Isolated “Power Issue” kills net access for thousands of UK internet users [UPDATED]

Earlier today (July 20th), thousands of BT Broadband and PlusNet Broadband customers were unable to access large chunks of the internet for up to four hours. The cause of this outage has been attributed to “power issues at a partner’s site” by both BT and PlusNet: https://twitter.com/BTCare/status/755708190420066304 https://twitter.com/plusnethelp/status/755716994725453824 No further details are forthcoming from BT/PlusNet […]

The growing trend of Facebook “Life Event” scams

Over the past month or so, I’ve noticed a growing trend of the use of “Life Events” on Facebook to promote fake competitions. The latest one doing the rounds claims to offer you the chance to win an all-expenses paid Disney cruise… let’s look at this in a little more detail, and I’ll point out […]

It’s Official! The Best New Security Blog is… the one you’re reading now!

Last week, on June 8, the fifth annual European Security Blogger Awards were announced at the Infosecurity Europe conference in London. Nominated and voted for by the public, with votes added by judges including Infosecurity Europe Hall of Fame member Jack Daniel, journalists Matthew Schwartz and John Leyden and others, the awards were presented at […]

LinkedIn users locked out and unable to reset passwords due to “known issue”

A couple of weeks ago account information, including emails and passwords, of approximately 167 million LinkedIn users went up for sale on the dark web. The data for sale dated back to a LinkedIn hack occurring back in 2012 for which LinkedIn never revealed the extent of at the time, but it was believed that […]

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]

Webmasters: Your Content Security Policy could break PCI DSS compliance & leak sensitive data

A Content Security Policy (or CSP) is a set of rules which website owners can implement to approve origins of content that web browsers should or should not be allowed to load on their websites. For example, a CSP can be used to prevent a website from loading resources such as images, frames, or scripts […]

Why the Apple vs FBI case isn’t a “win” for Apple

You’re probably familiar with the recent case where the FBI tried to force Apple to “weaken” the security of their iOS software, so that they could “unlock” and gain access to the data on a particular iPhone linked to the mass shooting in San Bernadino last year. Apple refused to comply with the court order, […]

The UK Government’s contradictory advice: How frequently should you change your password? [UPDATED]

Cyber Essentials is a UK government scheme launched in 2104 and is designed to encourage organisations and businesses to adopt “best practice” in information security. It offers two levels of certification: “Cyber Essentials” – where organisations self-assess their own systems and policies, and “Cyber Essentials Plus” – where an organization’s systems and policies are independently […]

Are Virgin Media “Port Scanning” their customers… and profiting from it? [UPDATED]

Virgin Media are one of the UK’s largest Internet Service Providers (ISP), with over 5 million broadband subscribers. Yesterday, a concerned Virgin Media customer forwarded me an email they’d received: The email – which was addressed to the customer by name, and included their name and IP address – had genuinely originated from Virgin Media. […]

5 ways to spot a “phishing” email

“Phishing” is a term used to describe the activity of defrauding an online account holder of personal or financial information by posing as a legitimate company. The most common form of phishing on the internet is through email – you’ve almost certainly had them appear in your inbox – emails that look like they come […]

InfoSec Guy

UK-based software developer & award-winning security blogger, blogging about all things #InfoSec, #AppSec & #CyberSecurity related and striving towards a safer internet for all!