How Logjam Busts Web Site Encryption

There’s a hole in the protection surrounding some of the internet’s supposedly secure websites. A group of researchers has discovered that cyber criminals and other hackers can attack websites that use the “https” security encryption using a method known as “Logjam”. This attack, which is thought to work on around 8% of the top one million websites, allows hackers to see important information that should be protected, such as payment details or private communication.


'Mean Time Before CEO Apologises' Is The Ultimate Security Metric

There are lots of metrics for measuring security readiness and response, but we think this one’s hard to beat: the time between when a security incident occurs at a major company and when the CEO is forced to make a grovelling public apology.


Even Learning About Encryption In Australia Will Soon Be Illegal

You might not think that an academic computer science course could be classified as an export of military technology. But under the Defence Trade Controls Act — which passed into law in April, and will come into force next year — there is a real possibility that even seemingly innocuous educational and research activities could fall foul of Australian defence export control laws.


Don't Panic About The Rombertik Malware

In human culture and warfare, the notion of self-destructive attackers like the Kamikaze pilots deployed during World War II, is pervasive. A more recent conflict is the cyber-war between those creating malware and the security firms and cyber-security specialists that attempt to thwart them. In this battle, the recently revealed Rombertik malware is an interesting evolution.


When Smart Grids Meet Dumb Crypto

Security relies upon good programming and correct adherence to well-designed standards. If the standards are sloppy, then security has been compromised from the outset.


Patch Tuesday: Not Dead Yet

Microsoft’s long term plan with Windows 10 is to kill off Patch Tuesday, but that hasn’t happened yet. This week’s round of updates includes 13 patches and 3 critical updates.


Ask An Expert All About Data Forensics, Privacy And Security

Say hello to Jason Eaddy of Elysium Digital. Elysium conducts digital forensic and security investigations, typically working with organisations in technology-related legal matters.


Password Alert Warns You When Your Google Password Is Phished

Chrome: Google launched a new extension today called Password Alert that’s designed to keep you from using your Google password on sites that aren’t operated by Google.


Google Security Key Is A Hardware Device That Makes Logging In Faster And Safer

Using two-factor authentication via your phone helps protect your online accounts, but having to type in an authorisation code as well as a password can feel like a hassle. Google is introducing a new hardware key that lets you log into Google via Chrome and then authenticate yourself by clicking on the key — no code required.


Google's Trusted Places Disables Your Lock Screen Within Geofences

Android: The Smart Lock feature in Android allows you to disable your lock screen selectively based on criteria such as location or voice recognition. A recent update to this feature allows you to set geofence areas around a place, rather than only entering a street address.