Just because a website has a “padlock” doesn’t mean it’s legit

“Look for the padlock icon in your browser bar when logging in. This tells you that the site you’re entering your details into is secure.“ – nectar.com That’s the advice I recently received in a generic mass “Keeping you safe” email from Nectar, a loyalty points scheme here in the UK, which was sent to […]

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]

Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]

InfoSec Guy

UK-based software developer & award-winning security blogger, blogging about all things #InfoSec, #AppSec & #CyberSecurity related and striving towards a safer internet for all!

Tag: domains

Just because a website has a “padlock” doesn’t mean it’s legit

Flaw allowed anyone to modify & take control over ANY .as domain [UPDATED]