBoing]
29-12-2014: “How a North Korean cyber attack could cripple Britain”. The Daily Mail goes bonkers. [Graham Cluley]
29-12-2014: Hackers find that fingerprints can be stolen through public photos. [PetaPixel] [BoingBoing] [VentureBeat] [THG] [ExtremeTech] [The Register] [ReadWriteWeb] [Ars Technica] [BBC News]
28-12-2014: Hacker group names, ranked. [Gizmodo]
28-12-2014: Cyberattacks used security software to cover their trail. [Engadget]
26-12-2014: Hackers who shut down PSN and Xbox Live now attacking Tor. [Gizmodo] [The Verge] [The Register] [Engadget] [HardOCP]
27-12-2014: ‘Lizard Squad’ member reveals his face in a TV interview. [HardOCP] [Business Insider] [Gawker]
29-12-2014: Who's in the Lizard Squad? [Krebs]
30-12-2014: Lizard Squad offering its DDoS tool for monthly fee. [THG] [Gizmodo] [The Daily Dot] [ExtremeTech] [The Register] [HardOCP] [Digital Trends]
31-12-2014: Lizard Squad's takedown-for-hire service quickly disappears. [Engadget]
31-12-2014: Security expert IDs two idiots claiming to be Lizard Squad hackers. [Gizmodo] [Krebs]
31-12-2014: 'Lizard Squad' hackers seek attention. [Stuff] [Graham Cluley]
31-12-2014: UK police allegedly arrest Lizard Squad hacker. [The Daily Dot] [Engadget] [HardOCP] [Graham Cluley] [The Register]
31-12-2014: Lizard kids: a long trail of fail. [Krebs]
13-01-2015: Router creds admin/admin? Lizard Squad thanks you. [The Register]
16-01-2015: UK man arrested in connection with Sony and Xbox hack. [BBC News] [The Register] [HardOCP] [Engadget] [ROCU] [Ars Technica] [Gizmodo] [TrustedReviews] [Krebs]
17-01-2015: Man held in connection with Sony and Xbox hack bailed. [BBC News]
17-01-2015: Hack on PS and Xbox attackers leaks DDoS customers’ plaintext passwords. [Ars Technica]
17-01-2015: Lizard Squad's paid cyberattack service faces a hack of its own. [Engadget]
19-01-2015: Lizard Squad DDoS-for-hire service hacked – users’ details revealed. [Graham Cluley] [The Register] [Gizmodo] [The Guardian] [Ars Technica]
20-01-2015: Possible Lizard Squad members claims hack of Oz travel insurer. [The Register]
20-01-2015: Xbox, Sony hackers hit by hack attack. [BBC News]
26-12-2014: White hats figure out live phone tracking via protocol vuln. [The Register]
25-12-2014: Xbox Live and PlayStation Network both down due to an apparent attack. [Engadget] [Gizmodo] [BBC News] [NZ Herald] [Ars Technica] [BBC News] [HardOCP] [The Guardian] [TrustedReviews] [Stuff] [ReadWriteWeb] [Krebs]
26-12-2014: Kim Dotcom stops Xbox and PlayStation attacks. [HardOCP] [TorrentFreak] [DC Knowledge]
26-12-2014: Xbox Live and PSN are still messed up after attack by hackers . [Gizmodo] [NZ Herald]
26-12-2014: Xbox Live is up, PlayStation’s network still recovering after a Christmas Day outage. [Washington Post]
27-12-2014: PSN back online days after DDoS attack paralysed network. [The Register] [HardOCP] [TechRadar]
28-12-2014: PSN is still down for some as Sony gets service back online. [VentureBeat] [Kotaku] [Stuff]
28-12-2014: Sony fingers DDoS attackers for ruining PlayStation's Xmas. [The Register]
28-12-2014: These are the hackers who wrecked your holiday gaming. [Engadget] [The Daily Dot]
29-12-2014: PlayStation network back online after three days. [NZ Herald]
29-12-2014: Sony talks PSN outage, doesn't name attackers. [HardOCP] [BetaNews]
30-12-2014: FBI claimed to be investigating Xbox Live, PlayStation Network DDoS perpetrators. [Ars Technica] [HardOCP] [The Daily Dot]
05-01-2015: 'We do apologize': life at Sony customer service during the PSN attack [Kotaku]
24-12-2014: FBI warned of a Sony-style hack in a report last year. [Engadget]
23-12-2014: The webcam hacking epidemic. [The Atlantic]
23-12-2014: 2008 cyberattack against Turkish oil pipeline. [Schneier] [Bloomberg]
23-12-2014: German steel works suffered “massive damage” after hack attack. [Graham Cluley]
22-12-2014: Gang hacked ATMs from inside banks. [Krebs]
22-12-2014: South Korea nuclear plant operator says hacked, raising alarm. [Reuters] [Gizmodo] [Stuff] [Ars Technica] [Gizmodo]
24-12-2014: South Korea calls on China for help following hack attempt on nuclear power company. [Ars Technica]
30-12-2014: South Korea says nuclear worm is nothing to worry about. [The Register]
22-12-2014: North Korea's internet under mass cyber attack. [HardOCP] [Vox] [Gizmodo] [Engadget] [BoingBoing] [NYT] [The Register] [Stuff] [Graham Cluley] [THG] [Ars Technica] [BBC News] [Schneier]
23-12-2014: North Korea kicked off the internet by giant DDoS: Was it the USA, or someone else? [ExtremeTech]
23-12-2014: North Korea is partially back online. [Gizmodo] [National Post] [BBC News] [BoingBoing] [Gizmodo]
23-12-2014: So who shut down North Korea's internet? [Gizmodo]
24-12-2014: So what's the Internet actually like in North Korea? [Stuff]
26-12-2014: North Korea blames the US for internet outages following Sony hacks. [Engadget] [The Register] [HardOCP] [Yahoo News] [Ars Technica] [Reuters]
28-12-2014: North Korea's internet and Mobile phone network 'paralyzed'. [Gizmodo] [reCode]
22-12-2014: It starts with an email: how a hacking gang has stolen $17 million from banks and retailers since 2013. [Tripwire]
20-12-2014: Cyber espionage targets Syrian activists, linked to ISIS. [Ars Technica]
20-12-2014: If Tor vanishes over the weekend, this is why. [The Register] [HardOCP]
22-12-2014: Popular Tor exit relays look raided. [The Register] [Ars Technica]
20-12-2014: A look at North Korea's cyberwar capabilities. [NZ Herald]
19-12-2014: German researchers discover a flaw that could let anyone listen to your cell calls. [HardOCP] [Washington Post]
18-12-2014: The Syrian Electronic Army Strikes Again: International Business Times hacked. [Graham Cluley]
18-12-2014: Watching a USB hack in action makes me never want to leave my computer. [Gizmodo] [BoingBoing]
18-12-2014: Hackers can read your texts thanks to huge security flaw. [Gizmodo]
18-12-2014: The continued threat of DDoS attacks, four ways to address the concern. [DC Knowledge]
18-12-2014: Hacking tutorials, identity documents gain popularity on black market. [Ars Technica]
17-12-2014: ICANN e-mail accounts, zone database breached in spearphishing attack. [Ars Technica] [HardOCP] [ZDNet] [The Register] [BBC News] [Gizmodo] [Engadget]
17-12-2014: Google's end-to-end email encryption moves to Github. [BoingBoing] [Google]
16-12-2014: The FBI used the web’s favorite hacking tool to unmask Tor users. [Wired] [Ars Technica] [Gizmodo] [Schneier]
17-12-2014: Tor is still safe. [Gizmodo]
15-12-2014: Uncrackable quantum authentication uses photons to secure your data. [ExtremeTech]
15-12-2014: Senator: Backdoor for the Feds is a backdoor for hackers. [The Register]
15-12-2014: Next gen ransomware: Elliptic cryptic, talks on Tor, demands Bitcoin. [The Register]
12-12-2014: Iranian hackers used Visual Basic malware to wipe Vegas casino’s network. [Ars Technica] [Bloomberg]
13-12-2014: Report: the FBI is warning US businesses about Iranian hackers. [Gizmodo] [Reuters] [Engadget] [HardOCP] [DC Knowledge] [Graham Cluley]
14-12-2014: Iranian Cleaver hackers may drain energy and defence firms, warn Feds. [The Register]
11-12-2014: Nation-backed malware targets diplomats’ iPhones, Androids, and PCs. [Ars Technica]
11-12-2014: GCHQ, police to team up to hunt down child abuse on the darknet. [The Register]
08-12-2014: Powerful, highly stealthy Linux trojan may have infected victims for years. [Ars Technica]
08-12-2014: Hacker group Lizard Squad takes down PlayStation Network and Xbox Live. [DC Knowledge] [HardOCP] [cNet] [ExtremeTech] [reCode]
09-12-2014: PlayStation store back after cyber attack. [Stuff]
08-12-2014: The government likes to blame stuff on Tor. [Gizmodo]
08-12-2014: Tor privacy service used in a majority of online bank heists. [Ars Technica]
08-12-2014: North Korea's elite, pampered hackers. [Stuff]
08-12-2014: Taiwan: a canary in the cyber coalmine. [Stuff]
05-12-2014: 'Sign in with LinkedIn' spoof allows baddies to penetrate Slashdot, NASDAQ.com and more. [The Register]
05-12-2014: Stupid humans and their expensive data breaches. [The Register]
04-12-2014: The Feds are finally going to help companies avoid getting hacked. [Gizmodo]
03-12-2014: Iranian "Cleaver" hacks through airport security, Cisco boxen. [The Register] [Engadget]
03-12-2014: GCHQ boffins quantum-busted its own crypto primitive. [The Register] [Schneier]
01-12-2014: Hackers are gaming the stock market with a stupid simple approach. [Gizmodo] [NYT] [BBC News] [DC Knowledge]
28-11-2014: World's best threat detection pwned by BAB0. [The Register]
27-11-2014: Siemens issues emergency SCADA patch. [The Register]
27-11-2014: Syrian hacking group places pop-up message on websites. [BBC News] [Stuff] [The Register] [GigaOM] [Gizmodo]
24-11-2014: Security bill: The challenge of identifying internet users. [BBC News]
24-11-2014: Crypto protocols held back by legacy, says ENISA. [The Register]
23-11-2014: 15 arrested in new European crackdown of peeping tom malware users. [Ars Technica] [The Guardian] [Stuff] [NZ Herald]
21-11-2014: Detekt: a new malware detection tool. [HardOCP] [EFF] [Gizmodo]
21-11-2014: DDoS attacks of more than 10Gbps rise significantly in Q3. [DC Knowledge]
20-11-2014: Cloudflare: 500 Gbps DDoS carried out against independent Hong Kong news sites. [Forbes]
20-11-2014: FTC announces crackdown on computer speedup/tech support scams. [DailyTech] [HardOCP] [FTC]
20-11-2014: Malware’s new target: your password manager’s password. [Ars Technica] [Schneier]
19-11-2014: US government insists it doesn’t stockpile zero-day exploits. [HardOCP] [Wired]
19-11-2014: Fake antivirus scams: It's a $120m business – and alleged ringleaders have just been frozen. [The Register]
19-11-2014: Beefed up iPhone crypto will lead to a child dying, DOJ warned Apple execs. [Ars Technica] [Pocketnow] [WSJ] [DailyTech]
19-11-2014: Asian mobiles the DDOS threat of 2015, security mob says. [The Register]
19-11-2014: The real lesson from recent cyberattacks: let's break up the NSA. [ReadWriteWeb]
18-11-2014: Snarky 1992 NSA report on academic cryptography. [Schneier] [Scott Aaronson]
18-11-2014: New free CA. [Schneier]
18-11-2014: Many Tor-anonymized domains seized by police belonged to imposter sites. [Ars Technica] [New Web Order] [Gizmodo]
17-11-2014: Hackers are building and open-sourcing spy tools based on leaked NSA documents. [Motherboard]
17-11-2014: The NSA's efforts to ban cryptographic research in the 1970s. [Schneier] [Medium]
17-11-2014: Link found in Staples, Michaels breaches. [Krebs]
17-11-2014: Attack reveals 81% of Tor users but admins call for calm. [The Register] [Engadget]
17-11-2014: US State Dept hacked, email shut down. [Stuff] [Washington Post] [Engadget] [HardOCP] [Gizmodo] [BoingBoing] [Yahoo]
16-11-2014: Everything needs crypto, says IAB. [The Register]
14-11-2014: For a year, gang operating rogue Tor node infected Windows executables. [Ars Technica]
14-11-2014: ‘Microsoft partner’ claims fuel support scams. [Krebs]
14-11-2014: The return of crypto export controls? [Schneier] [The Register]
13-11-2014: Network hijackers exploit technical loophole. [Krebs]
12-11-2014: Hackers use DNS TXT records to amplify DDoS attacks:. [DC Knowledge] [Akamai PDF]
12-11-2014: FBI’s most wanted cybercriminal used his cat’s name as a password. [Ars Technica] [Gizmodo] [Stuff]
12-11-2014: Target, Home Depot and UPS attacks: need to rethink point-of-sale security. [The Register]
12-11-2014: Why are ISPs removing their customers' email encryption? [Gizmodo] [BoingBoing] [EFF] [The Register] [Schneier]
13-11-2014: Condemnation mounts against ISP that sabotaged users’ e-mail encryption. [Ars Technica]
11-11-2014: Don’t blame Obama, but DDoS attacks are now using his press releases. [Ars Technica]
11-11-2014: German spies want millions of Euros to buy zero-day code holes. [The Register]
11-11-2014: “DarkHotel” uses bogus crypto certificates to snare Wi-Fi-connected execs. [Ars Technica] [Wired] [NZ Herald] [HardOCP] [Kaspersky] [The Register] [Stuff] [BBC News] [Gizmodo] [Schneier]
10-11-2014: Google reveals alarming success rates for manual hijacking of accounts. [DC Knowledge] [Whir]
10-11-2014: China suspected of breaching US Postal Service computer networks. [Washington Post] [Engadget] [The Register] [Gizmodo] [Lifehacker] [BoingBoing] [LA Times] [Reuters] [Ars Technica]
10-11-2014: Mozilla will start hosting Tor relays as part of Polaris privacy push. [GigaOM]
08-11-2014: Another reminder on why you need to change default passwords. [HardOCP] [Network World]
07-11-2014: Aussie spooks warn of state-sponsored online attacks during G20. [The Register]
06-11-2014: Crypto attack that hijacked Windows Update goes mainstream in Amazon Cloud. [Ars Technica]
05-11-2014: Still spamming after all these years. [Krebs]
05-11-2014: This system will self destruct: Crimeware gets powerful new functions. [Ars Technica]
04-11-2014: How hackers can smuggle out your company’s data, via video. [Collaborista]
03-11-2014: Flaw in new ‘secure’ credit cards would let hackers steal $1M per card. [Wired] [Gizmodo] [HardOCP] [BoingBoing]
03-11-2014: Pro-democracy Hong Kong sites DDoS'd with Chinese cyber-toolkit. [The Register]
01-11-2014: The Amazons of the dark net. [The Economist]
30-10-2014: Chip & PIN vs chip & signature. [Krebs]
30-10-2014: Sandworm uses PowerPoint against Swiss bank customers. [The Register]
29-10-2014: Hackers are using Gmail drafts to update their malware and steal data. [Wired] [BoingBoing]
29-10-2014: White House hit by “sustained” cyber attack, hackers breach unclassified network. [Graham Cluley] [ReadWriteWeb] [The Register]
29-10-2014: Russia or China suspected in White House data breach. [DailyTech] [Ars Technica] [Gizmodo]
28-10-2014: Security Avengers team up to take down Chinese hacking group. [The Register]
28-10-2014: Leader of “most sophisticated cybercrime ring” sentenced to 11 years. [Ars Technica]
27-10-2014: Targeted attacks against businesses on the rise. [HardOCP] [ZDNet]
27-10-2014: 'Replay’ attacks spoof chip card charges. [Krebs]
27-10-2014: Exposing the hidden history of computer hacking. [BBC News]
25-10-2014: Hackers target military, embassy and defense workers in Operation Pawn Storm. [Graham Cluley]
24-10-2014: Now everyone wants to sell you a magical anonymity router -- choose wisely. [Wired]
21-10-2014: What's the best way to weaken crypto? [BoingBoing] [PDF]
20-10-2014: Credit card breach at Staples stores. [Krebs] [BBC News] [The Register] [Ars Technica]
19-12-2014: Staples comes clean: 1+ million bank cards at risk after hack. [The Register] [HardOCP] [PCWorld] [Engadget]
20-10-2014: GCHQ spokesperson says cyber terrorism is 'not a concer'. [Tripwire]
20-10-2014: Spike in malware attacks on aging ATMs. [Krebs] [Gizmodo]
17-10-2014: How Facebook uses leaked passwords to keep your account safe. [Gizmodo] [The Register]
16-10-2014: Tor Browser goes 4.0. [BoingBoing] [Tor Project]
16-10-2014: NSA classification ECI = Exceptionally Controlled Information. [Schneier]
15-10-2014: Meet the Internet's nasty new "Poodle" attack. [ReadWriteWeb] [Graham Cluley] [HardOCP] [7 News] [Google] [Ars Technica] [Wired] [The Register]
17-10-2014: How to protect yourself against Poodle attack. [ReadWriteWeb]
11-12-2014: 'Poodle’ bug returns, bites big bank sites. [Krebs]
29-04-2015: Barclays, Halifax and Tesco banks still vulnerable to POODLE attack. [Graham Cluley]
14-10-2014: It's time to enable two-step authentication on everything -- here’s how. [Gizmodo]
13-10-2014: With this tiny box, you can anonymize everything you do online. [Wired] [ReadWriteWeb] [THG]
18-10-2014: Kickstarter pulls Anonabox, a Tor-enabled router that raised over $585,000. [Ars Technica] [BBC News] [HardOCP]
23-10-2014: Kickstarter shuts down another anonymous-making internet router. [ReadWriteWeb] [Ars Technica]
13-10-2014: Bahraini activists hacked by their government go after UK spyware maker. [Wired]
12-10-2014: SEANux – a version of Linux from the Syrian Electronic Army. [Graham Cluley]
10-10-2014: Malware-based credit card breach at Kmart. [Krebs] [Buzzfeed] [Engadget] [Graham Cluley] [BBC News]
10-10-2014: Online activism and the computer fraud and abuse act. [Schneier] [BoingBoing]
10-10-2014: Malware analysts tell crooks to shape up and write decent code. [The Register]
09-10-2014: Gadgets held as evidence being remotely wiped. [BoingBoing]
08-10-2014: America must end its paranoid war on hackers. [Wired]
08-10-2014: Sir Tim Berners-Lee defends decision not to bake security into web. [The Register]
08-10-2014: FBI director sees progress in the US' ability to fight cyberattacks. [Engadget]
07-10-2014: Russian cybercrime group compromised half a million computers. [ComputerWorld]
07-10-2014: Monster banking Trojan botnet claims 500,000 victims. [The Register]
07-10-2014: Huge data leak at largest US bond insurer. [Krebs]
07-10-2014: FBI director says Chinese hackers are like a “drunk burglar”. [Ars Technica] [HardOCP] [CBS News]
06-10-2014: iPhone encryption and the return of the crypto wars. [Schneier]
02-10-2014: 76 million households affected by JPMorgan Chase data breach. [Gizmodo] [HardOCP] [ZDNet] [The Register]
02-10-2014: The unpatchable malware that infects USBs is now on the loose. [Wired] [Gizmodo] [Engadget] [BoingBoing] [ExtremeTech] [BBC News] [Graham Cluley] [HardOCP] [Schneier]
07-10-2014: The only fix for that terrible USB malware requires epoxy. [Gizmodo]
08-10-2014: Fixing the unfixable USB bug. [BoingBoing] [Wired]
18-11-2014: USB coding anarchy: Consider all sticks vulnerable. [The Register]
02-10-2014: 17,000 Macs recruited into malware botnet, with a little help from Reddit. [Graham Cluley]
01-10-2014: The criminal indictment that could finally hit spyware makers hard. [Wired]
30-09-2014: Hacked security plugin firm stored customer passwords in plaintext. [TripWire]
30-09-2014: A teenage hacker ring stole $100 Million in army and Xbox tech. [Gizmodo] [The Guardian] [Engadget] [HardOCP] [Stuff] [Ars Technica] [BBC News]
30-09-2014: How RAM scrapers work: the sneaky tools behind the latest credit card hacks. [Wired]
30-09-2014: Global IPv6 traffic is growing, DDoS dying, says Akamai. [The Register]
29-09-2014: We take your privacy and security. Seriously. [Krebs]
29-09-2014: CloudFlare introduces Universal SSL. [CloudFlare] [THG] [Ars Technica]
29-09-2014: Insider hacking a big threat for employers. [NZ Herald]
25-09-2014: Security tradeoffs of cloud backup. [Schneier] [Daring Fireball]
22-09-2014: Google’s war on spam and how encryption could finally win it – for the spammers. [ExtremeTech]
22-09-2014: Security for vehicle-to-vehicle communications. [Schneier]
19-09-2014: Millennials don’t care about mobile security, and here’s what to do about it. [Wired]
19-09-2014: Tor users become FBI's no.1 hacking target after legal power grab. [The Register]
19-09-2014: Google and Apple to introduce default encryption. [BBC News]
18-09-2014: The Dark Web gets darker with rise of the ‘Evolution’ drug market. [Wired]
18-09-2014: This new Internet security tool guards Goldman Sachs from eavesdroppers. [Wired]
18-09-2014: Terrible article on Vernam ciphers. [Schneier] [io9]
18-09-2014: US military contractors 'hit by Chinese hackers'. [BBC News]
17-09-2014: No evidence Snowden leaks inspired jihadists to up their crypto game. [BoingBoing] [Flashpoint Partners]
17-09-2014: Middle-school dropout codes clever chat program that foils NSA spying. [Wired]
17-09-2014: Identifying Dread Pirate Roberts. [Schneier] [Krebs]
15-09-2014: Several Massachusetts libraries installing Tor on all public PCs, coordinating privacy classes. [BoingBoing]
13-09-2014: Turning the tables on "Windows Support" scammers by compromising their PCs. [Ars Technica]
12-09-2014: Connected home: a next-gen botnet army? [Wired]
12-09-2014: CryptoLocker-style ransomware booms 700% this year. [The Register]
10-09-2014: Safeplug security analysis. [Schneier] [Freedom-to-Tinker] [USENIX PDF]
10-09-2014: Consumers worried about call centre security, new survey reveals. [Graham Cluley]
09-09-2014: Use home networking kit? DDoS bot is back... and it has evolved. [The Register]
05-09-2014: The security of password managers. [Schneier]
04-09-2014: Scared of brute force password attacks? Just 'GIVE UP' says Microsoft. [The Register]
04-09-2014: Military kill switches: a great idea that won't happen soon. [Gizmodo]
03-09-2014: The open source tool that lets you send encrypted emails to anyone. [Wired]
03-09-2014: Hackers using same tools as police to hack into iCloud accounts. [THG]
02-09-2014: Fake cell towers could be attacking your cellphone up to 80-90 times per hour. [THG] [Gizmodo]
01-09-2014: Second hacking crew joins Syrian Electronic Army on Team Assad. [The Register]
01-09-2014: HP: NORKS' cyber spying efforts actually a credible cyberthreat. [The Register]
31-08-2014: Decryptolocker saves you from the popular Cryptolocker ransomware. [Lifehacker] [Decryptolocker]
30-08-2014: Cyberattacks: perpetual state of siege for US companies. [Stuff]
29-08-2014: Improved Cryptolocker clone "Cryptowall" has locked over half a million PCs, 5 billion files. [THG] [SC Magazine]
29-08-2014: Kaspersky Lab “accidentally” defends monitoring of innocent internet users in online article. [Graham Cluley]
29-08-2014: Even Homeland Security isn't immune from hackers -- details of 25,000 workers exposed. [Collaborista]
29-08-2014: ISIS threatens US with terrorism. [Schneier]
29-08-2014: JPMorgan and other US banks get hacked. Why is Russia getting the blame? [Graham Cluley]
29-08-2014: The cost of DNSSEC. [Geoff Huston]
29-08-2014: How the internet may be taken down. [DC Knowledge]
28-08-2014: Mozilla left thousands of email addresses and passwords lying around - again. [HotForSecurity]
28-08-2014: Feds warn first responders of dangerous hacking tool: Google Search. [Ars Technica]
26-08-2014: Security by obscurity at Healthcare.gov site. [Schneier] [TechDirt]
25-08-2014: NIST to sysadmins: clean up your SSH mess. [The Register]
25-08-2014: The problems with PGP. [Schneier] [Cryptography Engineering]
25-08-2014: Sony Online Entertainment hit by 'large scale DDoS attack'. [The Register] [Engadget] [DC Knowledge] [ExtremeTech]
23-08-2014: Check your credit cards: that Target hack is running wild. [Gizmodo]
22-08-2014: UPS Store data breach – the post mortem can wait, it’s time to warn and advise the victims. [HotForSecurity]
21-08-2014: NSA and GCHQ agents 'leak Tor bugs' alleges developer. [BBC News] [The Register] [Engadget]
21-08-2014: The NSA is scaring people away from Tor. [Gizmodo]
21-08-2014: How hackers could mess with 911 systems and put you at risk. [Wired]
21-08-2014: Hacking Gmail with 92 percent success. [HardOCP] [Phys.org]
20-08-2014: US Air Force is focusing on cyber deception. [Schneier]
19-08-2014: Hacking into traffic lights with a plain old laptop is scary simple. [Gizmodo] [UoM PDF] [Schneier]
19-08-2014: Think crypto hides you from spooks on Facebook? Think again. [The Register]
18-08-2014: QUANTUM technology sold by cyberweapons arms manufacturers. [Schneier]
16-08-2014: Time to ditch HTTP – govt malware injection kit thrust into spotlight. [The Register]
14-08-2014: It's time for PGP to die, says... no, not the NSA – a US crypto prof. [The Register] [Cryptography Engineering]
14-08-2014: A portable router that conceals your Internet traffic. [Ars Technica] [ExtremeTech]
13-08-2014: Fifteen zero days found in hacker router comp romp. [The Register]
11-08-2014: Yahoo ads network helps hackers spread CryptoWall ransomware. [Graham Cluley]
11-08-2014: How to hack an aeroplane's satellite communications system. [Stuff]
10-08-2014: Why hackers won't be able to hijack your next flight - the facts. [The Register]
10-08-2014: Security experts: car hacking is real and we need to prepare. [Gizmodo] [cNet]
10-08-2014: Father of PGP encryption: Telcos need to get out of bed with governments. [Ars Technica]
10-08-2014: Hacking is simple, says author claiming role in breach of spyware firm. [Ars Technica]
08-08-2014: US spying brings German encryption boom. [NZ Herald]
07-08-2014: Hacker redirects traffic from 19 internet providers to steal Bitcoins. [Wired]
07-08-2014: Yahoo to join Gmail in offering users end-to-end encryption. [Forbes] [Stuff] [DailyTech] [THG] [Stuff]
06-08-2014: CIA insider: US should buy all security exploits, then disclose them. [Wired] [The Register] [Ars Technica] [BBC News]
06-08-2014: PayPal left red-faced after more security holes found in two factor authentication. [Graham Cluley]
06-08-2014: How to recover files from a CryptoLocker attack for free. [Graham Cluley] [The Register] [HardOCP] [BBC News] [Ars Technica] [Krebs]
06-08-2014: Snowden leaks spur new secure communications. [Stuff]
06-08-2014: Shadowy Russian hacker group hijacked 1.2 billion usernames, passwords. [Ars Technica] [Lifehacker] [NYT] [Gizmodo] [The Register] [BBC News] [Stuff] [HardOCP] [NZ Herald] [NZ Herald] [BGR] [Graham Cluley] [THG]
06-08-2014: Firm that exposed breach of 'billion passwords' quickly offered $120 service to find out if you're affected. [Forbes] [Graham Cluley]
06-08-2014: Q&A on the reported theft of 1.2B email accounts. [Krebs]
06-08-2014: The Russian 'hack of the century' doesn't add up. [The Verge]
07-08-2014: Over a billion passwords stolen? [Schneier] [BoingBoing] [The Register]
04-08-2014: Researcher can hack airplanes through in-flight entertainment systems. [Gizmodo] [BGR]
04-08-2014: Chinese government drops foreign security software. [Engadget] [DC Knowledge]
06-08-2014: Chinese government bans Apple products. [BGR] [ExtremeTech] [Gizmodo]
09-08-2014: Chinese government denies it banned Apple purchases. [HardOCP] [Neowin]
03-08-2014: 70% of Internet of Things devices vulnerable to hacking. [HardOCP] [Mashable]
02-08-2014: Terrorists embracing new Android crypto in wake of Snowden revelations. [Ars Technica]
01-08-2014: Gambling website Paddy Power took four years to tell 650,000 customers their data had been stolen. [Graham Cluley]
01-08-2014: Cyber extortionists pose growing threat to tech firms. [BBC News]
31-07-2014: The security of USB is fundamentally broken. [Wired] [Ars Technica] [Gizmodo] [Schneier] [HardOCP] [BGR] [Stuff] [Engadget] [Tripwire] [BBC News]
31-07-2014: Multipath TCP speeds up the Internet so much that security breaks. [The Register]
31-07-2014: Active attack on Tor network tried to decloak users for five months. [Ars Technica] [The Register] [Security Week] [Gizmodo] [BBC News] [HardOCP] [Tor Project] [Stuff]
30-07-2014: Survey reveals critical infrastructure providers in New Zealand and Australia have been breached. [Geekzone] [Unisys]
30-07-2014: Android crypto blunder exposes users to highly privileged malware. [Ars Technica]
29-07-2014: Canada National Research Council 'hacked by Chinese spies'. [BBC News]
29-07-2014: US government increases funding for Tor, giving $1.8m in 2013. [The Guardian]
29-07-2014: Former NSA chief to profit from patented hacker detection tech, charging clients $1M a month. [BoingBoing]
28-07-2014: Hackers plundered Israeli defense firms that built ‘Iron Dome’ missile defense system. [Krebs] [The Register] [BBC News]
30-07-2014: Firm issues soft denial against Iron Dome hack. [The Register]
25-07-2014: Putin: crack Tor for me and I'll make you a millionaire. [The Register] [Hexus] [HardOCP] [VentureBeat] [Schneier] [Engadget] [Gizmodo] [Graham Cluley]
23-07-2014: Google banks on its own tech to protect Chrome users from another Heartbleed. [Engadget] [Ars Technica] [The Register]
23-07-2014: Attackers raid Swiss banks with DNS and malware bombs. [The Register]
23-07-2014: Tor developers vow to fix bug that can uncloak users. [Ars Technica] [BBC News]
22-07-2014: Nigerian email swindlers using more sophisticated hacks. [BoingBoing] [NYT] [The Register] [SecurityWatch]
22-07-2014: Talk on cracking Tor cancelled. [Stuff]
21-07-2014: Security biz chases Tails with zero-day flaws alert. [The Register] [Engadget] [Schneier] [The Verge]
23-07-2014: Tails-hacking Exodus: We have video proof of code-injection attack. [The Register]
21-07-2014: Fingerprinting computers by making them draw images. [Schneier] [BBC News] [The Register] [BGR]
23-07-2014: Adblock Plus: We can stop canvas fingerprinting, the ‘unstoppable’ new browser tracking technique. [BGR]
18-07-2014: Even script kids have a right to be forgotten. [Krebs]
15-07-2014: Chinese hackers extending reach to smaller US agencies. [NYT]
15-07-2014: CNET hacked: registered users details stolen by gang demanding 1 Bitcoin. [HotForSecurity]
14-07-2014: GameOver Zeus malware returns from the dead. [Graham Cluley]
14-07-2014: Beware keyloggers at hotel business centers. [Krebs] [Graham Cluley] [Ars Technica] [Schneier]
12-07-2014: LastPass security holes found by researcher, says password management firm – but no need to panic. [WeLiveSecurity] [The Register]
15-07-2014: “Severe” password manager attacks steal digital keys and data en masse. [Ars Technica]
11-07-2014: FBI and pals grab banking Trojan zombielord's joystick. [The Register]
11-07-2014: Computer cops strike at the heart of Shylock malware. [HotForSecurity]
11-07-2014: Microsoft says cybercrime bust frees 4.7 million infected PCs. [Stuff]
10-07-2014: Digital First Aid Kit: where to turn when you're DoSed or have your accounts hijacked. [BoingBoing] [EFF] [Digital Defenders]
10-07-2014: Crypto certificates impersonating Google and Yahoo pose threat to Windows users. [Ars Technica]
10-07-2014: Wall Street wants cyber-war council. [Stuff]
08-07-2014: Computing student jailed after failing to hand over crypto keys. [The Register] [Engadget] [HardOCP]
07-07-2014: Password confessions of a security professional. [Graham Cluley]
07-07-2014: NORKS hacker corps reaches 5,900 sworn cyber soldiers - report. [The Register]
04-07-2014: Crypto thwarts tiny minority of Feds' snooping efforts. [The Register]
03-07-2014: Private crypto key stashed in Cisco VoIP manager allows network hijacking. [Ars Technica]
02-07-2014: Rising use of encryption foiled the cops a record 9 times in 2013. [Wired]
02-07-2014: Brazilian ‘Boleto’ bandits bilk billions. [Krebs] [BBC News] [Schneier]
02-07-2014: EFF sues NSA over snoops 'hoarding' zero-day security bugs. [The Register]
01-07-2014: Microsoft expands the use of encryption on Outlook, OneDrive. [Ars Technica] [iMore] [The Register] [Engadget]
01-07-2014: Millions of dynamic DNS users suffer after Microsoft seizes No-IP domains. [Ars Technica] [The Register] [Krebs] [BBC News]
30-06-2014: Cryptowall ransomware: what you need to know. [Collaborista]
30-06-2014: How Air Force One's communications are kept private. [HardOCP] [cNet]
30-06-2014: London teen charged over Spamhaus mega-DDoS attacks. [The Register]
13-12-2014: Spamhaus, CloudFlare attacker pleads guilty. [Krebs] [The Register]
30-06-2014: Blackphone review. [Schneier] [Ars Technica] [BoingBoing]
27-06-2014: Battling the botnets. [BBC News]
27-06-2014: Tired of passwords? You aren't alone. [NZ Herald] [Stuff]
25-06-2014: World-class password fail of the day. [HardOCP] [Twitter] [Gizmodo]
25-06-2014: How to bypass PayPal 2FA. [Lumension] [HardOCP] [Dark Reading]
25-06-2014: Experts reveal police hacking methods. [NZ Herald]
25-06-2014: Sysadmins rejoice: patch rampage killing off nasty DDoS attack vector. [The Register]
24-06-2014: Got a botnet? Thinking of using it to mine Bitcoin? Don't bother. [The Register]
24-06-2014: Exposed: massive mobile malware network used by cops globally [The Register]
23-06-2014: 'Most sophisticated DDoS' ever strikes Hong Kong democracy poll. [The Register]
22-06-2014: Reuters website ‘hacked’ by the Syrian Electronic Army. [HotForSecurity] [Ars Technica] [The Register]
21-06-2014: Internet firm goes out of business after DDoS extortion attack. [WeLiveSecurity]
21-06-2014: DARPA: the Internet of Things needs better security. [HardOCP] [GigaOM]
21-06-2014: Fundraiser to support "NSA-proof" email gets off to a roaring start. [HardOCP] [VentureBeat]
19-06-2014: World still standing? It's been two weeks since Cryptolocker, Gameover Zeus takedown by feds. [The Register]
10-07-2014: Crooks seek revival of 'Gameover Zeus' botnet. [Krebs]
18-06-2014: Would your company pay millions to internet blackmailers? Nokia did. [F-Secure]
18-06-2014: State-sponsored hackers breached UK government network, claims minister. [Graham Cluley]
18-06-2014: Terror suspect can’t get NSA evidence gathered against him. [Ars Technica]
17-06-2014: New app kills the world’s scariest Android malware for free. [BGR]
18-06-2014: Undergrad breaks Android crypto ransomware. [Ars Technica]
17-06-2014: FBI arrests claims NullCrew hacker in Tennessee takedown. [The Register] [Sophos]
19-06-2014: Hacker taunts arrested comrade after someone drops dime to FBI. [Ars Technica]
17-06-2014: Story of a $10 million remote scam. [Schneier] [BoingBoing]
17-06-2014: GCHQ to share threat intel – and declassify secret inventions. [The Register]
17-06-2014: Chinese Android smartphone comes with malware pre-installed. [Graham Cluley]
16-06-2014: Domino’s Pizza refuses to pay ransom after customer database hacked. [WeLiveSecurity] [Stuff]
16-06-2014: AT&T confirms inside job responsible for customer data breach. [BGR]
16-06-2014: Listen to the results of our Internet spy project. [Ars Technica]
14-06-2014: Hacked restaurant chain goes back to the 1970s, to protect itself from hackers. [HotForSecurity]
13-06-2014: Apple: we’ll ‘soon’ begin encrypting iCloud email in transit between providers. [9to5Mac]
12-06-2014: Powerful worm on Twitter unleashes torrent of out-of-control tweets. [Ars Technica]
11-06-2014: Feedly refuses to give in to blackmail demands, gets hit by DDoS attack. [Graham Cluley] [Schneier] [TNW] [Ars Technica]
11-06-2014: Evernote cloud service brought down by denial-of-service attack. [Graham Cluley] [The Register]
11-06-2014: It’s official: mMalicious hackers have crappy password hygiene, too. [Ars Technica]
11-06-2014: Web giants encrypt their services - but leaks remain. [Ars Technica]
10-06-2014: Whistleblower org says it will go to jail rather than turning over its keys. [BoingBoing] [Ars Technica]
10-06-2014: iOS 8 randomising MAC addresses. [Schneier] [Ars Technica]
10-06-2014: Randomize your computer's MAC address with this script. [Lifehacker] [Zdziarski]
10-06-2014: Report: there's a new Chinese hacker army attacking the US. [Gizmodo]
10-06-2014: After Heartbleed, we're overreacting to bugs that aren't a big deal. [Wired]
10-06-2014: Chinese military tied to prolific hacking group targeting US aerospace industry. [Ars Technica]
10-06-2014: Crypto-boffins propose safer buddy list protocol. [The Register]
09-06-2014: To defeat encryption, feds deploy the subpoena. [Ars Technica]
09-06-2014: The man behind the biggest cyberscam the world has seen. [NZ Herald]
09-06-2014: Punching the clock for a darknet kingpin. [Ars Technica]
08-06-2014: We “will be paying no ransom,” vows town hit by Cryptowall ransom malware. [Ars Technica]
07-06-2014: NSA-proof server Protonet smashes crowdfunding record. [HardOCP] [IB Times]
07-06-2014: Crypto ransomware makes its debut on Android. [Ars Technica]
05-06-2014: They hack because they can. [Krebs]
04-06-2014: China threatens "severe" punishments for Google, Apple over NSA spying. [DailyTech]
04-06-2014: UK proposes life sentences for hackers who threaten national security. [The Guardian] [BoingBoing] [Gizmodo] [HotForSecurity]
03-06-2014: Remember Anna Kournikova? Come with us on a tour of bug-squishing history. [The Register]
02-06-2014: ‘Operation Tovar’ targets ‘Gameover’ ZeuS botnet, CryptoLocker scourge. [Krebs] [Graham Cluley] [BBC News] [Graham Cluley]
16-06-2014: Police tell UK public they have only hours to combat GameOver Zeus malware. [Graham Cluley]
02-06-2014: Chinese hacking of the US. [Schneier]
30-05-2014: Google, Amazon among tech companies trying to prevent the next Heartbleed. [BGR]
29-05-2014: Iranian hackers set up fake news website, and posed as journalists on Facebook to spy on United States and others. [HotForSecurity] [Stuff] [BoingBoing] [The Register]
29-05-2014: Cyber crims smash through Windows into the great beyond. [The Register]
28-05-2014: Police at the door? Hit the PANIC button to erase your RAM. [The Register]
28-05-2014: TrueCrypt's web site updates with ominous warning, details unknown. [Lifehacker] [The Register] [Ars Technica] [BoingBoing] [Krebs] [Graham Cluley] [Schneier] [Engadget]
29-05-2014: TrueCrypt turmoil latest: Bruce Schneier reveals what he'll use instead. [The Register]
29-05-2014: Snowden's crypto software may be tainted forever. [Wired]
29-05-2014: Security enthusiasts may revive encryption tool after mystery shutdown. [Reuters]
30-05-2014: Bombshell TrueCrypt advisory: Backdoor? Hack? Hoax? None of the above? [Ars Technica]
30-05-2014: The mystery of TrueCrypt's disappearance. [HardOCP] [TechArp]
30-05-2014: TrueCrypt security audit presses on, despite developers jumping ship. [Ars Technica]
03-06-2014: TrueCrypt “must not die”. [Graham Cluley] [The Register]
11-06-2014: Troubled Truecrypt the only option for S3, but Amazon stays silent. [The Register]
16-06-2014: Did TrueCrypt’s developers embed a hidden Latin message for us all? [Graham Cluley] [BoingBoing] [Live Business Chat]
17-06-2014: TrueCrypt – a matter of assurance. [Graham Cluley]
20-06-2014: Following TrueCrypt’s bombshell advisory, developer says fork is “impossible”. [Ars Technica]
28-05-2014: Backdoor in call monitoring, surveillance gear. [Krebs] [The Register] [Schneier]
27-05-2014: Inside the FBI's fight against Chinese cyber-espionage. [Foreign Policy]
27-05-2014: China cites US for “unscrupulous” spying, wants IBM out of banks. [Ars Technica] [NZ Herald]
28-05-2014: That Snowden chap was spot on says China. [The Register]
26-05-2014: 128-bit crypto scheme allegedly cracked in two hours. [The Register]
25-05-2014: Fake key e-mails, win a $25M court case. [Ars Technica]
24-05-2014: US gov may block Chinese nationals from Defcon hacker event. [BoingBoing] [Reuters] [Ars Technica] [Engadget]
21-05-2014: Hackers broke into a public utility control room by guessing a password. [Gizmodo]
21-05-2014: eBay urges password changes after breach. [Krebs]
21-05-2014: Why is eBay burying news of its security breach from its millions of web visitors? [Graham Cluley]
23-05-2014: After the breach: eBay’s flawed password reset leaves much to be desired. [Ars Technica]
23-05-2014: eBay faces investigations over massive data breach. [BBC News] [The Register]
24-05-2014: Security breach at eBay a reminder of damage cyber criminals can wreak. [NZ Herald]
27-05-2014: It took eBay a *long* time to tell me to change my password. [Graham Cluley]
27-05-2014: eBay thought user data was safe, but 145 million accounts were compromised in massive hack. [BGR]
31-05-2014: College student finds another eBay security flaw. [HardOCP] [Digital Trends]
22-09-2014: eBay XSS password-stealing security hole “existed for months”. [Graham Cluley]
21-05-2014: The NSA is not made of magic. [Schneier]
21-05-2014: You’ll never guess the critical resource the FBI needs to successfully fight cyber crimes. [BGR]
21-05-2014: Why you should ditch Adobe Shockwave. [Krebs]
21-05-2014: Study: 97% of companies using network defenses get hacked anyway. [Ars Technica]
20-05-2014: All of .mil TLD is down. [Reddit]
19-05-2014: US charges China with cyber-spying on American firms. [NBC News] [NZ Herald] [Stuff] [HotForSecurity]
19-05-2014: US cyber-thief gets 20-year jail term. [BBC News] [HotForSecurity]
16-05-2014: Encrypted web traffic more than doubles after NSA revelations. [Wired] [TorrentFreak]
16-05-2014: Crypto-guru slams 'NSA-proof' tech, says today's crypto is strong enough. [The Register]
15-05-2014: Photos of an NSA “upgrade” factory show Cisco router getting implant. [Ars Technica] [Gizmodo] [Reddit] [SiliconBeat] [BoingBoing] [HardOCP] [Engadget]
13-05-2014: US Government has overreached, and should not interfere with the lawful delivery of our products. [Cisco]
18-05-2014: In letter to Obama, Cisco CEO complains about NSA allegations. [re/code] [The Register] [BBC News] [Stuff]
21-05-2014: NSA’s hardware tampering may alter global product flow. [DC Knowledge]
23-05-2014: China responds to NSA tampering with network gear vetting process. [Ars Technica]
14-05-2014: New Al-Qaeda encryption software. [Schneier]
14-05-2014: IETF plans to NSA-proof all future internet protocols. [The Register]
13-05-2014: New Zealand requires network operators to register with cops, give spies oversight of their network ops. [BoingBoing] [ITnews] [Reddit] [BoingBoing]
12-05-2014: NSA sabotaged exported US-made routers with backdoors. [BoingBoing] [The Guardian] [The Register] [Ars Technica] [BGR] [Reddit]
12-05-2014: Significant portion of HTTPS Web connections made by forged certificates. [Ars Technica] [BoingBoing] [Schneier]
08-05-2014: Net tech bods at IETF mull anti-NSA crypto-key swaps in future SSL. [The Register]
07-05-2014: Network admin allegedly hacked navy -- while on an aircraft carrier. [Wired] [Ars Technica]
21-05-2014: Navy sailor pleads guilty to hacking from an aircraft carrier. [Engadget]
07-05-2014: How a whitehat hacked a university and became an FBI target. [Ars Technica]
06-05-2014: Dropbox users leak tax returns, mortgage applications and more. [Graham Cluley]
06-05-2014: Dropbox told about vulnerability in November 2013, only fixed it when the media showed interest. [Graham Cluley] [The Register] [BGR]
05-05-2014: “Pavlovian password management” aims to change sloppy habits. [Ars Technica]
02-05-2014: Security flaw found in OAuth and OpenID, here's what it means for you. [Lifehacker] [cNet] [BGR] [HardOCP] [The Inquirer] [The Register]
02-05-2014: Script fools n00b hackers into hacking themselves. [The Register]
30-04-2014: Security guru: You can't blame Snowden for making US clouds look leaky. [The Register]
28-04-2014: A new pencil-and-paper encryption algorithm. [Schneier] [IACR: PDF]
25-04-2014: Spy back doors? That would be suicide, says Huawei. [The Register]
24-04-2014: 87% of electronic spying is conducted by governments, with cyber espionage accounting for 22% of data breaches. [The Drum]
23-04-2014: NSA's spying won't impact Huawei's growth. [DailyTech]
23-04-2014: State of the Hack: 43% of all DDoS attacks in Q4 originated in China. [BGR]
23-04-2014: The security of various programming languages. [Schneier] [Help Net Security]
17-04-2014: It's time to encrypt the entire Internet. [HardOCP] [Wired]
15-04-2014: Detecting criminal gangs using mobile phone data. [HardOCP] [MIT Technology Review]
15-04-2014: After Heartbleed, why forward secrecy is more important than ever. [ReadWriteWeb]
10-04-2014: US Army compares new hacker school to "the birth of the Air Force". [Gizmodo]
09-04-2014: Internet security: Cyber-criminals more cunning in attacks. [NZ Herald]
08-04-2014: Symantec sees new era of "Mega Breaches". [GeekZone] [Symantec] [Voxy]
07-04-2014: Vint Cerf wanted to make internet secure from the start, but secrecy prevented it. [The Register]
07-04-2014: The Great Hash Bakeoff: Infosec bods cook up next-gen crypto. [The Register]
04-04-2014: New “unbreakable” encryption is inspired by your insides. [Gizmodo]
08-04-2014: "Unbreakable" encryption almost certainly isn't. [Schneier]
03-04-2014: US states investigating breach at Experian. [Krebs]
03-04-2014: Your files held hostage by CryptoDefense? Don't pay up! The decryption key is on your hard drive. [The Register]
02-04-2014: Android botnet targets Middle East banks. [Krebs]
02-04-2014: The phantom NSA-RSA backdoor that never was. [The Register]
01-04-2014: Hackers can now create fake traffic jams. [Gizmodo]
31-03-2014: NSA infiltrated RSA security more deeply than thought - study. [Reuters] [Ars Technica] [Engadget] [Stuff]
31-03-2014: Cyber Emergency Response Team launched by UK. [BBC News] [The Register]
31-03-2014: China's CERT blames US for a THIRD of all attacks on Middle Kingdom PCs. [The Register] [Graham Cluley]
30-04-2014: Google: 84% of online news sites hacked by governments. [HardOCP] [The Inquirer]
28-03-2014: State-sponsored hackers are attacking news outlets on a massive scale. [Engadget]
27-03-2014: DDoS traffic triples as 20Gbps becomes the new normal. [The Register]
25-03-2014: Forget black hats – the best hackers are going grey and getting legit. [The Register]
25-03-2014: When gov’t spies fake your company’s website, what can be done? [Ars Technica]
22-03-2014: Targeting Huawei: NSA spied on Chinese government and networking firm. [Der Spiegel] [Gizmodo] [Ars Technica] [DailyTech] [The Register] [BoingBoing] [NYT] [Schneier] [Engadget]
24-03-2014: China wants answers following revelations about NSA's Huawei spying. [DailyTech]
27-03-2014: How a Chinese tech firm became the NSA's surveillance nightmare. [Wired]
29-03-2014: Huawei on NSA: If foreign spies attacked a US firm, there’d be “outrage”. [Ars Technica]
18-03-2014: Over 500,000 PCs attacked every day after 25,000 UNIX servers hijacked by Operation Windigo. [WeLiveSecurity]
17-03-2014: NATO hit in cyber attack linked to Crimea. [Stuff] [Graham Cluley]
17-03-2014: UK holds cyberwar game in WW2 bunker. [Stuff]
16-03-2014: Who is winning the 'crypto-war'? [BBC News]
15-03-2014: Kremlin gets DDoS’d by Anonymous Caucasus. [Ars Technica] [HardOCP]
12-03-2014: Attackers trick 162,000 WordPress sites into launching DDoS attack. [Ars Technica] [Graham Cluley]
09-03-2014: Want someone to click on your targeted attack? Disguise it as a LinkedIn message. [Graham Cluley]
06-03-2014: Even HTTPS can leak your PRIVATE browsing. [The Register] [Ars Technica]
06-03-2014: DDoS attacks get bigger, smarter, more damaging. [Stuff]
05-03-2014: Botnet built using freely-available cloud services. [HardOCP] [Dark Reading]
02-03-2014: Anti-virus firm finds alleged Kremlin cyberweapon, undetected for at least three years. [Graham Cluley] [The Register]
28-02-2014: Report from Trustycon: like RSA, but without the corruption. [BoingBoing] [cNet] [NYT]
01-03-2014: Trustycon: how to redesign NSA surveillance to catch more criminals and spy on a lot fewer people. [BoingBoing] [YouTube]
28-02-2014: Government-built malware running out of control, F-Secure claims. [The Register]
27-02-2014: Was the iOS SSL flaw deliberate? [Schneier]
26-02-2014: DDoSing a cell phone network. [Schneier]
25-02-2014: Chinese water tortuer: a slow drip DNS DDoS attack. [Secure64]
24-02-2014: Syria war stirs new US debate on cyberattacks. [NYT]
20-02-2014: Iranians hacked Navy network for four months? Not a surprise. [Ars Technica]
18-02-2014: The Moon router worm -- your AV has probably been updated to detect it, but won’t protect you. [Graham Cluley] [Krebs]
15-02-2014: Making NSA-style spying harder, CloudFlare offers more robust Web crypto. [Ars Technica]
14-02-2014: South Korea shuns Huawei over fears that it spies on the US. [Engadget]
14-02-2014: Forbes website hacked by the SEA. [Graham Cluley] [ReCode]
17-02-2014: SEA slurps a MILLION reader passwords from Forbes [The Register]
12-02-2014: White House unveils guidelines for protecting critical systems against cyber attacks. [Engadget] [White House] [HardOCP] [The Register]
12-02-2014: Japan weathered a record 12.8 billion cyberattacks in 2013. [Hexus]
12-02-2014: Bitcoin exchanges hit by DoS attacks. [ReadWriteWeb]
12-02-2014: Five arrested in Utopia dark net marketplace crackdown. [BBC News]
11-02-2014: Europe shrugs off largest DDoS attack yet, traffic tops 400Gbps. [The Register] [BGR] [Ars Technica] [InformationWeek]
14-02-2014: The new normal: 200-400Gbps DDoS attacks. [Krebs]
11-02-2014: Huge hack 'ugly sign of future' for internet threats. [BBC News]
10-02-2014: The NSA's secret role in the US assassination programme. [The Intercept]
06-02-2014: DARPA begins work on self-destructing electronics. [ExtremeTech]
06-02-2014: DDoS attacks against data centers on the rise. [Network Computing]
06-02-2014: SEA meddle - briefly - with Facebook's domain. [Graham Cluley]
06-02-2014: When Syrian hackers attacked, Facebook’s bacon was saved by security measures. [Graham Cluley]
06-02-2014: Syrian Electronic Army: We hijacked Facebook... honest, guv. [The Register]
05-02-2014: Somebody attacked an electrical substation in California last year. This should make you concerned. [BoingBoing] [Gizmodo]
04-02-2014: Revolutionary new cryptography tool could make software unhackable. [ExtremeTech]
03-02-2014: Want to email people without the FBI reading it? Try Safe-mail. [BGR]
03-02-2014: NSA, GCHQ, accused of hacking Belgian smartcard crypto guru. [The Register] [Graham Cluley] [Schneier]
31-01-2014: Mass hack attack on Yahoo Mail accounts prompts password reset. [Ars Technica] [GottaBeMobile] [NZ Herald] [Stuff] [Graham Cluley] [BBC News]
30-01-2014: Give hackers your data, says former RSA man. [The Register]
29-01-2014: Latest encryption trick to thwart hackers is as sweet as Honey. [BGR] [Gizmodo]
29-01-2014: Microsoft to Australian government: our kit has no back doors. [The Register]
28-01-2014: New smartphone malware tracks your swipes to steal your PIN. [BGR]
27-01-2014: FBI seized the entire TorMail database in Freedom Hosting investigation. [Wired] [Ars Technica] [Gizmodo] [The Register] [BoingBoing] [BGR]
27-01-2014: After Snowden: How vulnerable is the internet? [BBC News]
24-01-2014: CNN website, Twitter and Facebook hijacked by SEA. [Graham Cluley]
02-02-2014: Syrian Electronic Army hackers embarrass PayPal UK by displaying anti-US message. [Graham Cluley]
24-01-2014: Ex-NSA guru builds $4m encrypted email biz - but its nemesis right now is control-C, control-V. [The Register]
23-01-2014: CrowdStrike report says cyberspooks are everywhere. [The Register]
23-01-2014: Hack most likely not the reason Chinese traffic bombarded US addresses. [Ars Technica]
22-01-2014: Researchers say they see Russian hackers’ hands in cyber espionage against Western energy interests. [The Switch]
21-01-2014: NSA surveillance revives calls for an all-encrypted Internet. [Network Computing]
21-01-2014: EFF claims Vietnam targeted its staff with spear phishing attack. [The Register]
21-01-2014: F-Secure's Hypponen leads RSA refuseniks to NSA-free infosec chatfest. [The Register] [BoingBoing] [TechWeek] [Ars Technica]
27-01-2014: TrustyCon rises from the NSA/RSA ashes and sells out. [CSO]
21-01-2014: Internet users ditch “password” as password, upgrade to “123456”. [Ars Technica] [BGR]
24-01-2014: Companies look to end password era. [Stuff]
18-01-2014: UK's security branch says Ubuntu most secure end-user OS. [HardOCP] [ZDNet]
17-01-2014: PowerLocker uses Blowfish. [Schneier] [Ars Technica]
16-01-2014: The Internet of Things has been hacked. [ReadWriteWeb]
16-01-2014: DDoS attacks abusing NTP flood the web. [Juniper] [Network Computing] [Schneier] [THG]
21-01-2014: Don't be a DDoS dummy: Patch your NTP servers, plead infosec bods. [The Register]
18-02-2014: This is what it looks like when your router participates in an NTP DDoS attack. [Reddit]
18-02-2014: What would it take to filter a NTP attack? [Reddit]
16-01-2014: Huawei dismisses NSA backdoor claims as profits soar. [The Register]
15-01-2014: Microsoft confirms SEA hacked into employee email accounts. [The Verge]
15-01-2014: SEA has its *own* website hacked. [Graham Cluley] [The Register]
14-01-2014: Research finds security holes in 90% of top mobile banking apps. [BGR]
14-01-2014: New DoS attacks taking down game sites deliver crippling 100Gbps floods. [Ars Technica]
12-01-2014: More well-known U.S. retailers victims of cyber attacks - sources. [Reuters] [Gizmodo] [Ars Technica] [BGR]
10-01-2014: Senior execs are the biggest risk to IT security. [BoingBoing] [Help Net Security]
09-01-2014: When the FBI asks you to weaken your security so it can spy on your users. [BoingBoing] [PCMag]
09-01-2014: Cicada 3301: The dark net treasure trail reopens. [BBC News]
09-01-2014: DoS attacks that took down big game sites abused Web’s time-synch protocol. [Ars Technica]
09-01-2014: Hackers use Amazon cloud to scrape mass number of LinkedIn member profiles. [Ars Technica] [The Register]
08-01-2014: NSA employee will continue to co-chair influential crypto standards group. [Ars Technica] [The Register]
06-01-2014: US backdoored our satellites, claim UAE. [The Register]
05-01-2014: Malware strikes thousands of Yahoo users via poisoned adverts. [Graham Cluley] [The Register]
09-01-2014: After a terrible year for security, Yahoo Mail finally gets HTTPS by default. [Graham Cluley] [The Register]
03-01-2014: Gaping admin access holes found in SoHo routers from Linksys, Netgear and others. [NakedSecurity]
02-01-2014: CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes. [The Register] [Graham Cluley]
02-01-2014: "Military style" raid on California power station. [Schneier] [Foreign Policy]
02-01-2014: Skype’s Twitter, Facebook, and blog hacked by SEA demanding an end to spying. [TNW] [BBC News] [Graham Cluley] [NZ Herald] [Ars Technica] [GottaBeMobile]
03-01-2014: Microsoft tweets advice about phishing, but too late to save Skype. [Graham Cluley]
01-01-2014: Hackers claim to reveal millions of Snapchat usernames and phone numbers. [Graham Cluley] [BoingBoing] [DailyTech] [BGR] [Gizmodo] [The Verge] [TNW] [NZ Herald] [BBC News] [Stuff] [The Register]
02-01-2014: Snapchat acknowledges hack. [Engadget] [TechCrunch] [ReadWriteWeb] [BBC News] [Graham Cluley] [The Register]
03-01-2014: Snapchat CEO won't say sorry for hack. [ValleyWag]
03-01-2014: Snapchat knew for months about major security hole but failed to fix it. [BGR] [Today]
09-01-2014: Snapchat apologizes for and patches leak. [BoingBoing] [Snapchat] [BGR] [Engadget] [The Register]
09-01-2014: Anatomy of a snap attack. [The New Yorker]
13-01-2014: Snapchat apologizes for jump in spam. [HardOCP] [cNet] [The Verge]
2013 – News
30-12-2013: Even tiny microSD cards have chips that can be hacked. [BGR]
30-12-2013: Eye reflections could catch criminals. [Imaging Resource]
30-12-2013: Cisco “deeply concerned” over NSA backdoor claims. [GigaOM]
30-12-2013: Cash machines robbed with infected USB sticks. [BBC News]
29-12-2013: Research shows eye-reflections in photos could be used to identify criminals. [Engadget] [HardOCP] [Sky News]
24-12-2013: Report on Syrian malware. [Schneier] [EFF] [WSJ ATD]
24-12-2013: Mariposa botnet 'mastermind' jailed in Slovenia. [BBC News] [Graham Cluley]
23-12-2013: Talk of an RSA boycott grows after reports it colluded with the NSA. [WSJ ATD]
24-12-2013: Prestigious speaker Mikko Hypponen cancels RSA talk to protest NSA deal. [Ars Technica] [The Register] [BoingBoing]
27-12-2013: How worried should we be about alleged RSA-NSA scheming? [Wired]
06-01-2014: How the NSA (may have) put a backdoor in RSA’s cryptography: a technical primer. [Ars Technica]
08-01-2014: More researchers join RSA conference boycott to protest $10 million NSA deal. [Ars Technica] [Washington Post] [The Register] [BoingBoing]
23-12-2013: People are more freaked out by hacking than tracking. [HardOCP] [WSJ ATD]
21-12-2013: Seen the Tapsnake virus warning on your Android? Here’s what you need to know. [Graham Cluley]
21-12-2013: Critics: NSA agent co-chairing key crypto standards body should be removed. [Ars Technica]
20-12-2013: Over 4 million infected PCs in 100 countries, but guilt of DNS Changer gang not proven says court. [Graham Cluley]
20-12-2013: Worried OpenSSL uses NSA-tainted crypto? This bug has got your back. [The Register]
20-12-2013: NSA’s broken Dual_EC random number generator has a “fatal bug” in OpenSSL. [Ars Technica]
19-12-2013: The real reason IT security fails. [Network Computing]
19-12-2013: Washington Post discovers it has been hacked. China blamed. [Graham Cluley]
19-12-2013: China's central bank hit in net attack. [BBC News] [Graham Cluley]
19-12-2013: Hackers break into Washington Post servers for third time in three years. [Ars Technica]
18-12-2013: TOR user identified by FBI. [Schneier] [Ars Technica]
18-12-2013: Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU. [ExtremeTech] [Ars Technica] [Schneier] [CS] [The Register] [Gizmodo] [BoingBoing]
18-12-2013: The massive lie about anti-virus technology. [Graham Cluley]
17-12-2013: Don't listen to Snowden ... Intel: We've switched on CPU crypto for Hadoop. [The Register]
17-12-2013: Huawei to come under increased scrutiny from GCHQ. [BBC News] [The Register] [ZDNet]
16-12-2013: Unlocking CryptoLocker: how infosec bods hunt the fiends behind it. [The Register]
16-12-2013: Attacking online poker players. [Schneier] [F-Secure]
16-12-2013: Botnet enlists Firefox users to hack websites. [Krebs]
14-12-2013: Archaic but widely used crypto cipher allows NSA to decode most cell calls. [Ars Technica] [Gizmodo] [Washington Post] [iMore] [Engadget]
13-12-2013: Report: bot traffic is over 61% of all website traffic. [HardOCP] [Incapsula]
13-12-2013: Hacked via RDP: really dumb passwords. [Krebs]
13-12-2013: Cryptolocker copycat ransomware emerges – but an antidote is possible. [The Register]
12-12-2013: Bots now 'account for 61% of web traffic'. [BBC News] [Gizmodo]
12-12-2013: Crypto weakness in Web comment system exposes hate-mongering politicians. [Ars Technica]
11-12-2013: Participating in Anonymous DDoS attack for 1 minute = $183,000 fine. [Gizmodo] [Sophos]
11-12-2013: Targeted attacks explored in Proofpoint infographic. [Graham Cluley]
11-12-2013: Four arrested over London-based '£1m cyber theft'. [BBC News] [The Register]
07-12-2013: Kingpin behind large chunk of world’s malware exploits led lavish life. [Ars Technica]
07-12-2013: FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance. [Washington Post] [Ars Technica] [Gizmodo]
06-12-2013: DDoS attacks wreak havoc on data centers. [Network Computing]
06-12-2013: Fiendish CryptoLocker ransomware survives hacktivists' takedown. [The Register]
05-12-2013: Botnet of 20,000 point-of-sale machines. [BoingBoing] [Ars Technica]
05-12-2013: ZeroAccess botnet down, but not out. [Krebs] [BBC News] [PCWorld] [HardOCP] [Microsoft] [Ars Technica]
05-12-2013: Microsoft: Anonymous hacktivists DDoSed us? Really? [The Register]
04-12-2013: 2 million stolen Facebook and Yahoo passwords dumped online. [BBC News] [ZDNet] [Ars Technica] [The Register] [Lifehacker] [Stuff] [DailyTech]
03-12-2013: Accused of spying, Huawei CEO says company is exiting US market. [Gizmodo] [Foreign Policy]
03-12-2013: Scientist-developed malware prototype covertly jumps air gaps using inaudible sound. [Ars Technica] [ExtremeTech] [Gizmodo] [JOCM] [BGR] [Stuff] [The Register]
02-12-2013: How does the NSA break SSL? [Crypto Engineering]
02-12-2013: How antivirus companies handle state-sponsored malware. [Schneier]
02-12-2013: Security upgrades show Snowden won. [Stuff]
02-12-2013: Tech encryption arms race escalates. [Stuff] [AP]
01-12-2013: Dutch intelligence agency AIVD hacks forums. [HardOCP] [NRC]
30-11-2013: A new worm proves that the Internet is vulnerable to attack. [WSJ ATD]
29-11-2013: For 20 years the nuclear launch code at US Minuteman silos was 00000000. [Gizmodo] [HardOCP] [Ars Technica]
27-11-2013: Texas hacker debunks link between Bitcoin founder and online drug market. [Wired]
26-11-2013: An anti-fraud service for fraudsters. [Krebs]
26-11-2013: European Parliament reports hack attack, turns off public Wi-Fi. [The Register]
26-11-2013: NSA-busting secure, open, router seeks cash and code from crowd. [The Register]
26-11-2013: Red October crypto app adopts “two-man rule” used to launch nukes. [Ars Technica]
25-11-2013: This infographic shows which sites properly encrypt your data. [Lifehacker] [EFF]
23-11-2013: A spurned techie’s revenge: Locking down his ex’s digital life. [Ars Technica]
23-11-2013: Google squashes nasty bugs that led to perfect-storm account hijacking. [Ars Technica]
22-11-2013: Twitter upping security to thwart government hacking. [HardOCP] [cNet] [Engadget]
21-11-2013: Say hello to Safeplug, Pogoplug’s $49 Tor-in-a-box for anonymous surfing. [GigaOM]
21-11-2013: Darknet: It's not just for DRUGS. Ninja Banking Trojan uses it too. [The Register]
21-11-2013: SCADA flaws put world leaders at risk of terrible traffic jam. [The Register]
21-11-2013: Repeated attacks hijack huge chunks of Internet traffic, researchers warn. [Ars Technica]
20-11-2013: Hack of Cupid Media dating website exposes 42 million plaintext passwords. [Ars Technica]
19-11-2013: The new threat: targeted Internet traffic misdirection. [Renesys] [Schneier]
02-12-2013: Response: targeted Internet traffic misdirection. [EtherealMind]
06-12-2013: Someone's been siphoning data through a huge Internet security hole. [Gizmodo] [Wired]
19-11-2013: How the NSA weaponized the Internet's backbone. [BoingBoing] [Wired]
20-11-2013: Australia's Indonesia spy woes may cross over. [Stuff]
19-11-2013: Indonesia turns Twitter into very leaky diplomatic bag. [The Register]
19-11-2013: Oz gov sysadmins asleep at the wheel. [The Register]
19-11-2013: Schneier tells Washington NSA broke Internet’s security for everyone. [Ars Technica] [BoingBoing]
18-11-2013: Google completes upgrade of its SSL certificates to 2048-bit RSA. [ThreatPost]
18-11-2013: The CIA is trying to stop Russia building monitoring stations in the US. [Gizmodo]
18-11-2013: Feds arrest 5 more suspects in $45 million global bank heist. [Wired]
18-11-2013: FBI sends memo to US.gov sysadmins: You've been hacked... for the past year. [The Register]
16-11-2013: FBI warns hacking spree on government agencies is a “widespread problem”. [Ars Technica]
16-11-2013: Homeland Security must disclose wireless shutdown protocols. [HardOCP] [cNet]
15-11-2013: You just missed a massive, destructive, fake cyberattack. [Gizmodo] [NYT]
15-11-2013: FBI: cyber-attacks surpassing terrorism as major domestic threat. [HardOCP] [RT]
15-11-2013: Microsoft opens dedicated cybercrime centre. [Hexus]
15-11-2013: Internet architects propose encrypting all the world’s Web traffic. [Ars Technica]
15-11-2013: NSA leaks bolster IETF work on Internet security. [Network Computing]
14-11-2013: Inside Microsoft's cybercrime centre. [HardOCP] [Microsoft]
14-11-2013: Microsoft fails to encrypt data centre links despite NSA snooping. [The Register] [Ars Technica] [Wired] [BGR]
14-11-2013: Feds charge California brothers in cyberheists. [Krebs]
13-11-2013: Hacking the connected home: when your house watches you. [ReadWriteWeb]
12-11-2013: Microsoft warns customers away from SHA-1 and RC4. [ThreatPost]
12-11-2013: In Lavabit appeal, US doubles down on access to web crypto keys. [Wired]
11-11-2013: Secure email a "daunting challenge". [BoingBoing] [The New Yorker]
11-11-2013: Smartphone PIN revealed by camera and microphone. [BBC News] [Imaging Resource]
11-11-2013: UK spies continue “quantum insert” attack via LinkedIn, Slashdot pages. [Ars Technica] [Schneier] [Der Spiegel]
09-11-2013: $1.2 million in Bitcoins hijacked in 'social engineering' attack. [Engadget] [Bitcoin Talk]
09-11-2013: It’s official: computer scientists pick stronger passwords. [Ars Technica]
08-11-2013: FBI wants hacker behind cheating malware. [Stuff]
07-11-2013: China can't stop hacking the world's only superpower. [Gizmodo] [Reuters]
07-11-2013: Kaspersky: “We detect and remediate any malware attack,” even by NSA. [Ars Technica]
06-11-2013: Crowdfunded audit of 'NSA-proof' encryption suite TrueCrypt is go. [The Register]
06-11-2013: TrueCrypt to go through a crowdfunded, public security audit. [HelpNet Security]
18-11-2013: TrueCrypt audit project founder: 'We've set our sights high'. [The Register]
15-04-2014: TrueCrypt audit finds “no evidence of backdoors” or malicious code. [Ars Technica] [The Register] [Schneier]
06-11-2013: Sysadmins: How do YOU protect your networks against 'friendly fire'? [The Register]
04-11-2013: Quantum data lock promises leak-proof security. [Engadget] [APS]
04-11-2013: badBIOS. [Schneier] [Ars Technica]
04-11-2013: No, malware can't infect your computer over the air. [Gizmodo]
06-11-2013: Researcher skepticism grows over badBIOS malware claims. [Ars Technica]
04-11-2013: Germany: European spy agencies swap tech tips. [Stuff]
03-11-2013: Crypto boffins propose replacing certification authorities with ... Bitcoin? [The Register]
03-11-2013: Watch people in 1988 freak out over the world's first computer worm. [Gizmodo] [Mashable] [HardOCP] [ZDNet]
04-11-2013: That time when an NSA bloke's son borked the entire Internet. [The Register]
04-11-2013: An analysis of the Morris worm. [Purdue PDF]
02-11-2013: NIST to review crypto guidance methods. [GovInfo Security] [Ars Technica] [BoingBoing]
01-11-2013: Finnish data network hit by severe hacking. [Stuff]
31-10-2013: Infosec bod reports ONGOING ATTACK at RSA securo-confab. [The Register]
31-10-2013: Crypto protocols mostly crocked says euro infosec think-tank ENISA. [The Register]
30-10-2013: Critical infrastructure vulnerabilities unearthed. [Network Computing]
30-10-2013: Russian authorities seize goods from China implanted with 'spy' chips. [Gizmodo] [The Register]
29-10-2013: New Oz government keeps Huawei ban after spook briefing. [The Register] [Stuff]
01-11-2013: Australian PM confirms Huawei ban. [The Register]
28-10-2013: CAPTCHA busted? AI company claims break if Internet's favourite protection system. [Wired] [Stuff]
28-10-2013: Alleged UK hacker charged with breaking into military and NASA databases. [The Verge] [The Register]
28-10-2013: SEA targets Obama in latest hack. [WSJ ATD] [Engadget] [Gizmodo] [The Register]
27-10-2013: A cyber attack against Israel shut down an entire road last month. [Jalopnik]
26-10-2013: FBI on the hunt for eBay 'fraudster'. [BBC News]
25-10-2013: Germany wants a German Internet as spying scandal rankles. [Reuters] [Gizmodo] [HardOCP] [PCMag]
25-10-2013: Norks seed online games with malware in fiendish DDoS plot. [The Register]
25-10-2013: DARPA contest for fully automated network defence. [Schneier] [DARPA]
25-10-2013: Senator demands more info from Experian. [Krebs]
24-10-2013: Sting operation for Obama's Twitter leak. [Stuff]
23-10-2013: How NSA-proof is your VPN? [BoingBoing] [TorrentFreak]
23-10-2013: Lone sysadmin fingered for $462 million Wall Street crash. [The Register]
22-10-2013: Why is the internet so insecure? [Stuff]
21-10-2013: UK cyber defence unit 'may include convicted hackers'. [BBC News]
21-10-2013: Google offering DDoS protection. [HardOCP] [Google] [Gizmodo]
21-10-2013: Visualised: global DDoS attacks animated and mapped by Google. [Engadget] [Digital Attack Map] [Gizmodo]
22-10-2013: Response: digital attack map. [EtherealMind]
19-10-2013: The web needs globally backed, verifiable security standards – says Huawei. [The Register] [Quartz] [Network Computing] [Information Week]
21-10-2013: Huawei: unlike western companies, we've never been told to weaken our security. [BoingBoing] [The Guardian]
18-10-2013: You’re infected—if you want to see your data again, pay us $300 in Bitcoins. [Ars Technica]
18-10-2013: Fiendish CryptoLocker ransomware: whatever you do, don't pay. [The Register]
05-11-2013: Late with your ransom payment? Never mind, CryptoLocker crooks will, er, give you a break. [The Register]
06-11-2013: CryptoLocker crew ratchets up ransom. [Krebs]
15-11-2013: File-nuking Cryptolocker PC malware menaces tens of millions' in UK. [The Register]
24-12-2013: Cryptolocker ransomware has 'infected about 250,000 PCs'. [BBC News]
17-10-2013: Leaky security could scuttle global ship-tracking system. [The Register]
17-10-2013: How mystery DDoSers tried to take down Bitcoin exchange with 100Gbps crapflood. [The Register]
17-10-2013: Researchers uncover holes that open power stations to hacking. [Ars Technica]
16-10-2013: Akamai: DDoS attacks increased since Q1 2013, Indonesia marked as biggest cyberbully. [Engadget]
16-10-2013: Android security relies on zombie crypto, argues infosec pundit. [The Register]
15-10-2013: WhatsApp crypto snafu drops trou on users' privates. [The Register]
15-10-2013: Can you trust 'NSA-proof' TrueCrypt? Cough up some dough and find out. [The Register] [Ars Technica]
14-10-2013: German telco hopes to hide traffic from spies. [Stuff]
10-10-2013: Critical WhatsApp crypto flaw threatens user privacy, researchers warn. [Ars Technica]
10-10-2013: Hackers in the electric grid? Meh -- fear the dude with the stolen tractor. [Ars Technica]
13-10-2013: Ars readers react to the wild west of password cracking. [Ars Technica]
09-10-2013: Encryption tech designed to look like an Instagram filter. [Wired]
09-10-2013: 'Bulletproof' hoster Santrex calls it quits. [Krebs]
09-10-2013: How the Bible and YouTube are fueling the next frontier of password cracking. [Ars Technica] [Gizmodo]
09-10-2013: MI5 chief Andrew Parker warns of Islamist threat to UK public. [BBC News]
08-10-2013: DNS-based attack brings down AVG, Avira, WhatsApp. [ReadWriteWeb] [The Register]
07-10-2013: Next-generation malware on the horizon. [Network Computing]
03-10-2013: Just how advanced is the NSA's decryption tool? [Gizmodo] [YouTube]
01-10-2013: Will Keccak = SHA-3? [Schneier]
01-10-2013: GCHQ's CESG CCP 4 UK GOV IT BFFs? LOL RTFA INFOSEC VIPs ASAP. [The Register]
01-10-2013: Blood-sucking botnet narrowly escapes extermination, lives to leech again. [Ars Technica] [Voxy] [PCWorld] [BBC News] [HardOCP] [cNet] [Symantec]
30-09-2013: NSA eavesdropping: it just got a whole lot worse. [Juniper]
30-09-2013: Diversionary DDoS: a distracted IT is a hacker treasure trove. [Juniper]
30-09-2013: Silent Circle moving away from NIST ciphers in wake of NSA revelations. [ThreatPost]
30-09-2013: Would you hire a hacker to run your security? 'Yes' say Brit IT bosses. [The Register]
27-09-2013: London schoolboy cuffed for biggest DDoS attack in history. [The Register] [HardOCP] [Mashable]
27-09-2013: US says Iran hacked navy computers. [WSJ ATD] [WSJ] [Gizmodo]
27-09-2013: Iran sure did pick a bad time to hack into the navy's computers. [Gizmodo]
26-09-2013: Internet transit a vulnerability. [The Register]
24-09-2013: WAN encryption tops agenda after NSA revelations. [Network Computing]
24-09-2013: How a crypto backdoor pitted the tech world against the NSA. [Wired] [Schneier]
23-09-2013: How I hacked SIM cards with a single text - and the networks don't care. [The Register]
23-09-2013: iOS security is almost non-existent, but nobody cares. [PocketNow] [GottaBeMobile]
21-09-2013: Close the NSA's back doors. [NYT]
20-09-2013: UK spy agency GCHQ hacked Belgian telecom. [BoingBoing] [Der Spiegel] [The Register] [Ars Technica] [Engadget]
20-09-2013: RSA warns over NSA link to encryption algorithm. [BBC News] [The Register]
21-09-2013: We don’t enable backdoors in our crypto products, RSA tells customers. [Ars Technica]
20-09-2013: Australia main conduit for cyberattacks. [Stuff]
20-09-2013: Stop using NSA-influenced code in our products, RSA tells customers. [Ars Technica] [Wired]
18-09-2013: Telstra to DNS-block botnet C&Cs with unknown blacklist. [The Register]
18-09-2013: Chinese hacker group linked to big cyber attacks. [Stuff]
17-09-2013: Brazil's wild plan to purge American from its Internet. [Gizmodo] [Stuff] [BBC News]
25-09-2013: Brazil attacks US spy network. [Stuff]
17-09-2013: State-sponsored hacker gang has a side gig in fraud. [Wired]
17-09-2013: NSA spooks tooled up with zero-day PC security exploits from the French. [The Register]
17-09-2013: Fatal crypto flaw in some government-certified smartcards makes forgery a snap. [Ars Technica]
17-09-2013: Major Belgian telco targeted by a foreign state, Brussels says. [Ars Technica]
16-09-2013: NSA bought exploit service from VUPEN, contract shows. [ThreatPost] [BoingBoing] [MuckRock]
16-09-2013: Teen hacker making $50k a month arrested. [HardOCP] [BBC News]
16-09-2013: Surreptitiously tampering with computer chips. [Schneier] [UMASS PDF] [ExtremeTech]
13-09-2013: Argentina arrests teen hacker who netted $50,000 a month. [BBC News]
13-09-2013: FBI: Yes, we controlled Tor servers behind mass malware attack. [BoingBoing] [Wired] [Gizmodo] [Ars Technica] [Network Computing]
13-09-2013: New NSA leaks shows MITM attack against major Internet services. [Schneier]
13-09-2013: Arrests over 'cyber plot' to steal from Santander bank. [BBC News]
12-09-2013: UK intelligence recruiting codebreakers with treasure hunt. [THG]
12-09-2013: 'NSA PRISM spies' shake down victims with bogus child-abuse vids claims. [The Register]
12-09-2013: Hacker cracks Vodafone Germany, steals data of 2 million customers. [The Register] [Washington Post] [WSJ ATD] [WSJ]
11-09-2013: Attacking a DDoS with a bare SSG. [Juniper]
11-09-2013: Security flaw shows Tor anonymity network dominated by botnet command and control traffic. [MIT Technology Review]
11-09-2013: Security snake oil for sale. [Network Computing]
10-09-2013: Boffins propose NSA-proof crypto for cloud computing. [The Register]
10-09-2013: Crypto prof asked to remove NSA-related blog post. [Ars Technica] [Matthew Green]
11-09-2013: University apologizes for censoring crypto prof over anti-NSA post. [Ars Technica]
11-09-2013: Matthew Green speculates on how the NSA defeats encryption. [Schneier]
09-09-2013: NSA slides reveal: iPhone users are zombies. [The Register] [HardOCP] [cNet] [BGR]
09-09-2013: iSpy: how the NSA accesses smartphone data. [Der Spiegel]
10-09-2013: NSA spies reportedly exploited iPhone location bug not fixed until 2011. [Ars Technica]
09-09-2013: Fighting back against NSA sabotage with a dead-man's switch. [BoingBoing] [The Guardian]
16-09-2013: How to foil NSA sabotage: use a dead man's switch (podcast). [BoingBoing]
09-09-2013: What NSA sabotage does to security. [BoingBoing] [Freedom to Tinker] [Schneier]
09-09-2013: Government secrecy and the generation gap. [Schneier]
09-09-2013: Spy service exposes Nigerian 'Yahoo Boys'. [Krebs]
11-09-2013: 'Yahoo Boys' have 419 Facebook friends. [Krebs]
08-09-2013: NSA secretly broke smartphone security. [BoingBoing] [Der Spiegel] [Engadget] [Gizmodo] [NZ Herald]
07-09-2013: How to fight back in the NSA's war on encryption. [Gizmodo]
07-09-2013: FBI labels Syrian president's hacker team "terrorists", adds them to wanted list. [DailyTech]
07-09-2013: Surveillance state repeal act. [BoingBoing] [NYT]
07-09-2013: Majority of Tor crypto keys could be broken by NSA, researcher says. [Ars Technica] [Gizmodo]
07-09-2013: 90 percent of Tor keys can be broken by NSA: what does it mean? [BoingBoing] [Errata Security]
07-09-2013: Google speeding up end-to-end crypto between data centers worldwide. [Ars Technica] [Engadget] [Washington Post] [DC Knowledge] [Stuff]
06-09-2013: 1Password and the crypto wars. [Agile Bits Blog]
06-09-2013: The NSA's cryptographic capabilities. [Schneier]
06-09-2013: That earth-shattering NSA crypto-cracking: have spooks smashed RC4? [The Register]
06-09-2013: The NSA cracked SSL -- but it's probably not as bad as it sounds. [Juniper]
12-09-2013: Perfect forward secrecy -- it's important. [Juniper]
06-09-2013: Security expert Schneier calls for more to reveal gov’t spying methods. [Ars Technica]
05-09-2013: On the NSA. [Crypto Engineering]
05-09-2013: NSA's decade-long plan to undermine encryption includes backdoors, stolen keys, manipulating standards. [Wired] [ExtremeTech]
06-09-2013: NSA’s pipe dream: Weakening crypto will only help the “good guys”. [Ars Technica]
06-09-2013: The NSA’s work to make crypto worse and better. [Ars Technica]
06-09-2013: NSA bypasses Internet encryption, spends $250M to weaken international encryption. [DailyTech] [NYT]
06-09-2013: Most online encryption is transparent to NSA and GCHQ. [Hexus]
08-09-2013: Spooks break most Internet crypto, but how? [Ars Technica]
08-09-2013: Firsthand account of NSA sabotage of Internet security standards. [BoingBoing] [Gmane]
09-09-2013: Long-shot bill forbidding NSA backdoors in encryption has renewed attention. [Ars Technica]
09-09-2013: Of course NSA can crack crypto. Anyone can. The question is, how much? [Ars Technica]
10-09-2013: Agency denies helping NSA beat encryption. [The Hill]
11-09-2013: NYT provides new details about NSA backdoor in crypto spec. [Ars Technica]
11-09-2013: NSA 'altered random-number generator'. [BBC News]
11-09-2013: This is the crypto standard that the NSA sabotaged. [BoingBoing] [NYT]
05-09-2013: The NSA is breaking most encryption on the Internet. [Schneier] [The Guardian] [NYT] [ProPublica] [Gizmodo] [BoingBoing] [Ars Technica] [The Register] [ReadWriteWeb] [Stuff] [HardOCP] [Stuff]
05-09-2013: US and UK spy agencies defeat privacy and security on the internet. [The Guardian] [BBC News]
05-09-2013: How to remain secure against NSA surveillance. [The Guardian] [Schneier]
04-09-2013: What exactly are the NSA's 'groundbreaking cryptanalytic capabilities'? [Wired]
04-09-2013: 'Uncrackable' codes set for step up. [BBC News]
04-09-2013: NSA laughs at PCs, prefers hacking routers and switches. [Wired] [Wired]
04-09-2013: 'Uncrackable' codes set for step up. [BBC News]
04-09-2013: NSA probably hasn't broken strong crypto. [BoingBoing] [Wired]
03-09-2013: Syrian Electronic Army hacks US Marines. [Stuff] [The Register]
03-09-2013: SEA cyberattacks. [Schneier]
02-09-2013: Boffins confirm quantum crypto can keep a secret. [The Register]
02-09-2013: 'Black budget' details a war in cyberspace. [Stuff]
31-08-2013: SEA denies new data leaks. [Krebs]
30-08-2013: IPv6 to complicate the threat-intelligence landscape. [Network Computing]
30-08-2013: Sysadmin security fail: NSA finds Snowden hijacked officials’ logins. [Ars Technica]
30-08-2013: NSA: We couldn't have stopped Snowden – he was A SYSADMIN. [The Register]
29-08-2013: The NSA has its own team of elite hackers. [Washington Post]
29-08-2013: New Snowden leak reports 'groundbreaking' NSA crypto-cracking. [Wired]
29-08-2013: US spy network’s successes, failures and objectives detailed in ‘black budget’ summary. [Washington Post]
27-08-2013: Twitter hacked and DNS records compromised. [HardOCP] [Twitter] [DailyTech]
28-08-2013: Syrian Electronic Army claims to have taken down Twitter, New York Times, Huffington Post. [NZ Herald] [Washington Post] [TechCrunch] [Wired]
28-08-2013: Hackers controlled the NYT by breaking into a leading Australian web service. [Business Insider] [DC Knowledge]
28-08-2013: Twitter and New York Times clash with hackers for control of their sites. [Ars Technica]
28-08-2013: New York Times and Twitter struggle after Syrian hack. [BBC News]
28-08-2013: How to avoid getting your DNS hacked like the NYT. [ReadWriteWeb]
28-08-2013: How the attack on NYT and Twitter domains could have been worse. [WSJ ATD]
28-08-2013: How the Syrian Electronic Army hacked The New York Times and Twitter. [ExtremeTech] [Stuff]
28-08-2013: SEA hacks continue with takeover of NYT, Twitter registrar homepage. [Gizmodo]
27-08-2013: NYT goes down again, and this time hackers are to blame. [WSJ ATD] [BoingBoing] [Gawker] [GigaOM] [Stuff] [DailyTech]
27-08-2013: How the NYT is still publishing despite being hacked. [Gizmodo]
27-08-2013: DNS hack takes The New York Times offline. [Engadget]
28-08-2013: Syrian Electronic Army named as likely culprit in NYT hack. [Ars Technica] [Stuff]
28-08-2013: Twitter and New York Times clash with hackers for control of their sites. [Ars Technica]
28-08-2013: How the attack on NYT and Twitter domains could have been worse. [WSJ ATD]
28-08-2013: SEA says attack on NYT is over. [WSJ ATD]
28-08-2013: How the Syrian Electronic Army hacked The New York Times and Twitter. [ExtremeTech] [Stuff]
27-08-2013: Who wrote the Pincer Android trojan? [Krebs]
26-08-2013: Chinese authorities say massive DDoS attack took down .cn domain. [The Register] [WSJ] [Stuff]
24-08-2013: Cyber crime experts warn of security issues. [Stuff]
20-08-2013: A question of DNS protocols. [Geoff Huston]
22-08-2013: APNIC boffins may enlist TCP to defend DNS. [The Register]
17-08-2013: Webcam spying goes mainstream as Miss Teen USA describes hack. [Ars Technica]
17-08-2013: New discovery may make encryption ‘exponentially easier’ to break. [ExtremeTech]
15-08-2013: Why doesn't Google encrypt all of your data? [Gizmodo]
16-08-2013: Why Google's now encrypting data in the cloud. [ReadWriteWeb]
15-08-2013: Syrian hackers use Outbrain to target the Washington Post, Time, and CNN. [The Atlantic] [The Register]
14-08-2013: Fed crack encrypted drives, arrest child porn suspect. [Wired]
15-08-2013: Feds believe child porn suspect will finally decrypt his hard drives. [Wired]
14-08-2013: Your encrypted files are 'exponentially easier' to crack, warn MIT boffins. [The Register]
12-08-2013: NSA leaks make plan for cyberdefense unlikely. [NYT]
10-08-2013: FBI director calls on private sector to help with cyber threat. [Ars Technica]
08-08-2013: Cybersecurity plan lacking traction. [Stuff]
07-08-2013: NZ slow to respond to 'industrialised' hacking. [NZ Herald]
05-08-2013: ProfitBricks budget cloud in SECURITY FAIL. [The Register]
04-08-2013: Firefox zero-day used in child porn hunt? [Krebs] [The Register] [BBC News] [The Register] [ExtremeTech]
05-08-2013: NSA appears to be tracking the anonymous Internet. [Gizmodo] [Ars Technica] [Wired] [BoingBoing]
06-08-2013: Tor fingers Firefox flaw for FAIL but FBI's also in the frame. [The Register]
06-08-2013: Tor-targeted malware traced to FBI. [Stuff]
06-08-2013: Has Tor been compromised? [Schneier]
06-08-2013: Users of hidden net advised to ditch Windows. [BBC News] [IT World] [Gizmodo] [Stuff]
08-08-2013: Infosec analysts back away from 'Feds attacked Tor' theory. [The Register] [Gizmodo]
03-08-2013: Chinese hackers have been caught hijacking a decoy US water plant. [Gizmodo] [MIT Technology Review] [HardOCP]
02-08-2013: Russian's massive Android malware industry revealed. [PCMag]
02-08-2013: FBI turning to private sector to hack phones, exploit unknown security holes. [Engadget]
02-08-2013: Crypto experts issue a call to arms to avert the cryptopocalypse. [Ars Technica]
02-08-2013: How hackers turn Androids to SpyPhones. [Stuff]
02-08-2013: Kerry says drone strikes will stop when all terrorists have been killed. [Gizmodo] [Bloomberg]
02-08-2013: Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages. [Ars Technica] [The Register]
03-08-2013: No easy way to stop BREACH from plucking secrets from HTTPS pages, feds say. [Ars Technica]
07-08-2013: How do you stop HTTPS-defeating BREACH attacks? Let us count the ways. [Ars Technica]
02-08-2013: Is your company Edward Snowden-proof? [IT Brief]
01-08-2013: Hackers induce 'CATASTROPHIC FAILURE' in mock oil well. [The Register]
01-08-2013: The Economist cyberwar debate. [Schneier] [The Economist]
30-07-2013: Russia's post-Snowden spooks have not reverted to type. [The Register]
30-07-2013: The Syrian Electronic Army just hacked another big Twitter account. [Gizmodo] [The Register]
01-08-2013: Syrian Electronic Army no longer just Twitter feed jackers... and that's bad news. [The Register]
29-07-2013: Car key immobiliser hack revelations blocked by UK court. [BBC News] [HardOCP] [The Guardian] [Schneier] [The Telegraph] [TechWorld]
28-07-2013: British boffin muzzled after cracking car codes. [The Register]
27-07-2013: Who is America at war with? Sorry, that's classified. [BoingBoing] [Pro Publica]
26-07-2013: Pay the TSA $85 for quick, fondle-free airport screening. [Wired] [TSA]
25-07-2013: Hacker ring stole 160 million credit cards. [Krebs]
28-07-2013: Five charged in largest financial hacking case in US history. [DailyTech] [BGR]
29-07-2013: 'World's BIGGEST online fraud': Suspect's phone had 'location' switched on. [The Register]
25-07-2013: Feds identify the young Russians behind the top US cyber thefts in the last 7 years. [Wired]
25-07-2013: Major SIM card security flaw uncovered. [THG] [BGR] [NYT] [ExtremeTech] [Ars Technica] [iMore]
01-08-2013: SIM card hack inspires quick fix by carriers. [CNN] [HardOCP] [SlashGear]
25-07-2013: Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000. [The Register]
24-07-2013: NSA implements two-man control for sysadmins. [Schneier] [CBS News]
23-07-2013: Viber hacked by Syrian Electronic Army. [CoolSmartPhone] [TechCrunch] [iMore]
23-07-2013: Tango chat app hacked claims Syrian Electronic Army. [BBC News]
22-07-2013: The world's biggest data breaches visualised. [Gizmodo] [Information is Beautiful]
22-07-2013: Major SIM card security flaw puts hundreds of millions of devices at risk. [BGR] [NYT] [ExtremeTech] [Ars Technica] [iMore]
19-07-2013: Huawei denies spying allegations by former CIA chief. [BBC News] [The Register]
19-07-2013: Huawei tells ex-CIA director, UK government to 'put up or shut up' about spying claims. [Engadget]
18-07-2013: Hackers crippled HALF of world's financial exchanges - report. [The Register]
17-07-2013: Ivory towers besieged by cyberattacks. [ReadWriteWeb] [NYT]
11-07-2013: Lies about spying, and the lying lawmakers who tell them. [BoingBoing] [Washington Post]
10-07-2013: Who's behind the Styx-Crypt exploit pack? [Krebs]
09-07-2013: Look, can we just forget about Snowden for sec... US-China cyber talks held. [The Register] [The Register]
09-07-2013: Snowden blunts US push to curb cyber theft. [Stuff]
09-07-2013: Hard drive-wiping malware that hit South Korea tied to military espionage. [Ars Technica] [Stuff] [The Register]
09-07-2013: Hacker term is misunderstood. [Stuff]
08-07-2013: The 'cyber-attack' threat to London's Olympic ceremony. [BBC News]
08-07-2013: Crooked cops abuse FBI database. [Stuff]
06-07-2013: How Apple continues to make security invisible. [Schneier] [MacWorld]
04-07-2013: Europe gets tougher on cybercriminals. [BBC News]
03-07-2013: Ecuador: our London embassy was bugged. [BoingBoing] [Reuters]
02-07-2013: Security analysis of children. [Schneier] [Microsoft]
01-07-2013: Feds say encryption to foil wiretaps is on the rise. [BoingBoing]
01-07-2013: SIMON and SPECK: new NSA encryption algorithms. [Schneier] [IACR PDF]
01-07-2013: Britain 'under attack' in cyberspace. [BBC News] [BBC News Video]
28-06-2013: Encryption has foiled wiretaps for first time, Feds say. [Wired]
28-06-2013: Carberp code leak stokes copycat fears. [Krebs]
27-06-2013: Attackers sign malware using crypto certificate stolen from Opera Software. [Ars Technica] [The Register]
26-06-2013: Data, meet spies: the unfinished state of web crypto. [cNet]
26-06-2013: Download me—Saying “yes” to the Web’s most dangerous search terms. [Ars Technica]
25-06-2013: SSL: Intercepted today, decrypted tomorrow. [Netcraft]
25-06-2013: Canadian hacker school goes dark after government probe. [Wired]
25-06-2013: Cyber attack hits South Korea websites. [BBC News] [Stuff] [WSJ ATD] [WSJ] [Yahoo News]
26-06-2013: Claims Anonymous behind Korean cyber attack. [Stuff]
27-06-2013: Hacking spree blamed on 'Dark Seoul Gang'. [Stuff]
29-06-2013: Hard drive-wiping malware part of new wave of threats targeting South Korea. [Ars Technica]
01-07-2013: South Korean presidential site loses data. [Stuff]
24-06-2013: US surveillance is not aimed at terrorists. [Bloomberg]
24-06-2013: Spear phishing attack against the FT. [Schneier] [FT Labs]
24-06-2013: YouTube and a DDoS attack. [Google]
23-06-2013: Spate of cyber attacks points to inside India. [WSJ ATD] [WSJ]
23-06-2013: Snowden: US spies on Chinese mobile phone companies, steals SMS data. [SCMP] [The Register]
21-06-2013: The Japanese response to terrorism. [Schneier] [L'Hote]
21-06-2013: US offensive cyberwar policy. [Schneier] [BoingBoing]
21-06-2013: NORKS harbouring 3,000-strong cyber army, claims Seoul. [The Register]
20-06-2013: Hi Vladimir... it's Obama -- the hackers are back. Hello... are you still there? [The Register]
20-06-2013: The US uses vulnerability data for offensive purposes. [Schneier]
20-06-2013: Webcams taken over by hackers, charity warns. [BBC News]
19-06-2013: Schneier: Leaked doc shows USA has started an Internet war. [BoingBoing] [BoingBoing] [CNN]
19-06-2013: Hacker tests limit of US cyber law. [Stuff]
18-06-2013: US and Russia sign cyber security pact. [Stuff]
18-06-2013: Surveillance cameras can be hacked -- expert. [Stuff]
17-06-2013: Project C-43: a final piece of public-key cryptography history. [Schneier] [Techpinions]
15-06-2013: NSA gets early access to zero-day data from Microsoft, others. [Ars Technica]
15-06-2013: CIA spooks picked Amazon's "superior" cloud over IBM. [The Register]
18-06-2013: Amazon's invasion of the CIA is a seismic shift in cloud computing. [Wired]
14-06-2013: A call to arms for banks. [WSJ]
14-06-2013: We want to put a kill switch into your phone, say Feds. [The Register]
13-06-2013: How the NSA could get so smart so fast. [WSJ]
13-06-2013: More on feudal security. [Schneier]
13-06-2013: Eurogeddon? UK banks are more terrified of hackers -- big banker. [The Register]
12-06-2013: The secret war. [BoingBoing] [Wired]
13-06-2013: PRISM snitch claims NSA hacked Chinese targets since 2009. [The Register] [Ars Technica] [TechCrunch]
13-06-2013: Hackers target Iranian Gmail users. [Stuff] [The Register] [BBC News] [Wired]
14-06-2013: Iranian elections bring lull in bank attacks. [Krebs]
12-06-2013: Cisco hints at new security standard. [The Register]
12-06-2013: What the NSA can do with "big data". [Ars Technica]
10-06-2013: Obama faces off China's president: we can't be pals with all this cyber-theft. [The Register]
10-06-2013: Microsoft borks botnet takedown in Citadel snafu. [The Register] [The Register]
08-06-2013: Amazon confirms CIA spook cloud contract. [The Register]
08-06-2013: Under draft bill, EU wants to raise jail time for hackers, botnet operators. [Ars Technica]
08-06-2013: Behold, the world's most sophisticated Android trojan. [Ars Technica] [PocketNow] [SecureList] [BGR] [Stuff]
07-06-2013: Laws of physics say quantum cryptography is unhackable -- it's not. [Wired]
07-06-2013: US to freeze assets of hackers and deport cyber criminals. [HardOCP] [ZDNet]
07-06-2013: Obama orders US to draw up overseas target list for cyber attacks. [The Guardian] [Wired] [Engadget] [Gizmodo] [BoingBoing]
08-06-2013: Guardian publishes third secret NSA document, on cyberwar. [Ars Technica] [The Guardian] [The Register]
06-06-2013: Huawei tech in UK networks: tougher safeguards demanded by MPs. [ZDNet]
06-06-2013: Chinese hackers hacked Barack Obama. [Gizmodo] [NBC News]
14-06-2013: "Guccifer" hacks email, Facebook accounts of Obama appointee who leads US Nuclear Security Agency. [BoingBoing] [The Smoking Gun]
06-06-2013: Huawei controversy flares up again. [Stuff]
06-06-2013: Microsoft, FBI take aim at cyber crime ring. [Stuff] [DailyTech] [HardOCP] [Microsoft]
06-06-2013: Study asks what happened to hacked data? [Stuff]
05-06-2013: Espionage malware infects raft of governments, industries around the world. [Ars Technica]
05-06-2013: Schneider moves on ancient SCADA vulnerability. [The Register]
05-06-2013: Password crackers go green by immersing their GPUs in mineral oil. [Ars Technica]
04-06-2013: Juniper announces availability of data center DDoS protection. [Juniper]
04-06-2013: FDIC: 2011 FIS breach worse than reported. [Krebs]
03-06-2013: Spamhaus-style DDoS attacks: all the hackers are doing it. [The Register]
03-06-2013: Cashout service for ransomware scammers. [Krebs]
02-06-2013: China and the US are going to sit down and talk about all this hacking. [Gizmodo] [NYT]
05-06-2013: China says it has "mountains of data" to accuse US of cyber attacks. [DailyTech]
01-06-2013: USSR's old domain attracts cybercriminals. [Stuff] [Gizmodo] [PhysOrg]
01-06-2013: Some day, you may ditch your two-factor authenticator for an electronic tattoo. [Ars Technica] [HardOCP] [The Register] [DailyTech]
31-05-2013: Apple's two-factor security isn't as good as Microsoft or Google's, say experts. [The Register]
31-05-2013: Syrian Electronic Army fails to crack Israeli water system. [The Register]
30-05-2013: Indonesia to build crack IT-trained military unit to deflect attacks. [The Register]
30-05-2013: Kaspersky plans to reveal source code to avoid Huawei's fate. [The Register]
28-05-2013: Report: Chinese hackers have stolen sensitive US weapon design files. [Gizmodo] [Washington Post] [The Register] [DailyTech] [BBC News]
28-05-2013: Australia: China spy agency hack claims 'will not hit ties'. [BBC News] [Stuff] [NZ Herald]
29-05-2013: Attorney General says Aussie spy data hacked. [Stuff]
25-05-2013: Smart meters: hacking fear ahead of nationwide rollout. [BBC News]
25-05-2013: Google builds bigger crypto keys to make site forgeries harder. [Ars Technica]
25-05-2013: How easy is it to hack a smart meter? [BBC News]
24-05-2013: Syrian Electronic Army: pro-government propaganda, or just trolling for lulz? [The Verge]
23-05-2013: Iran has hacked US energy companies. [Gizmodo] [WSJ]
27-05-2013: Iran fingered for attacks on US power firms. [The Register]
22-05-2013: Hackers find China is land of opportunity. [NYT]
22-05-2013: Reporters use Google, find breach, get branded as "hackers". [Ars Technica]
21-05-2013: Indian 'attacks' Norwegian telco to get at Pakistan, China. [The Register]
21-05-2013: Think your Skype messages get end-to-end encryption? Think again. [BoingBoing] [Ars Technica] [The Register]
20-06-2013: New details of Skype eavesdropping. [Schneier] [NYT]
20-05-2013: UK spooks' candid opinions of the Assange affair revealed. [BoingBoing] [The Guardian]
20-05-2013: DDoS-for-hire service works with blessing of FBI, operator says. [Ars Technica]
18-05-2013: Hacker serving 5-year sentence invents ATM add-on to prevent theft. [Ars Technica] [Gizmodo] [The Register]
18-05-2013: "SpecialisRevelio" Macs use Harry Potter spell to unlock secret backdoor. [Ars Technica]
17-05-2013: FT hacked by Syrian Electronic Army. [Telegraph]
21-05-2013: Syrian hacktivists hijack Telegraph's Facebook, Twitter accounts. [The Register]
17-05-2013: Computer scientist to FBI: don't require all our devices to have backdoors for spies. [BoingBoing] [Freedom to Tinker]
17-05-2013: Cybersecurity a challenge even for experts. [Stuff]
16-05-2013: Terrorists entered witness protection, then fled the US. [Wired]
14-05-2013: Researchers develop algorithm to protect networks from cyber attacks. [Engadget]
14-05-2013: Russia busts CIA spy and his Gmail. [Wired] [The Register]
14-05-2013: Obama's DoJ caught spying on AP in hunt for leakers. [DailyTech]
13-05-2013: DDoS services advertise openly, take PayPal. [Krebs]
12-05-2013: Cyberattacks against US corporations are on the rise. [NYT]
09-05-2013: Cyberthieves yank $45 million in sophisticated ATM hack. [Engadget] [Gizmodo] [ReadWriteWeb] [BoingBoing] [Ars Technica]
11-05-2013: Group arrested in alleged ATM cybercrime. [WSJ ATD]
09-05-2013: How The Onion was hacked by the Syrian Electronic Army. [Gizmodo]
10-05-2013: Anatomy of a state-sponsored phishing attack: how the Syrian Electronic Army hacked The Onion. [BoingBoing] [The Onion] [The Register]
06-05-2013: China's Internet security giant Qihoo planning global domination. [The Register]
07-05-2013: China sees cyberwar as reducing US advantage in future conflict. [WSJ ATD]
07-05-2013: US DoD fingers China as top cyber threat. [The Register] [Gizmodo]
08-05-2013: China dismisses Pentagon report claiming Beijing is using cyber attacks. [DailyTech]
13-05-2013: China: online predator or hapless host? [The Register]
20-05-2013: Chinese army cyberunit apparently attacking US targets again. [ReadWriteWeb]
21-05-2013: Chinese hackers who breached Google gained access to sensitive data, US officials say. [Washington Post] [Stuff]
22-05-2013: Chinese hackers accessed law enforcement targets? [HardOCP] [ComputerWorld]
04-05-2013: Indictment: sysadmin passed over for promotion quits, then strikes back. [Ars Technica]
03-05-2013: Pentagon warns North Korea could become a hacker haven. [Wired]
03-05-2013: Not only is James Bond fictional, he's not a fair representation of intelligence. [The Register]
03-05-2013: Alleged SpyEye seller 'Bx1' extradited to the US. [Krebs] [Ars Technica]
03-05-2013: Chinese 'spy' caught with NASA laptop full of porn, not secrets. [Ars Technica] [HardOCP] [Bloomberg]
02-05-2013: Chinese attack sucks secrets from US defence contractor. [The Register] [Ars Technica]
30-04-2013: Washington hospital hit by $1.03 million cyberheist. [Krebs] [Schneier]
30-04-2013: Open IP ports let anyone track ships on the Internet. [Ars Technica]
26-04-2013: New Zealand cybersecurity fears rising. [NZ Herald]
23-04-2013: Akamai: DDoS attacks tripled year-over-year in 2012, China ranks as biggest offender. [Engadget]
23-04-2013: China main source of attacks in 2012. [ZDNet]
23-04-2013: Air Force wins cyber war with NSA hackers. [Stuff]
20-04-2013: The Boston Marathon bomber manhunt. [Schneier]
20-04-2013: Reddit hit with massive DDoS attack. [HardOCP] [TechCrunch]
18-03-2013: The Nemin.gen trojan. [Schneier] [Dark Reading]
16-04-2013: Syrian electronic army hacks NPR, vandalises headlines. [NakedSecurity] [Ars Technica]
16-04-2013: Lookout shows just how easy it is to hack a phone -- and how you can prevent it. [WSJ ATD]
16-04-2013: If you see something, say something: liveblogging from a lecture about terrorism, security, and visual narratives. [BoingBoing]
15-04-2013: WordPress site attacked by cybercriminals. [Trusted Reviews]
15-04-2013: Hackers train for cybersecurity jobs. [Stuff]
14-04-2013: Wireless IP cameras open to hijacking over the Internet. [HardOCP] [ComputerWorld]
13-04-2013: Computer security legend Mudge leaves DARPA for Google job. [WSJ ATD]
13-04-2013: Brute force attacks build WordPress botnet. [Krebs] [TechCrunch] [Ars Technica]
12-04-2013: Cyber-ring attacks game companies for years. [Stuff]
10-04-2013: Replacing passwords with passthoughts. [Stuff]
07-04-2013: John Key refuses to confirm China link to cyber attacks. [NZ Herald]
05-04-2013: Alleged botnet mastermind and his coders busted by Russian, Ukranian security. [Ars Technica] [Krebs]
05-04-2013: Possible security disasters loom with rollout of new top-level domains. [Ars Technica]
04-04-2013: Advance, persistent threats get more advanced, persistent and threatening. [The Register]
03-04-2013: In wake of gTLD security criticism, ICANN announces emergency back-up registry operators. [ComputerWorld]
02-04-2013: DNSSEC adpotion is slow for government agencies. [Secure64]
11-04-2013: DNSSEC and Google's public DNS service. [Geoff Huston]
01-04-2013: DHS warns of TDoS extortion attacks on public emergency networks. [Krebs]
27-03-2013: Global internet slows after biggest attack in history. [BBC News] [NZ Herald] [The Register] [BoingBoing] [NYT] [Ars Technica] [ExtremeTech] [Stuff]
27-03-2013: The DDoS that almost broke the Internet. [CloudFlare]
27-03-2013: Cyber attack on spam fighter said to be over. [WSJ]
27-03-2013: Who's to blame for the huge cyberattack slowing down the web? Your ISP. [ReadWriteWeb]
27-03-2013: The Internet war apocalypse is a lie. [BoingBoing] [Gizmodo]
29-03-2013: When spammers go to war: behind the Spamhaus DDoS. [Ars Technica]
29-03-2013: How Spamhaus' attackers turned DNS into a weapon of mass destruction. [Ars Technica]
29-03-2013: Provocateur comes into view after cyberattack. [NYT]
30-03-2013: Yes, this week's DDoS attack was huge, and part of an ominous trend. [ReadWriteWeb]
03-04-2013: Can a DDoS break the Internet? Sure... just not all of it. [Ars Technica]
26-04-2013: Police arrest suspect in biggest DDoS attack in history. [The Register] [Stuff] [NZ Herald] [Krebs] [BGR]
29-03-2013: Cyberattack suspect had 'bunker' in north Spain. [NZ Herald]
29-03-2013: Dutchman accused of launching biggest cyberattack in history. [NZ Herald]
29-04-2013: Spamhaus hacking suspect had mobile attack van. [BBC News]
30-04-2013: Cyberattack suspect to be sent to Netherlands. [Stuff]
20-05-2013: The man who 'nearly broke the Internet'. [The Guardian]
27-03-2013: GCHQ attempts to downplay amazing paintext password blunder. [The Register]
25-03-2013: North Korea training cyber warriors. [Stuff]
22-03-2013: Filesharing made invisible. [NZ Herald]
21-03-2013: Privacy 101: Skype leaks your location. [Krebs]
21-03-2013: Whole Internet probed for insecure devices. [BBC News]
21-03-2013: Decade-old espionage malware found targeting government computers. [Ars Technica]
20-03-2013: Tone down the cyberwarfare rhetoric, expert urges Congress. [Wired] [ThreatPost]
20-03-2013: South Korean TV networks, banks suffer suspect cyber attack. [Google News] [BBC News]
21-03-2013: Chinese address source of Korean cyberattack. [Stuff] [BBC News] [Reuters]
21-03-2013: Your hard drive will self-destruct at 2pm: inside the South Korean cyberattack. [Ars Tecnica] [WSJ ATD]
10-04-2013: South Korea blames North for bank and TV cyber attacks. [BBC News] [Stuff] [The Register] [Yahoo News] [Ars Technica]
20-03-2013: SCADA honeypots attract swarm of international hackers. [The Register]
20-03-2013: Cisco switches to weaker hasing scheme, passwords cracked wide open. [Ars Technica]
20-03-2013: Chameleon botnet steals millions from advertisers with fake mouseclicks. [Ars Technica]
19-03-2013: Cyberwar manual lays down rules for online attacks. [AP] [CCDCOE]
19-03-2013: Here's a reminder not to tell your foreign lover US nuke secrets. [Wired]
19-03-2013: Google implements DNSSEC validation for public DNS. [SecurityWeek]
19-03-2013: CloudFlare goes down, cites router issue in DDoS attack. [EtherealMind]
18-03-2013: LA Times hack: security breach or harmless prank? [NZ Herald]
16-03-2013: National security letters ruled unconstitutional. [The Register] [Ars Technica] [BoingBoing] [EFF]
15-03-2013: Half of all spam comes from only 20 ISPs. [HardOCP] [BBC News]
15-03-2013: CCTV hack takes casino for $33 million in poker losses. [The Register] [BoingBoing] [Herald Sun]
15-03-2013: Internet security writer DDoS'd, visited by armed SWAT team who'd bee hoaxed. [BoingBoing] [Krebs] [Ars Technica] [The Verge]
18-03-2013: The obscurest epoch is today. [Krebs]
19-03-2013: Same hacker may have targeted Ars, reporter Krebs, and Wired's Honan. [Ars Technica] [Gizmodo]
15-03-2013: North Korea says US behind hack attack. [BBC News]
15-03-2013: Renesys confirms network outages -- maybe attacks -- in North Korea. [WSJ ATD]
15-03-2013: Backdoor daemon in HP LaserJets. [The Register]
14-03-2013: Al-Qaeda lacks expertise for cyberwar, experts tell MPs. [BBC News]
14-03-2013: US national vulnerability database hacked. [The Register]
14-03-2013: Nationalism on the Internet. [Schneier]
14-03-2013: The hackers are winning. [ReadWriteWeb]
14-03-2013: For the first time, US military says it would use offensive cyberweapons. [Ars Technica]
13-03-2013: Impact of Manning case on media: death to whistleblowers? [BoingBoing] [NYT]
13-03-2013: In case you missed: Bradley Manning has a voice. [BoingBoing]
18-03-2013: Correcting error-ridden WSJ column prasising "aiding the enemy" charge for Manning, Wikileaks. [BoingBoing] [FotPF]
13-03-2013: The NSA is training 13 teams of covert hackers to attack other countries. [Gizmodo]
13-03-2013: Security theatre on the Wells Fargo website. [Schneier] [Y-Combinator]
13-03-2013: US steps up alarm over cyberattacks. [WSJ]
13-03-2013: Michelle Obama's personal data hacked, leaked. [NZ Herald] [The Register]
13-03-2013: Top credit agencies say hackers stole celebrity reports. [Bloomberg]
11-03-2013: Inside the Sistine Chapel's security tech for the papal election. [Gizmodo] [Reuters]
10-03-2013: Iran blocks use of tool to get around Internet filter. [Reuters] [Stuff] [Engadget] [DailyTech]
08-03-2013: Ross Anderson's Security Engineering online. [Schneier] [Security Engineering]
08-03-2013: Oxford University blocks Google Docs. [Schneier] [OxCERT]
07-03-2013: How the FBI intercepts cell phone data. [Schneier] [Slate]
01-03-2013: Phishing has gotten very good. [Schneier] [BBC News]
28-02-2013: Bizarre old-school spyware attacks governmnets, sports mark of the beast. [Ars Technica]
27-02-2013: Spyware implanted in PDFs has been sneaking into government computers worldwide. [Gizmodo] [SecureList]
26-02-2013: Stop saying "cyber Pearl Harbour", RSA boss pleads. [The Register]
26-02-2013: Impossible battle: hackers everywhere. [Stuff]
25-02-2013: The shortage of US cyberwarriors. [HardOCP] [National Journal]
25-02-2013: Bypassing Google's two-factor authentication. [Duo Security] [Gizmodo]
25-02-2013: Juniper announces next-generation security for the data center. [Juniper]
24-02-2013: Deconstructing web attack trends in 2012. [Juniper]
23-02-2013: Some offshore oil rigs have been incapacitated by malware. [Gizmodo] [Houston Chronicle]
22-02-2013: The incredible rise and fall of a hacker who found the secrets of the next Xbox and Playstation -- and maybe more. [Kotaku]
22-02-2013: Hacking the Papal election. [Schneier]
22-02-2013: All those companies that can't afford dedicated security. [Schneier] [Dark Reading]
20-02-2013: An update on our war against account hijackers. [Google] [TechCrunch]
19-02-2013: This is the site likely responsible for the recent major tech company hacks. [WSJ ATD]
19-02-2013: Shocking expose of China's black PR industry implicating government officials is quickly deleted from the web. [Tech In Asia]
19-02-2013: 19th century traffic analysis (using social engineering). [Schneier]
19-02-2013: DDoS attack on bank hid $900k cyberheist. [Krebs]
18-02-2013: More state-sponsored hacking. [Schneier] [Schneier] [The Register] [The Register]
18-02-2013: Car data surveillance and the future of black boxes. [Schneier]
15-02-2013: Guessing smartphone PINs by monitoring the accelerometer. [Schneier] [BBC News]
14-02-2013: A Chinese hacker's identify unmasked. [HardOCP] [BusinessWeek]
13-02-2013: New al Qaeda encryption tool. [Schneier] [HStoday]
12-02-2013: UK doesn't have the SKILLS to save itself from cyber threats. [The Register]
11-02-2013: President to issue order on cyber attack defense? [HardOCP] [Reuters] [Wired] [Stuff] [Twitter] [The Hill] [Engadget] [Gizmodo] [The Register]
11-02-2013: Barack Obama is the first cyber war president, but a president can't win a cyber war. [Fast Company]
12-02-2013: Obama's cybersecurity executive order scores much better than CISPA on privacy. [Forbes]
13-02-2013: Obama's cybersecurity order aims for a restart with Congress. [WSJ ATD]
14-02-2013: Obama, cybersecurity, and the return of CISPA. [ReadWriteWeb]
10-02-2013: How a security ninja cracked the password guarding his most valuable assets. [Ars Technica]
09-02-2013: Crooks steal security firm's crypto key -- use it to sign malware. [Ars Technica]
09-02-2013: George Bush hacked -- emails & pics leaked. [Stuff] [BBC News]
08-02-2013: Millenials and cybersecurity. [Schneier] [Duke PDF]
08-02-2013: Security firm Bit9 hacked -- used to spread malware. [Krebs]
13-02-2013: Bit9 breach began in July 2012. [Krebs]
08-02-2013: Kids using coding skills to hack friends on games. [BBC News]
07-02-2013: Massive search fraud botnet seized by Microsoft and Symantec. [Ars Technica] [The Register] [Krebs] [BBC News]
05-02-2013: The Federal Reserve said it was hacked. [Gizmodo] [Reuters]
05-02-2013: DNSSEC deployment lags. [Secure64]
04-02-2013: Flaw flood busts bug bank. [Krebs]
01-02-2013: Pentagon staffs up US Cyber Command. [Schneier] [Washington Post] [NZ Herald]
01-02-2013: Quantum crypto still not proven, claim Cambridge experts. [The Register]
06-02-2013: Why is quantum computing so hard? [Schneier] [Light Blue Touchpaper]
31-01-2013: Report: DDoS attacks now more angry, complex and targeted. [The Register] [Arbor Networks]
31-01-2013: Snooping on movement can reveal smartphone PINs. [The Register]
31-01-2013: Great Firewall architects fingered for GitHub attack. [The Register]
30-01-2013: Con artist woman banned from the Internet. [HardOCP] [StarPhoenix]
30-01-2013: 5 security holes almost everyone is vulnerable to. [Lifehacker]
29-01-2013: 5 years after major DNS flaw is discovered, few US companies have deployed long-term fix. [NetworkWorld]
29-01-2013: UPnP flaw puts millions of PCs at risk. [cNet] [Wired] [Ars Technica]
29-01-2013: Smartphone sensors reveal security secrets. [BBC News]
28-01-2013: Lots of security cameras are wide open. [Gizmodo] [Forbes] [The Register] [ExtremeTech]
28-01-2013: Big bank mules target small bank businesses. [Krebs]
27-01-2013: Pentagon expanding cybersecurity force to protect networks against attacks. [NYT]
24-01-2013: Backdoors found in Barracuda Networks gear. [Krebs] [Schneier]
23-01-2013: Three men charged in connection with 'Gozi' trojan. [Krebs]
22-01-2013: Canadian student expelled for playing security "white hat". [Ars Technica] [Wired]
19-01-2013: Polish takedown targets 'Virus' botnet. [Krebs]
18-01-2013: Google declares war on the password. [HardOCP] [Wired] [Ars Technica] [Gizmodo] [Engadget] [Stuff] [Schneier]
21-01-2013: 'End of passwords' predictions are premature -- Cambridge boffin. [The Register]
17-01-2013: Man-in-the-middle attack against browser encryption. [Schneier] [GigaOM] [ZDNet]
17-01-2013: Why hackers should fear what they write. [Stuff] [Schneier] [SMH]
16-01-2013: Two US power plants infected with malware spread via USB drives. [Ars Technica] [BBC News] [Gizmodo]
11-01-2013: Everything we know so far about drone strikes. [ProPublica]
11-01-2013: US government warns over vulnerable control systems. [BBC News]
10-01-2013: Government unable to define 'Homeland Security'. [Wired]
09-01-2013: Iran is behind recent spate of cyber attacks on banks. [Gizmodo] [NYT]
09-01-2013: Boffins hide messages in Skype "silence packets". [The Register] [The Register] [BoingBoing]
05-01-2013: Security pros predict "major" cyber terror attack this year. [Ars Technica]
03-01-2013: Turkish registrar enabled phishers to spoof Google. [Krebs]
2012 – News
29-12-2012: Looking back: the five most important security stories of 2012. [Ars Technica]
28-12-2012: I seem to be a verb. [Schneier]
26-12-2012: Hackers use backdoor to break system. [Schneier] [Wired]
25-12-2012: Digital feudalism, cyberterrorism, and zombie SOPA. [ReadWriteWeb]
24-12-2012: Where OS X security stands after a volatile 2012. [Ars Technica]
23-12-2012: NSA targeting domestic computer systems in secret test. [cNet]
21-12-2012: This week's overreactions. [Schneier]
21-12-2012: Obama unveils online information sharing strategy to fight cyberterrorism. [ReadWriteWeb]
20-12-2012: PGP, TrueCrypt-encrypted files cracked by £300 tool. [The Register]
22-12-2012: Still putting your crypto-protected PC in hibernate? $300 app can hack it. [Ars Technica]
19-12-2012: Top trends in cyber attacks 2012. [Juniper]
19-12-2012: Information age law enforcement techniques. [Schneier] [Hacker10]
PDF attached below: Use_of_Internet_for_Terrorist_Purposes.pdf
14-12-2012: China tightens 'Great Firewall' Internet control with new technology. [Schneier] [The Guardian]
21-12-2012: Apple uses HTTPS in China, thwarts censors. [TUAW]
28-12-2012: China requires Internet users to register names. [HardOCP] [Yahoo]
28-12-2012: China is turning its ISPs into Internet police. [ExtremeTech]
14-12-2012: Police use 24/7 power grid recordings to spot doctored audio. [The Register]
14-12-2012: Intruders hack industrial heating system using backdoor posted online. [Ars Technica]
12-12-2012: Feds smash international cybercrime ring with power of Facebook. [The Register] [Wired] [Gizmodo] [FBI] [Chicago Tribune]
12-12-2012: Password ban makes sense. [Stuff]
10-12-2012: Bypassing 2-factor authentication. [Schneier] [TechSpot]
10-12-2012: Espionage attacks against the Ruskies? [Krebs]
10-12-2012: 25-GPU cluster cracks every standard windows pasword in <6 hours. [Ars Technica] [Gizmodo]
07-12-2012: The hardware hackers use to crack your passwords. [Gizmodo] [The Register]
06-12-2012: New attack makes some password cracking faster, easier than ever. [Ars Technica]
04-12-2012: Swiss spy agency warns US, Britain about huge data leak. [Reuters]
04-12-2012: Deleted files linger on. [Stuff]
30-11-2012: The final words of a 15-year-old hacker banned from the Internet. [Gizmodo]
30-11-2012: Hack could let browsers use cloud to carry out big attacks on the cheap. [Ars Technica]
29-11-2012: No VPN? No problem. A new way around China's Great Firewall. [WSJ]
21-11-2012: No more lulz: should Weev, the world's most notorious troll, go to jail for hacking? [Mother Board]
21-11-2012: Risk profiling software tackles the terrorist threat. [BBC News]
20-11-2012: Security firm showcases vulnerabilities in SCADA software, won't report them to vendors. [NetworkWorld]
20-11-2012: Unhackable telecom networks come a step closer. [Stuff] [BBC News]
19-11-2012: Security theater in American diplomatic missions. [Schneier] [NYT]
16-11-2012: Free hacking toolkits fuel cyber arms race. [Stuff]
15-11-2012: The terrorist risk of food trucks. [Schneier]
15-11-2012: Obama signs secret directive to help thwart cyberattacks. [Washington Post] [The Register] [Gizmodo]
14-11-2012: One simple trick could disable a city's 4G phone network. [Gizmodo] [Schneier] [MIT Technology Review]
13-11-2012: US defence firm Lockheed Martin warns on cyber-attacks. [BBC News]
12-11-2012: New report warns of SCADA cybergeddon. [The Register]
08-11-2012: Gary McGraw on natinoal cybersecurity. [Schneier] [TechTarget]
06-11-2012: Need more secure operating systems. [Secure64]
06-11-2012: Cyberheists 'a helluva wake-up call' to small biz. [Krebs]
28-10-2012: Another systematic SCADA vulnerability. [The Register]
26-10-2012: Backdoor in computer controls opens critical infrastructure to hackers. [Ars Technica] [Schneier] [Krebs]
23-10-2012: In cyberattack on Saudi firm, US sees Iran fighting back. [NYT]
22-10-2012: UN calls for 'anti-terror' Internet surveillance. [HardOCP] [cNet]
20-10-2012: US drafts order for infrastructure cyberattacks. [Stuff]
19-10-2012: GitHub hit by DDoS attack second day in a row. [TNW]
10-10-2012: Stoking cyber fears. [Schneier]
09-10-2012: To keep passwords safe from hackers, break them into bits. [Technology Review]
09-10-2012: Story of a CIA burglar. [Schneier] [Smithsonian]
09-10-2012: DDoS attacks get serious. [Secure64]
08-10-2012: US politics: only buy Huawei or ZTE equipment if you like being spied on. [The Register] [MobileBurn] [WSJ ATD]
08-10-2012: Cisco dumps ZTE over alleged Irania spy gear deals. [Wired] [Ars Technica]
08-10-2012: Spies or no spies, US companies should fear Huawei. [Wired]
09-10-2012: ZTE say they pose no threat to the USA. [Tracy and Matt]
09-10-2012: China calls Huawei report "groundless". [WSJ ATD]
10-10-2012: Canadian security move fans fears of Huawei exclusion. [BBC News] [Reuters] [Engadget]
10-10-2012: US panel to probe new wave of complaints against Huawei and ZTE. [Reuters]
10-10-2012: What Huawei and ZTE could actually do to your company. [ReadWriteWeb]
10-10-2012: Huawei's cyber security chief slams US "protectionism". [Forbes]
10-10-2012: Should the UK be worried about Chinese tech firms? [BBC News]
11-10-2012: Huawei's US competitors among those pushing for scrutiny of Chinese tech firm. [Washington Post]
12-10-2012: Huawei: spying risk vs gains. [NZ Herald]
15-10-2012: ZTE shares slide as it forecasts third quarter loss. [BBC News] [Engadget]
17-10-2012: White House: Huawei wasn't spying for China. [Gizmodo] [Engadget] [Reuters] [The Hill] [BBC News]
24-10-2012: Huawei says US stance is 'protectionism'. [The Register]
24-10-2012: Huawei offers access to source code and equipment. [BBC News] [Ars Technica] [ExtremeTech] [Engadget]
26-10-2012: Huawei partner tries to sell US tech to Iran. [The Register]
29-10-2012: The Huawei security problem isn't the hardware, it's engineers fixing the bugs. [EtherealMind]
29-10-2012: Huawei gets US government nod to supply Clearwire network. [The Register]
31-10-2012: Huawei's hacker critics will help company with cyber security. [Hexus] [Reuters]
26-11-2012: Huawei, ZTE ready to share source code with India. [The Times of India]
04-12-2012: Huawei hits back over US 'security threat' claim. [BBC News]
30-12-2012: A Huawei partner offered to sell a whole bunch of embargoed HP gear to Iran. [Gizmodo] [Reuters]
07-01-2013: Los Alamos nuclear weapons lab removes Chinese tech over spying concerns. [Engadget] [Reuters]
13-02-2013: USA sinks Atlantic cable cable over Huawei worries. [The Register]
08-04-2013: Huawei rolls on despite spy controversy. [NZ Herald]
24-04-2013: Hidden dragon Huawei: "We're making increased efforts at transparency." [The Register]
09-05-2013: Huawei founder Ren Zhengfei gives first media interview. [BBC News] [NZ Herald] [DailyTech] [BGR]
27-05-2013: Clearwire to pull Huawei from network. [The Register]
08-10-2012: New developments in captchas. [Schneier] [ReadWriteWeb]
08-10-2012: 'Project Blitzkrieg' promises more aggressive cyberheists against US banks. [Krebs]
05-10-2012: When will we see collisions for SHA-1? [Schneier] [Ars Technica]
01-10-2012: Scary Android malware story. [Schneier] [Gizmodo]
01-10-2012: White House confirms cyber-attack on "unclassified" system. [BBC News] [Gizmodo]
30-09-2012: The ZeroAccess botnet visualised on Google Earth. [THG] [Schneier] [F-Secure]
28-09-2012: Watch the world get attacked by cyber criminals in real time. [Gizmodo] [HoneyMap]
26-09-2012: This is the modem world: I hate passwords. [Engadget]
26-09-2012: The 20 most common PINs are painfully obvious. [Gizmodo]
26-09-2012: Schneider, maker of smart-grid software, hacked. [Wired]
26-09-2012: Chinese hackers blamed for intrusion at energy industry giant Telvent. [Krebs]
25-09-2012: Espionage hackers target "watering hole" sites. [Krebs]
25-09-2012: Secret Microsoft policy limited Hotmail passwords to 16 characters. [Ars Technica]
24-09-2012: SHA-3 to be announced. [Schneier] [NIST]
25-09-2012: SHA-3 hash finalist Schneier calls for halt in crypto contest. [The Register]
23-09-2012: Security researchers identify transit system exploit in San Fran and New Jersey, create app to prove it. [Engadget]
21-09-2012: EU officials proposer Internet cops on patrol, no anonymity and no obscure languages -- because of terrorism. [TechDirt]
20-09-2012: BitTorrent users DDoS websites without knowing. [HardOCP] [TorrentFreak]
20-09-2012: Asian hackers p0wned by Eastern European rivals. [The Register]
19-09-2012: GCHQ in new challenge for cyber security wannabes. [The Register]
19-09-2012: Analysis of PIN data. [Schneier] [DataGenetics] [Lifehacker]
19-09-2012: Malware dragnet snags millions of infected PCs. [Krebs]
19-09-2012: Recent developments in password cracking. [Schneier]
18-09-2012: How to launch a 65Gbps DDoS, and how to stop it. [EtherealMind] [CloudFlare]
14-09-2012: Leaked: here's The White House's draft cybersecurity executive order. [HardOCP] [TechDirt]
14-09-2012: Man-in-the-middle bank fraud attack. [Schneier] [Trusteer]
14-09-2012: UK boffins get £3.8m pot to probe 'science of cyber-security'. [The Register]
13-09-2012: The NSA wants hackers. [HardOCP] [FastCompany]
13-09-2012: Microsoft disrupts 'Nitol' botnet in piracy sweep. [Krebs]
04-10-2012: Chinese Nitol botnet back up after Microsoft settles lawsuit. [The Register]
13-09-2012: Steganography in the wild. [Schneier] [OwnedCore]
13-09-2012: Cracks in Internet's foundation of trust allows HTTPS session hijacking. [Ars Technica] [The Register]
18-09-2012: Many ways to break SSL with CRIME attacks, experts warn. [Ars Technica]
19-10-2012: Internet architects mull changes to fight SSL-busting CRIME attacks. [Ars Technica]
13-09-2012: BlackHole 2.0 gives hackers stealthier ways to pwn. [Ars Technica]
07-09-2012: Botnets, route hijacking, and other security threats. [Secure64]
07-09-2012: Sleuths trace new zero-day attacks to hackers who hit Google. [Wired] [Gizmodo] [Symantec] [Ars Technica]
10-09-2012: Google Aurora hackers at large, launch 0-day bazookas. [The Register]
07-09-2012: Botnet master gets 30-month prison term for renting out infected PCs. [Ars Technica] [HardOCP] [BBC News]
05-09-2012: McAfee threats report shows largest malware rise in four years. [Voxy]
05-09-2012: Secret account in mission-critical router opens power plants to tampering. [Ars Technica] [The Register]
04-09-2012: Al-Jazeera gets the crap hacked out of it. [Gizmodo]
04-09-2012: What Obama won't say in Charlotte: war on terror is done. [Wired]
04-09-2012: Nowhere to hide: secret spy sat agency plans unblinking array. [Wired]
31-08-2012: Google engineer finds British spyware on PCs and smartphones. [The Register]
27-08-2012: Attackers pounce on zero-day Java exploit. [Krebs]
28-08-2012: Researchers: Java zero-day leveraged two flaws. [Krebs]
30-08-2012: Security fix for critical Java flaw released. [Krebs] [The Register]
30-08-2012: Second Java zero-day exploit uncovered. [HardOCP] [MacWorld] [The Register]
01-09-2012: New vulnerabilities found in latest Java update. [HardOCP] [cNet]
03-09-2012: Thanks Java, for that business-wide rootkit infection. [The Register]
05-09-2012: Apple releases fix for critical Java flaw. [Krebs]
26-08-2012: DNS as an attack vector. [BoingBoing] [SkullSecurity]
23-08-2012: An unknown hacker group claims that it shut down the world's largest oil company -- and that they'll do it again. [Gizmodo] [NYT]
28-08-2012: One million accounts leaked in megahack on banks, websites. [The Register]
23-08-2012: Password hints easily extracted from Windows 7, 8. [Ars Technica] [The Register]
23-08-2012: Private crypto key in mission-critical hardware menaces electric grids. [Ars Technica]
22-08-2012: Wikileaks' secrets weren't, says former MI5 chief. [The Register]
22-08-2012: VMware virtual machines targeted by "Crisis" espionage malware. [Ars Technica]
24-08-2012: Crisis believed to be first malware infecting virtual machines. [THG]
21-08-2012: New Frankenstein virus can build itself on any computer from stolen snippets of code. [Gizmodo]
20-08-2012: The view from an Israeli security checkpoint. [Schneier] [Boston Review]
20-08-2012: Inside the Grum botnet. [Krebs]
16-08-2012: White hats publish DDoS hijacking manual, turn tables on attackers. [Ars Technica]
15-08-2012: Automated emails: are you launching a DoS attack on your own company? [ReadWriteWeb]
15-08-2012: Lousy password security on Tesco website. [Schneier] [Troy Hunt]
15-08-2012: "Kill switch" flaw found in to web weapon, victims sigh with relief. [The Register]
13-08-2012: iOS encryption is so good, not even the NSA can hack it. [Gizmodo] [Technology Review]
21-08-2012: Is iOS security really this good? [Schneier]
10-08-2012: Stratfor emails reveal secret, widespread TrapWire surveillance system. [RT]
11-08-2012: TrapWire: WikiLeaks reveals ex-CIA agents running face-recognition profiling company that surveils NYC subways, London stock exchange, Vegas casino, and more. [BoingBoing] [Storify]
10-08-2012: 'Booter shells' turn web sites into weapons. [Krebs]
08-08-2012: WikiLeaks under DDoS attack for a week. [HardOCP] [ZDNet] [Gizmodo]
13-08-2012: AntiLeaks boss: we'll keep pummeling WikiLeaks and Assange. [The Register]
14-08-2012: WikiLeaks website back online after DDoS cyber attack. [BBC News]
08-08-2012: Hacker-smasher: white hats join forces to build bot-beating weapon. [The Register]
08-08-2012: Triple DDoS vs KrebsOnSecurity. [Krebs]
07-08-2012: Lack of DNSSEC deployment on financial services web sites. [Secure64]
06-08-2012: Harvesting data on the Xarvester botmaster. [Krebs]
06-08-2012: Breaking Microsoft's PPTP protocol. [Schneier]
04-08-2012: Huawei: the company that spooked the world. [The Economist] [Gizmodo] [Engadget]
03-08-2012: Quantum key distribution with single photons. [BBC News] [Wired]
03-08-2012: Uptick in cyber attacks on small businesses. [Krebs]
02-08-2012: Anonymous proxy playground. [Juniper]
02-08-2012: Tech support phone scams surge. [Krebs]
02-08-2012: DDoS crooks: do you want us to blitz those phone lines too? [The Register]
02-08-2012: Profile on Eugene Kaspersky. [Schneier] [Wired] [Kaspersky] [Wired]
02-08-2012: Huawei looking into critical router flaw claims. [The Register]
01-08-2012: Rakshasa: the hardware backdoor that China could embed in every computer. [ExtremeTech]
31-07-2012: Email-based malware attacks, July 2012. [Krebs]
29-07-2012: Critics assail 1980s-era hacking law as out of step. [HardOCP] [Reuters]
29-07-2012: WikiLeaks prank targets NYT. [WSJ ATD]
29-07-2012: The fake NYT WikiLeaks op-ed that fooled pretty much everybody. [Gizmodo] [NYT Opinion]
27-07-2012: Defcon 2012 articles:
27-07-2012: Security researcher demonstrates GPS vulnerability that could let hackers track users' location, take over phone. [Android Police]
27-07-2012: Charlie Miller demonstrates hack against NFC. [Juniper] [Forbes]
27-07-2012: NSA director finally greets Defcon hackers. [cNet] [HardOCP] [PCMag]
29-07-2012: Former NSA official disputes claims by NSA chief. [Wired] [Engadget]
31-07-2012: At DEF CON Kids convention, computer hacking is child's play. [ExtremeTech]
26-07-2012: The known unknowns of Skype interception. [Slight Paranoia]
26-07-2012: Security scanner probes 1 million IPs per hour for vulns. [Ars Technica]
25-07-2012: ADS-B air traffic control vulnerabilities. [Gizmodo] [Forbes]
26-07-2012: Air traffic controllers pick the wrong week to quit using radar. [Wired]
25-07-2012: Foreign intelligence agencies are biggest online threat, ex-Fed warns. [The Register]
23-07-2012: Fear of drone GPS hacking raised by Congress as FAA deadline looms. [Ars Technica]
23-07-2012: How the Norwegians reacted to terrorism. [Schneier] [BBC News]
23-07-2012: Norway's foreign minister on why Breivik didn't have a special, secret trial. [BoingBoing] [NYT]
19-07-2012: Unbreakable crypto: stopre a 30-character password in your brain's subconscious memory. [ExtremeTech]
19-07-2012: China lays out glorious eight-point infosec masterplan. [The Register]
18-07-2012: World's third-largest spam botnet is knocked offline for good. [Gizmodo] [FireEye] [Krebs] [BBC News] [HardOCP] [Business Insider]
16-07-2012: Remote scanning technology. [Schneier] [Gizmodo]
16-07-2012: Spy software aims to corral money mules. [Krebs]
15-07-2012: The most important tech company you've never heard of. [BuzzFeed]
12-07-2012: Social networks scan for sexual predators, with uneven results. [Reuters] [Gizmodo]
12-07-2012: All-or-nothing access control for mobile phones. [Schneier] [CMU]
12-07-2012: Dropped USB sticks in parking lot as actual attack vector. [Schneier] [BoingBoing] [Elsevier]
11-07-2012: How the boy next door accidentally built a Syrian spy tool. [Wired]
11-07-2012: Microsoft kills more code-signing certs to stop Flame-like attacks. [Ars Technica]
10-07-2012: Deep packet inspection device purged of flaw that threatened TOR users. [Ars Technica]
09-07-2012: Sensible comments about terrorism. [Schneier] [The Telegraph] [The Atlantic]
09-07-2012: Students hack DHS university drone. [Schneier]
04-07-2012: DDoS blackmailers busted in cross-border swoop. [The Register]
03-07-2012: Commercial espionage virus. [Schneier] [The Telegraph]
29-06-2012: Cable hacker jailed. [BoingBoing] [Wired]
28-06-2012: Nuclear fears. [Schneier] [Scientific American]
27-06-2012: Russian nuclear launch code backup procedure. [Schneier] [RiaNovosti]
27-06-2012: Top Secret America on the post-9/11 cycle of fear and funding. [Schneier] [Amazon]
26-06-2012: "High Roller" hacker attack is stealing hundreds of millions from the rich. [DailyTech]
26-06-2012: Email accounts more valuable than bank accounts. [Schneier] [Elie Bursztein]
26-06-2012: Scientists crack RSA SecurID 800 tokens, steal cryptographic keys. [Ars Technica] [Gizmodo] [The Register]
25-06-2012: Proxy your way to online anonymity. [Wired]
25-06-2012: MI5 fighting 'astonishing' level of cyber attacks. [BBC News] [The Register]
25-06-2012: Resilience. [Schneier]
22-06-2012: Iran: our nuke facilities still under attack by US, Isrealis and MI6. [The Register]
21-06-2012: Tor anonymity developers tell all. [BoingBoing] [Reddit]
19-06-2012: Fujitsu cracks 278-digit crypto. [The Register]
18-06-2012: NSA: it would violate your privacy to say if we spied on you. [Wired]
17-06-2012: Honeynet looks to trap USB malware. [The Register] [Google Code]
16-06-2012: US-CERT discloses security flaw in Intel chips. [HardOCP] [HotForSecurity]
14-06-2012: PGP founder, Navy SEALs uncloak encrypted comms biz. [The Register]
13-06-2012: Teaching the security mindset. [Schneier] [BoingBoing]
14-06-2012: Cheating in online classes. [Schneier]
13-06-2012: Is "big data" intelligence the next big thing in security? [Juniper]
13-06-2012: Exploit posted for vulnerable F5 kit. [The Register]
12-06-2012: Israel demanding passwords at the border. [Schneier] [AustralianIT] [Haaretz]
12-06-2012: James Bond-style malware targets firm that secures industrial systems. [Ars Technica]
11-06-2012: The antivirus era is over. [Technology Review]
09-06-2012: New DoS tool lets a single PC bring down an Apache server. [Ars Technica]
07-06-2012: MD5 password scrambler 'no longer safe'. [ZDNet]
07-06-2012: A bad week for passwords, and one way to make it better. [WSJ ATD]
06-06-2012: Relax hackers -- NATO has no cyber-attack plans -- top brass. [The Register]
06-06-2012: Google starts warning users of state-sponsored computer attacks. [Ars Technica] [BBC News] [The Register] [Engadget] [ReadWriteWeb] [BoingBoing] [Google] [HardOCP] [chron]
05-06-2012: Interesting article on Libyan intelligence gathering. [Schneier] [Wired]
01-06-2012: Post mortem: today's attack, apparent Google Apps/Gmail vulnerability, and how to protect yourself. [CloudFlare]
04-06-2012: The four critical security flaws that resulted in last Friday's hack. [CloudFlare]
30-05-2012: White House prepares to convene anti-botnet summit. [HardOCP] [cNet] [Engadget] [Bloomberg]
29-05-2012: Interview with a safecracker. [Schneier] [BoingBoing] [McSweeney's]
29-05-2012: Backdoor found (maybe) in Chinese-made military silicon chips. [Schneier] [The Register: article 1, article 2] [Information Age] [ComputerWorld]
25-05-2012: Chinese DDoS attack takes down UK domain registrar. [THG]
16-05-2012: Wikileaks has been under DDoS attack for the last three days. [ZDNet]
16-05-2012: The Pirate Bay hit by DDoS attack. [BBC News] [DailyTech] [Ars Technica] [TorrentFreak]
16-05-2012: Pirate Bay struggling to get on feet after DDoS to the knee. [The Register]
17-05-2012: The Pirate Bay returns, Anonymous hater takes credit for DDoS. [ZDNet]
10-05-2012: Norwegian teens arrested over SOCA DDoS attack. [The Register]
09-05-2012: Ustream is pissed about DDoS attack, may launch Russian site tomorrow. [VentureBeat]
09-05-2012: Queen unveils draft Internet super-snoop bill -- with clauses. [The Register]
04-05-2012: Everyone has been hacked -- now what? [Wired] [Gizmodo]
04-05-2012: FBI wants backdoors in Facebook, Skype and instant messaging. [Wired] [Engadget]
29-04-2012: Skype reveals remote and local IP address of all online users. [Ghacks] [Gizmodo]
27-04-2012: The hard drives most likely to expose your data aren't your own. [Ars Technica]
27-04-2012: Attack mitigation. [Schneier]
25-04-2012: Backdoor in mission-critical hardware threatens power, traffic-control systems. [Ars Technica] [Wired] [Schneier]
27-04-2012: Backdoor that threatens power stations to be purged from control systems. [Ars Technica]
30-04-2012: Equipment maker caught installing backdoor vows to fix following public pressure. [Wired]
25-04-2012: The world's five biggest cyber threats. [BBC News]
23-04-2012: Turing's rapid Nazi Enigma code-breaking secret revealed. [The Register]
17-04-2012: Forever-day bugs. [Schneier]
16-04-2012: Feds shutter online narcotics store that used TOR to hide its tracks. [Ars Technica]
13-04-2012: Disguising TOR traffic as Skype video calls. [Schneier]
12-04-2012: Bomb threats as a denial of service attack. [Schneier]
12-04-2012: CIA's secret fear: high-tech border checks will blow spies' cover. [Wired]
10-04-2012: Teenagers and privacy. [Schneier] [MediaShift]
07-04-2012: What Facebook sends the cops when your account is subpoenaed. [Gizmodo] [The Boston Phoenix]
06-04-2012: Watch out, white hats -- the EU moves to criminalise hacking tools. [Wired]
03-04-2012: Tor traffic disguised as Skype video calls to fool repressive governments. [Ars Technica]
03-04-2012: Law enforcement forensics tools against smartphones. [Schneier]
03-04-2012: Documents show cops making up the rules on mobile surveillance. [Ars Technica]
03-04-2012: How Apple and Google help police bypass lock screens. [HardOCP] [cNet]
02-04-2012: Buying exploits on the grey market. [Schneier] [ZDNet]
01-04-2012: UK to announce real-time phone, email, web traffic monitoring. [ZDNet]
02-04-2012: Campaigners criticise email and web monitoring plan. [BBC News]
01-04-2012: Hackers politely deface security firm website, suggest fixes. [Ars Technica]
31-03-2012: Police are using phone tracking as routine tool. [Lifehacker] [NYT]
29-03-2012: Harms of post-9/11 airline security. [Schneier]
28-03-2012: NSA: China is destroying US economy via security hacks. [DailyTech]
26-03-2012: Symantec dissolves a Chinese alliance with Huawei. [NYT] [The Register]
26-03-2012: Congressional testimony on the TSA. [BoingBoing] [Schneier] [The Register]
26-03-2012: How hackers could decapitate the Internet. [BBC News]
23-03-2012: Bruce Schneier and former TSA boss Kip Hawley debate air security. [BoingBoing] [The Economist]
29-03-2012: Bruce Schneier hands former TSA boss his ass. [BoingBoing] [The Economist]
22-03-2012: Can the NSA break AES? [Schneier]
15-03-2012: The NSA is building the country's biggest spy center (watch what you say). [HardOCP] [Wired]
14-03-2012: Thousands of emails lifted from Syrian dictator Assad's personal account. [Ars Technica] [The Guardian]
14-03-2012: Cyber attack on BBC leads to suspicion of Iran's involvement. [BBC News] [Hexus]
14-03-2012: On cyberwar hype. [Schneier]
13-03-2012: The security of multi-word passphrases. [BoingBoing] [Schneier] [Light Blue Touchpaper] [PDF] [Ars Technica] [ReadWriteWeb]
15-03-2012: Using common phrases makes your passphrase password useless: here's how to pick a better phrase. [Lifehacker]
03-03-2012: The Pwn Plug is a little white box that can hack your network. [Ars Technica]
02-03-2012: Hackers are winning security war. [HardOCP] [MSNBC]
01-03-2012: State Department redacts Wikileaks cables. [Schneier] [ACLU]
01-03-2012: NSA agents will make all their private calls with a fishbowl. [Gizmodo]
29-02-2012: FBI special agent and counterterrorism expert criticizes the TSA. [Schneier] [BoingBoing] [gManCaseFile]
28-02-2012: Younger generation taking 'sledgehammer' to security. [The Register]
28-02-2012: The tweets that homeland security spooks look for. [BoingBoing] [Animal NY] [Schneier]
28-02-2012: Cyberwar is the new yellowcake. [Schneier] [Wired]
27-02-2012: Between MWC and RSA, worlds of mobility and security collide. [ReadWriteWeb]
24-02-2012: Computer security when traveling to China. [Schneier] [NYT]
23-02-2012: Schneier: government, big data pose bigger 'Net threat than criminals. [Ars Technica]
20-02-2012: First IPv6 DDoS Internet attacks seen. [ZDNet] [ExtremeTech]
19-02-2012: Hackers were scary in 1990. [Gizmodo]
16-02-2012: The FBI might cut off the Internet for millions of people on 8th March. [Gizmodo]
16-02-2012: Lousy random numbers caus insecure public keys. [Schneier]
14-02-2012: The RIAA's dream turns to nightmare -- inside The Pirate Bay's torrent purge. [DailyTech]
14-02-2012: Nortel Networks hackers had "access to everything" for years. [Ars Technica]
15-02-2012: Whistleblower: decade-long Nortel hack 'traced to China'. [The Register]
14-02-2012: VeriSign, a pillar of Internet security, hacked. [BoingBoing] [Credit]
12-02-2012: Microsoft store hacked in India, passwords stored in plain text. [Engadget] [WPsauce]
10-02-2012: Iran blocks HTTPS, cutting off Gmail, Yahoo and other major sites. [ReadWriteWeb] [BoingBoing] [Washington Post] [cNet] [The Next Web]
10-02-2012: As Iran cracks down online, TOR tests undetectable encrypted connections. [Forbes]
13-02-2012: Google confirms Gmail and YouTube blocked in Iran since 10th Feb. [Bloomberg]
13-02-2012: Iranians get some services back. [The Register]
14-02-2012: Internet crackdown in Iran continues, but TOR users are all back online. [Ars Technica]
20-02-2012: Internet again disrupted in Iran ahead of election. [Reuters]
09-02-2012: A Valentine's Day present for SCADA companies: new exploit tools. [Ars Technica]
09-02-2012: Alleged Foxconn hack allowed bogus orders to be placed for vendors. [AppleInsider] [MacRumors]
08-02-2012: Critics slam SSL authority for minting certificate for impersonating sites. [Ars Technica]
08-02-2012: FBI puts cloud providers on notice over security rules. [Wired]
08-02-2012: Crypto crack makes satellite phones vulnerable to eavesdropping. [Ars Technica]
06-02-2012: Hackers may be able to 'outwit' online banking security devices. [The Register]
06-02-2012: The failure of two-factor authentication. [Schneier] [BBC News]
03-02-2012: Somebody's watching: how a simple exploit lets strangers tap into private security cameras. [The Verge] [BBC News]
03-02-2012: Verisign hacked, successfully and repeatedly, in 2010. [Schneier]
01-02-2012: "Slain" Kelihos botnet still spams from beyond the grave. [Ars Technica] [TechWorld]
28-03-2012: Staggering Kelihos zombie smacked down again. [The Register]
30-01-2012: British tourists arrested in the US for Tweeting. [Schneier] [Daily Mail] [The Register] [Gizmodo]
30-01-2012: The nature of cyberwar. [Schneier] [Internet Evolution]
29-01-2012: FBI to build social network spy app. [HardOCP] [PCWorld]
27-01-2012: Password sharing among American teenagers. [Schneier]
24-01-2012: Encrypting your hard drive no longer works against federal prosecution. [Gizmodo] [cNet] [Ars Technica] [Schneier]
25-01-2012: What decryption orders mean for the Fifth Amendment. [BoingBoing] [EFF]
06-02-2012: Defendant ordered to decrypt laptop may have forgotten password. [Wired] [DailyTech]
13-02-2012: What happens when the court demands you decrypt a document and you forget the key? [Schneier]
19-02-2012: Feds urge court to reject laptop encryption appeal. [Ars Technica]
24-02-2012: Court says cops can't make you decrypt your secure hard drives. [Gizmodo] [Wired]
24-02-2012: Two cases' lessons: if cops don't know what you encrypted, they can't make you decrypt it. [Forbes]
26-02-2012: Password encryption protected under fifth amendment. [HardOCP] [ZDNet] [Ars Technica] [Schneier]
27-02-2012: Child abuse suspect won't be forced to decrypt hard drive. [The Register]
01-03-2012: Feds crack suspect's encrypted drive, avoid Constitution meltdown. [The Register] [HardOCP] [Wired] [DailyTech] [Gizmodo] [Engadget]
23-01-2012: The state of filesharing websites. [Lifehacker] [Reddit]
16-01-2012: New cyber attack hits Israel stock exchange and airline. [BBC News]
15-01-2012: 10 years ago today: Bill Gates kicks arse over security. [The Register]
14-01-2012: Recursive phishing email. [BoingBoing] [Wired]
13-01-2012: US military access cards cracked by Chinese hackers. [The Register]
13-01-2012: What are magnet links, and how do I use them to download torrents? [Lifehacker]
13-01-2012: The Pirate Bay dropping torrents after magnetic attraction. [The Register] [Ars Technica] [ExtremeTech] [HardOCP]
13-01-2012: Recovering a hacked Gmail account. [Schneier] [The Atlantic]
13-01-2012: 'Going dark' vs 'Golden age of surveillance'. [Schneier]
12-01-2012: Abolish the DHS. [Schneier]
12-01-2012: A theory of online jihadist sites. [Schneier]
12-01-2012: Apple split-key patent. [Schneier] [Patently Apple]
12-01-2012: WEF report: cyber-attack risk to global stability is real. [The Register]
10-01-2012: Collecting expert predictions about terrorist attacks. [Schneier]
09-01-2012: Top German cop uses spyware on daughter, gets hacked in retaliation. [Ars Technica]
09-01-2012: Stealing source code. [Schneier]
09-01-2012: The TSA proves its own irrelevance. [Schneier] [BoingBoing]
08-01-2012: Hackers expose defence and intelligence officials in the US and UK. [The Guardian]
07-01-2012: Israel vows to retaliate after credit cards are hacked. [BBC News]
05-01-2012: Feds want judge to force suspect to give up laptop password. [Wired]
05-01-2012: ETrade suffers DDoS festive treat. [The Register]
04-01-2012: Sending coded messages with postage stamps. [Schneier] [Rio Wang]
01-01-2012: How US spy satellite photography worked before digital technology. [PetaPixel] [The Atlantic]
01-01-2012: How scary was the Internet in 2011? [WSJ ATD]
2011 – News
29-12-2011: Courts revives NSA dragnet surveillance case. [Wired] [The Register] [Ars Technica]
29-12-2011: Opinion: we must resist over-hyping security threats. [BBC News]
27-12-2011: GSM phones vulnerable to hijack scams. [HardOCP] [Yahoo]
26-12-2011: AntiSec hits private Intel firm, millions of docs allegedly lifted. [Wired]
26-12-2011: "I built spy satellites for a living." [BoingBoing] [Canadian Business]
26-12-2011: Most cellular networks worldwide vulnerable to attack, researcher says. [WSJ ATD]
26-12-2011: Hacking Subway's PoS system. [Schneier] [Ars Technica]
23-12-2011: Walk through an airport with Bruce Schneier. [BoingBoing] [Vanity Fair] [Schneier]
15-12-2011: US spy drone hijacked with GPS spoof hack. [The Register] [Gizmodo]
16-12-2011: More on the captured US drone. [Schneier]
14-12-2011: SCADA vulnerability imperils critical infrastructure. [The Register]
06-12-2011: How do you reassemble shredded documents? [BBC News]
06-12-2011: Security problems with US cloud providers. [Schneier]
01-12-2011: Does multi-factor authentication security make you feel secure? [Juniper]
01-12-2011: Recognising critical infrastructure protection month. [DHS]
29-11-2011: Tens of millions of HP LaserJet printers vulnerable to remote hacking. [ExtremeTech] [HardOCP] [MSNBC] [Wired] [Gizmodo]
30-11-2011: HP douses firebomb printer hack threat. [The Register]
02-12-2011: Hacking printers and setting them on fire. [Schneier]
23-12-2011: HP plugs security hole with LaserJet firmware update, says no record of printers set ablaze by hackers. [TechCrunch] [Engadget]
30-12-2011: Printer malware: print a malicious document, expose your whole LAN. [BoingBoing] [CCC]
06-01-2012: Time to patch your HP printers. [Schneier]
29-11-2011: Security system as a marker for high-value targets. [Schneier]
29-11-2011: Shopper surveillance using cell phones. [Schneier]
29-11-2011: Schneier: teens and treaties -- our cyber-war saviours. [The Register]
23-11-2011: The pest who shames companies into fixing security flaws. [Wired]
22-11-2011: Palantir -- the war on terror's secret weapon. [Bloomberg]
22-11-2011: Google mail crypto tweak makes eavesdropping harder. [The Register]
22-11-2011: Nervous London bankers run mock cyberattack exercise. [The Register]
21-11-2011: Hezbollah captured American spies by tracking cellphone data with commercially available software. [Gizmodo]
21-11-2011: Hack against SCADA system. [Schneier]
23-11-2011: FBI plays down claim that hackers damaged US water pump. [BBC News] [Engadget] [Washington Post]
02-12-2011: Pump hack attack 'false alarm' linked to holiday. [BBC News]
18-11-2011: US government to investigate Huawei, ZTE for security threats. [Mobile Burn]
17-11-2011: Exclusive: lax security at NASDAQ helped hackers. [Reuters]
16-11-2011: Sam Harris on self-defense. [Schneier] [Sam Harris]
15-11-2011: 4chan hit by DDoS attack, struggling to get back online. [Ars Technica]
15-11-2011: Tor launches do-it-yourself privacy bridge in Amazon cloud. [Ars Technica]
14-11-2011: F-Secure finds rare digitally signed malware. [CNet]
14-11-2011: World's stealthiest rootkit pushes DNS hijacking trojan. [The Register]
11-11-2011: Commentary on strong passwords. [Schneier]
10-11-2011: NetApp faces probe into Syrian spooks' use of its storage kit. [The Register]
08-11-2011: China's Huawei denies aiding censorship and tracking efforts in Iran. [TheNextWeb]
07-11-2011: The Darknet Project: netroot activists dream of global mesh network. [Ars Technica]
07-11-2011: DARPA begs hackers: secure our networks, end 'season of darkness'. [Wired]
04-11-2011: The CIA is tracking you on Twitter, Facebook. [HardOCP] [Yahoo News]
03-11-2011: Underage children on Facebook. [Schneier]
02-11-2011: Socialbots used by researchers to 'steal' Facebook data. [BBC News] [Gizmodo]
31-10-2011: Facebook's Swedish data center will be subject to Snoop Law. [The Register]
31-10-2011: Top GCHQ spook warns of 'disturbing' levels of cyber-raids. [The Register]
31-10-2011: Cell phone surveillance system. [Schneier]
31-10-2011: Why Gigamon scares the crap out of me. [Evil Routers]
28-10-2011: Gigamon... fixing problems you didn't know about. [Standalone Sysadmin]
28-10-2011: TOR Project patches critical flaw in its anonymising network. [Ars Technica]
28-10-2011: US firm acknowledges Syria uses its gear to block web. [WSJ ATD] [WSJ Technology]
26-10-2011: What governments worldwide want Google to take down. [Gizmodo] [Google] [The Register]
26-10-2011: Why the FBI's "new Internet" is a dumb idea. [The Register]
21-10-2011: World's stealthiest rootkit gets a makeover. [The Register]
20-10-2011: Random passwords in the wild. [Schneier]
19-10-2011: NSA whistleblower details intelligence cock-ups. [The Register]
19-10-2011: Security firm finds hacker forums forums offer n00b hackers training, lulz. [Ars Technica]
18-10-2011: Discovering what Facebook knows about you. [Schneier] [Identity Blog]
17-10-2011: Criminal uses of crowdsourcing. [Schneier] [Forbes]
11-10-2011: Microsoft security intelligence report puts "zero-day" threat into context. [HardOCP] [Microsoft]
11-10-2011: Infosec 'needs warrior cryptoboffins' to beat hackers. [The Register]
10-10-2011: US drones have a computer virus. [Schneier] [Ars Technica] [Reuters]
07-10-2011: FBI-sponsored back-doors. [Schneier]
15-10-2011: Impressed by FBI trojan, Germans write their own -- and national scandal ensues. [Ars Technica]
29-09-2011: The inside story of the Kelihos botnet takedown. [ThreatPost] [Ars Technica] [Gizmodo]
27-09-2011: Kevin Mitnick rates today's blackhats. [Wired]
20-09-2011: Complex electronic banking fraud in Malaysia. [Schneier] [The Sun Daily]
16-09-2011: Domain-in-the-middle attacks. [Schneier] [Wired]
07-09-2011: Outing a CIA agent. [Schneier] [Atlantic Wire]
07-09-2011: How an omniscient Internet 'sextortionist' ruined the lives of teen girls. [Wired]
06-09-2011: Tripoli was brought down by a caterer with a bunch of flash drives. [Gizmodo] [Reuters]
06-09-2011: Where are all the terrorists? [Schneier]
01-09-2011: Unredacted US diplomatic WikiLeaks cables published. [Schneier]
10-08-2011: Bruce Schneier's telepathic takeover of the TSA. [Wired]
06-08-2011: AntiSec hackers dump massive cache of law enforcement data. [Softpedia] [Gizmodo] [The Register] [HardOCP] [TechLand]
05-08-2011: Can DARPA fix cybersecurity 'problem from hell'? [Wired]
05-08-2011: Feds hack past anonymity, bust 72 users of child abuse horror site. [Ars Technica]
02-08-2011: Researchers warn of SCADA equipment discoverable via Google. [HardOCP] [CNet News] [Engadget]
02-08-2011: Attacking PLCs controlling prison doors. [Schneier]
26-07-2011: Crypto shocker: 'perfect cipher' dates back to telegraph. [The Register]
21-07-2011: Is there a hacking epidemic? [Schneier]
19-07-2011: How News of the World hacked everbody's phones. [Gizmodo]
12-07-2011: AntiSec exposes US soldiers' S/Ns, passwords, vows attack on Monsanto. [DailyTech]
11-07-2011: AntiSec target learns the hard way that whitelists > blacklists. [Ars Technica]
05-07-2011: Cisco poised to help China keep an eye on its citizens. [WSJ ATD]
04-07-2011: Operation AntiSec lames out again. [The Register]
30-06-2011: There's a botnet called TDL-4 that's virtually indestructable. [Gizmodo]
01-07-2011: A few suggestions for destroying the 'indestructible' botnet. [Network World]
10-07-2011: Microsoft says any botnet can be decapitated, destroyed. [DailyTech]
30-06-2011: Security researchers discover 'indestructible' botnet. [BBC News]
29-06-2011: Yet another "people plug in strange USB sticks" story. [Schneier] [TNW]
29-06-2011: Security vendor applauds LulzSec attacks. [HardOCP] [Net Security]
29-06-2011: Key Internet address server sees spike in traffic. [The Register]
17-06-2011: NSA allies with Internet carriers to thwart cyber attacks against defense firms. [Washington Post]
16-06-2011: Dark corners of the net. [BBC News]
14-06-2011: Hackers broke into Citigroup, and it was easy. [Gizmodo] [NYT]
16-06-2011: Citi says 360k customers hacked in May cyber attack. [Reuters]
13-06-2011: IMF breached in sophisticated hack attack. [Wired]
13-06-2011: Security experts suspect giant IMF hack was backed by sovereign government. [Gizmodo]
12-06-2011: IMF computers lose emails in state-based attack. [Bloomberg]
12-06-2011: IMF hit by 'very major' cyber security attack. [BBC News]
10-06-2011: Character assassination of anon: cyber war, internal strife and beyond. [A World Beyond Borders]
08-06-2011: Attacks on Sony, others show it's open hacking season. [CNET]
06-06-2011: How to secure yourself from GPU password cracking. [ExtremeTech]
02-06-2011: Google mail hack blamed on China. [WSJ ATD]
02-06-2011: Google attack: blaming China 'unacceptable'. [The Telegraph]
03-06-2011: China rejects Google allegation of massive hacking breach as "fabrication". [Washington Post]
03-06-2011: Admin: Gmail phishers stalked victims for months. [The Register]
03-06-2011: Gmail hack targeted White House. [WSJ]
30-05-2011: Phishing sites hosted on Google's servers. [F-Secure]
27-05-2011: China's Blue Army of 30 computer experts could deply cyber warfare on foreign powers. [The Australian]
24-05-2011: New Siemens SCADA vulnerabilities kept secret. [Schneier]
24-05-2011: Researcher blasts Siemens for downplaying SCADA bug. [The Register]
18-05-2011: SCADA hack talk cancelled after US, Siemens request. [CNET News] [The Register]
14-05-2011: Man tracks stolen laptop hundreds of miles away, calls thief. [HardOCP] [Storify]
11-05-2011: Arbor Networks introduces Cloud Signalling; Telstra Clear first to join. [Geekzone]
09-05-2011: Whitehats break out of Google Chrome sandbox. [The Register]
02-05-2011: Apple has nothing over Google when it comes to knowing where you really are. [Scobleizer]
02-05-2011: After botched child porn raid, judge sees the light on IP addresses. [Ars Technica]
03-05-2011: IP address is not a person, bittorrent case judge says. [TorrentFreak]
02-05-2011: Hijacking the Coreflood botnet. [Schneier]
28-04-2011: Unfollowed: how a (possible) social network spy came undone. [Wired]
27-04-2011: Five worst digital security breaches of all time. [Yahoo]
23-04-2011: IP address can now pin down your location to within half a mile. [Ars Technica]
18-04-2011: WikiLeaks cable about Chinese hacking of US networks. [Schneier]
14-04-2011: Behind the largest counterfeit audio sting in history. [Gizmodo] [Wired]
14-04-2011: Ten-year-old, 2 million PC botnet finally killed; stole up to $100m USD. [Daily Tech]
14-04-2011: DoJ, FBI set up command-and-control servers, take down botnet. [Ars Technica]
11-04-2011: How is SSL hopelessly broken? Let us count the ways. [The Register]
07-04-2011: Securing IPv6. [Cisco]
05-04-2011: Symantec report finds cyber threats skyrocket in volume and sophistication. [Geekzone]
31-03-2011: Comodo Group issues bogus SSL certificates. [Schneier]
14-11-2011: More SSL woes. [Schneier]
29-03-2011: Cisco SecureX -- nothing but empty words? [EtherealMind]
28-03-2011: McAfee's website full of security holes, researcher says. [Network World]
22-03-2011: Dozens of exploits released for popular SCADA programs. [The Register]
22-03-2011: Attack code for SCADA vulnerabilities released online. [Wired]
20-03-2011: Death of the Internet predicted, film at your local cineplex. [Ars Technica]
18-03-2011: Hackers tackle SecurID tokens. [BBC News]
07-03-2011: GPS chaos: how a $30 box can jam your life. [Gizmodo]
21-02-2011: Intelligent password storage. [PacketLife]
16-02-2011: NSA reveals it secret: no backdoor in encryption standard. [GCN]
12-02-2011: The cyberweapon that could take down the Internet. [Gizmodo]
14-02-2011: Boffins devise cyberweapon to take down Internet. [The Register]
04-02-2011: No, hackers can't open Hoover Dam's floodgates and kill thousands. [Gizmodo]
26-01-2011: How a country tried to steal its citizens' Facebook passwords. [Gizmodo] [The Atlantic]
25-01-2011: The evolving threat landscape. [Juniper]
17-01-2011: New revelations in the Mahmoud al-Mabhouh assassination. [Schneier] [GQ]
2010 – News
27-12-2010: Flaws spotlighted in Tor anonymity network. [Wired]
16-12-2010: The dogs of cyber war visualised. [Gizmodo] [New Scientist]
14-12-2010: The Internet goes to war. [Arbor Networks]
10-12-2010: The cyber world war: imagining a terrifying scenario. [Daily Mail]
07-12-2010: Giz explains: should you worry about cyber attacks? [Gizmodo]
24-11-2010: Understanding the Internet's insecure routing infrastructure. [Ars Technica]
12-10-2010: 10 most destructive computer worms and viruses ever. [WildAmmo]
30-09-2010: Wiretapping the Internet. [Schneier]
03-09-2010: UAE man-in-the-middle attack against SSL. [Schneier]
01-08-2010: This $1500 system can intercept your cellphone calls. [Gizmodo]
29-07-2010: Security vulnerabilities of smart electricity meters. [Schneier]
30-04-2010: And we thought BGP was insecure. [IOS Hints]
24-03-2010: Law enforcement appliance subverts SSL. [Wired]
03-03-2010: Narus develops a scary sleuth for social media. [IT World] [Slashdot]
02-02-2010: Femtocells wilt under attack. [The Register]
24-01-2010: Chinese hacking and enabling surveillance. [Schneier]
22-01-2010: NSA beats warrantless wiretap rap. [The Register]
22-01-2010: Naked airport body scanner sees everything but the bomby parts. [Gizmodo]
17-01-2010: DDoS -- a problem bigger than you can ever be. [Etherealmind, Arbor Networks]
© Robert Larsen. All rights reserved.