New! Listen to our podcast about securing your new computer!

Rob Pegoraro at the Washington Post has a great article which makes tons of sense. It’s all about how to shore up your brand new computer’s protection against Internet nasties before the nasties have a chance to attack. You know, the old “ounce of prevention is worth a pound of cure”.

If you have been searching for cloud-based online backup solutions, and in particular if you are looking for safe, free online backup services or cloud storage, then your best bet may be to create your very own free online backup solution, creating your own backup and storage solution in your own cloud. (This is particularly true given the recent court decision that says that agencies don’t need a warrant to access your personal data if it is stored in a cloud storage service.) You can even create your own DropBox style folders to share your files with others! You will need to make a small investment up front, but we show you how to do it, and you can do it for under $175 total – less than you would pay many online backup services in just the first year.

If you’re wondering “What is blockchain” (also known as “block chain”), you’re not alone. Unless you’ve been following Bitcoin, you may only be hearing the term “blockchain” for the first time now, as it’s been in the news lately.

This morning many large, widely used Internet sites, including Twitter, Spotify, GitHub, Etsy, Vox, Paypal, Starbucks, Airbnb, Netflix, and Reddit, just to name a few, were taken down and offline owing to a massive distributed denial of service (DDoS) against DNS provider Dyn. Below is a list of all of the sites that we know have been affected – and may still be being affected – by the Dyn DDoS outage. Also, until it’s all fixed, here is a workaround. [UPDATE: It has been confirmed that this was the result of hackers taking advantage of unsecured Internet of Things devices, probably using the Mirai malware.]

Yahoo today released a statement indicating that a data breach that occurred in 2014 may be the most massive breach yet. Moreover, Yahoo is claiming that they believe that the 2014 breach was “state-sponsored”.

This is about: A massive data breach has occurred following the hacking of the servers belonging to Active Network, which processes online applications for hunting and fishing licenses in Oregon, Idaho, Kentucky, and Washington state. The hacker, calling himself “Mr. High”, claims to have acquired the personally identifiable information (PII) of those who have applied online for a fishing license or a hunting license in those states. Mr. High says that the information for each applicant includes their name, address,their date of birth (DOB), their height, weight, eye color, and the last four digits of their social security number (SSN). Some records also included email addresses and phone numbers.

Yesterday Apple released an urgent security date for iOS, affecting all iOS devices, such as iPhone, iPad, and iPod. Security update 9.3.5 is essentially a security patch, to fix not one, but three different security holes that have been known to be exploited by spyware created by an American-owned Israeli group known as the NSO Group. NSO Group was acquired by San Francisco-based equity fund Francisco Partners in 2014.

A new report by the UK’s top Independent Reviewer of Terrorism Legislation, David Anderson, says that bulk interception and acquisition of Internet and communications data is of ‘vital utility’ to security and intelligence agencies.

The BBC is reporting that there seems to have been a massive data breach of 200 million Yahoo accounts, with the data – which appears to be from 2012 – being offered for sale for 3 bitcoins ($1805 USD).

If you have started seeing a little red padlock in your Gmail email, don’t freak out, even if the red padlock is open. All that it means is that the sender didn’t use transport layer security (TLS) when sending it – in other words, it simply means that the email was not encrypted when it was sent.

By now you have probably heard about the enormous security flaw that was recently discovered that, experts say, left thousands of applications and devices vulnerable to remote attacks and control. It is a flaw that has been around since 2009, and has the potential to affect any server that is running any post-2008 version of the Gnu C open source library called glibc. It is the function getaddrinfo() within the glibc library that has the flaw, and it is so widely distributed that it is impossible to estimate just how many applications and hardware installs are running the flawed versions (of which there are at least 7 main version and dozens of incremental update versions).

The United States is worrying about something that they consider a new Russian threat: increased Russan submarine activity around the undersea fiber optic cables that carry Internet communications, and the potential that those submarine cables could be severed, crippling U.S. Internet operations. Whether you see this as promoting Russia as a bogeyman, or a real possibility, the reality is that history has demonstrated that undersea Internet cables can be cut, and that it wreaks havoc.

As you may know, last Thursday, October 1st, was the deadline for merchants to be able to accept so-called “chip and PIN” or “chip and signature” smartcard credit cards and debit cards, with the EMV chip. Of course, while the burden is on the merchants to accept them, lots of consumers don’t actually have them, as their banks have not yet issued them a new chipped debit or credit card. Whether you already have your shiny, new chip and PIN or chip and signature card or not, here’s everything that you need to know about them.

Experian, that keeper of your credit information and reputation, has been hacked, and the hackers got away with the personally identifiable information (PII) of 15 million T-Mobile customers and applicants.

In June the U.S. Office of Personnel Management (OPM) revealed that there had been a massive security breach, exposing the personal personnel data of at least 21.5 million government employees. The data included social security numbers, names, and clearance information. What was less well known is that the data also included fingerprint records, and this week it has been revealed that the hackers got 5.6 million fingerprints.