Let’s face it, we use passwords for just about everything these days. That will likely change in the future, but until then, how can you be sure that the companies and websites you entrust your passwords to are storing that information securely? Well, one approach is to ask them directly how they store passwords. However […]
In researching my previous article on websites that are doing password resets wrong, I tested the Password Reset function of a number of high-profile sites. I did this using an email address which I knew didn’t have an account on each particular website. When testing Zoom.us however, I observed something quite strange…. I entered the […]
Let’s face it, we’ve all at one time or another had to initiate a password reset on a website we previously registered on way back when and can no longer remember our password. Yet, I’m frequently amazed at how many websites still get the whole password reset thing very wrong in 2021. Yes, for the […]
Two weeks ago I published an in-depth article into the current state of IT security in the UK P2P Lending Industry. At the time of my research last month (February 2017), the vast majority of P2P sites simply ignored my direct correspondence, however since publication, a number of companies are now responding. Their responses are […]
With interests rates at all time lows, and market uncertainly making it harder these days for individuals and businesses alike to obtain loans and credit from high street banks, or to achieve a decent return on their savings, more and more people are turning to Peer-To-Peer (P2P) lending. What is P2P lending? P2P is the […]
A couple of weeks ago account information, including emails and passwords, of approximately 167 million LinkedIn users went up for sale on the dark web. The data for sale dated back to a LinkedIn hack occurring back in 2012 for which LinkedIn never revealed the extent of at the time, but it was believed that […]
Back in January, I discovered a serious flaw in the .as (American Samoa) domain registry (nic.as). The vulnerability allowed anyone to view the entire domain information for any .as domain – including the plain-text passwords of domain owners, administrative and technical contacts! Even more alarmingly, it was also possible to submit registry changes to details […]
Cyber Essentials is a UK government scheme launched in 2104 and is designed to encourage organisations and businesses to adopt “best practice” in information security. It offers two levels of certification: “Cyber Essentials” – where organisations self-assess their own systems and policies, and “Cyber Essentials Plus” – where an organization’s systems and policies are independently […]
Today marks what’s become widely know on the internet as “Data Privacy Day” (or if you’re in the EU, “Data Protection Day”). Data Privacy/Protection Day occurs annually on January 28th, and has taken place in some form or another for the past 9 years. Its purpose is to raise awareness and promote privacy and data […]