Over the past month or so, I’ve noticed a growing trend of the use of “Life Events” on Facebook to promote fake competitions. The latest one doing the rounds claims to offer you the chance to win an all-expenses paid Disney cruise… let’s look at this in a little more detail, and I’ll point out […]
Last week, on June 8, the fifth annual European Security Blogger Awards were announced at the Infosecurity Europe conference in London. Nominated and voted for by the public, with votes added by judges including Infosecurity Europe Hall of Fame member Jack Daniel, journalists Matthew Schwartz and John Leyden and others, the awards were presented at […]
A couple of weeks ago account information, including emails and passwords, of approximately 167 million LinkedIn users went up for sale on the dark web. The data for sale dated back to a LinkedIn hack occurring back in 2012 for which LinkedIn never revealed the extent of at the time, but it was believed that […]
Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]
A Content Security Policy (or CSP) is a set of rules which website owners can implement to approve origins of content that web browsers should or should not be allowed to load on their websites. For example, a CSP can be used to prevent a website from loading resources such as images, frames, or scripts […]
You’re probably familiar with the recent case where the FBI tried to force Apple to “weaken” the security of their iOS software, so that they could “unlock” and gain access to the data on a particular iPhone linked to the mass shooting in San Bernadino last year. Apple refused to comply with the court order, […]
Cyber Essentials is a UK government scheme launched in 2104 and is designed to encourage organisations and businesses to adopt “best practice” in information security. It offers two levels of certification: “Cyber Essentials” – where organisations self-assess their own systems and policies, and “Cyber Essentials Plus” – where an organization’s systems and policies are independently […]
Virgin Media are one of the UK’s largest Internet Service Providers (ISP), with over 5 million broadband subscribers. Yesterday, a concerned Virgin Media customer forwarded me an email they’d received: The email – which was addressed to the customer by name, and included their name and IP address – had genuinely originated from Virgin Media. […]
“Phishing” is a term used to describe the activity of defrauding an online account holder of personal or financial information by posing as a legitimate company. The most common form of phishing on the internet is through email – you’ve almost certainly had them appear in your inbox – emails that look like they come […]
Today marks what’s become widely know on the internet as “Data Privacy Day” (or if you’re in the EU, “Data Protection Day”). Data Privacy/Protection Day occurs annually on January 28th, and has taken place in some form or another for the past 9 years. Its purpose is to raise awareness and promote privacy and data […]