Top 10 Stories

The news is that the hashing function SHA1 is on the way out, after Microsoft and nowGoogle said that they will soon start penalising sites that use SHA1 certificates that expire during 2016 and after has caused some panic.   This is a major policy change that requires immediate action—according to SSL Pulse, only 15% sites use SHA256 certificates in September 2014.   Before this most recent development, the advice was very simple: don't use SHA1...

Rapid7 has launched global strategic services practice, with a unique cyber security programme development offering.   With an aim to help transform the security posture of organisations through threat-focused programme assessment and development services, the practice will help security executives and teams dramatically improve their ability to solve the cyber security challenges they face today and in the future.   The new practice’s first offering, a Cyber Security Programme Development service, will transform organisations’ security...

Enigmail has patched a hole in the PGP email platform that caused mail to be sent unencrypted when all security check boxes were ticked. According to The Register, any Enigmail user may have sent apparently encrypted emails that could be read by attackers. Previously Enigmail would ask if one wants to 'Hide BCC recipients' and then send the email encrypted to all of them without revealing to whom the email was sent. However functionality was missing...

Apple announced the launch of the new iPhone, the smart iWatch and a new payment system last night. According to BBC, the iWatch runs apps, acts as a health and fitness tracker. Meanwhile the iPhone's screen measures 4.7in (11.9cm) and the iPhone 6 Plus's 5.5in (14.0cm) - a change that analysts said should help prevent users migrating to Android. Also, a new service called Apple Pay was launched, which chief executive Tim Cook said he...

Salesforce sent out a warning to its account administrators last week about its customers being targeted by the Dyreza malware. In the update, it said a security partner identified that the Dyre malware (also known as Dyreza), which typically targets customers of large, well-known financial institutions, may now also target some Salesforce users. The alert said: "We currently have no evidence that any of our customers have been impacted by this, and we are continuing...

Tech titans like Google, Microsoft, and Apple knew the Government was collecting their user data, the NSA's general counsel has said.   According to Cnet, NSA general counsel Rajesh De told the Privacy and Civil Liberties Oversight Board on Wednesday that tech titans were aware that the NSA was collecting communications and related metadata both for the NSA's "PRISM" program and for "upstream" communications crossing the Internet.   The Guardian reported that when asked if collection of communications and...

The best way to get management attention is to plunge them into the middle of a cyber attack.   According to Marco Gercke, director for the Cybercrime Research Institute, this is a powerful teaching tool,” he told the Gartner Security and Risk Management Summit 2014 in London. Gercke said the idea was inspired by a Government minister who was not very supportive of cyber security initiatives, but then became a champion of the cause after his personal...

The six-year old Conficker worm is still a major presence in the threat landscape, accounting for 38% of all detections in the first half of 2014.   According to security vendor F-Secure’s latest Threat Report, said that Conficker’s persistence is likely down to regions in which there are still a large number of legacy systems and high piracy rates.   Web-based attacks, during which malware redirects the victim’s browser to malicious sites, accounted for 20% of...

Adodgy Symantec update brought pain for remaining Windows XP users, as it behaved as a virus.   Norton users suffered the update, which was released a day before the recent Labor Day US holiday weekend. In a statement, Symantec admitted the problem but downplayed its significance, saying: “This issue has now been resolved. The limited number of customers affected should run a Live Update to mitigate the issue.”   Extended support for Windows XP ended...

Grievances within the NSA have been captured, revealing a host of workplace ills at the agency.   In its advice column in the agency’s employee newsletter, “Ask Zelda” is a popular fixture inside the spy agency, and gripes to Zelda range from potentially serious lapses — adrift supervisors, snoozing employees, and the lackadaisical handling of some of the nation’s most sensitive files — to the more mundane, such as foul-smelling, nosy, rude, or overbearing co-workers....