Just because a website has a “padlock” doesn’t mean it’s legit

“Look for the padlock icon in your browser bar when logging in. This tells you that the site you’re entering your details into is secure.“ – nectar.com That’s the advice I recently received in a generic mass “Keeping you safe” email from Nectar, a loyalty points scheme here in the UK, which was sent to […]

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]