Why Organizations Cover Up Past Data Breaches

I recently had cause to refer back to a particular organization’s data breach, which occurred in June 2020. The organization is question was Yarooms, who develop room booking software. I remember reading about a significant breach of Yaroom’s customer data back in 2020, but I wanted to jog my memory as to the nature and […]

5 ways to spot if a website is storing your password Insecurely

Let’s face it, we use passwords for just about everything these days. That will likely change in the future, but until then, how can you be sure that the companies and websites you entrust your passwords to are storing that information securely? Well, one approach is to ask them directly how they store passwords. However […]

Why your “hacked” Facebook account may not have been “hacked”

“If you’ve received a friend request from me, please don’t accept it – I’ve been hacked!” – one of your facebook friends I’m sure we’ve all seen this, or something similar, posted by a friend on facebook at one time or another. Typically, this happens a few hours after you receive a friend request from […]

The UK may soon ditch the absurd EU Cookie Directive

When visiting a website for the first time, you’ll likely be presented with a (somewhat intrusive) banner or pop-up about cookies. “Cookies” in this regard are sadly not the delicious chocolate-chip laden baked goods that we all love 🍪. (If only they were, I’d be more than happy to accept these when visiting a website!) […]

Just because a website has a “padlock” doesn’t mean it’s legit

“Look for the padlock icon in your browser bar when logging in. This tells you that the site you’re entering your details into is secure.“ – nectar.com That’s the advice I recently received in a generic mass “Keeping you safe” email from Nectar, a loyalty points scheme here in the UK, which was sent to […]

Flaws in Zoom’s Password Reset function

In researching my previous article on websites that are doing password resets wrong, I tested the Password Reset function of a number of high-profile sites. I did this using an email address which I knew didn’t have an account on each particular website. When testing Zoom.us however, I observed something quite strange…. I entered the […]

Password Resets done the wrong way

Let’s face it, we’ve all at one time or another had to initiate a password reset on a website we previously registered on way back when and can no longer remember our password. Yet, I’m frequently amazed at how many websites still get the whole password reset thing very wrong in 2021. Yes, for the […]

Webmasters: Have some (subresource) integrity!

Earlier today it was discovered that a large number of websites (over 4,000) – including UK government and NHS websites – had been compromised with a “cryptominer”. A cryptominer is a piece of software that “mines” cryptocoins like Bitcoin, LiteCoin, Ethereum, etc, which in turn generate income. When a cryptominer is included within the code […]

Safer Internet Day: Teachers – A better internet starts with YOU!

This week saw the annual “Safer Internet Day” event take place around the globe. Safer Internet Day’s tag line is “Create, Connect and Share Respect – A better internet starts with you” and its purpose is to “promote the safe and positive use of digital technology for children and young people“. It’s a fantastic, worthwhile, […]

KidRex: The “safe search engine for kids”… offering sex tips and working from home for Bitcoins

It’s “Safer Internet Day” today, a global event promoting online safety particularly among children and young people. Whilst looking through related tweets today, I came across a number of tweets from teachers who were using a search engine called “KidRex” in their classrooms. https://twitter.com/CloughfinNS/status/960898128772612096 KidRex bills itself as “a fun and safe search for kids, […]