Saturday, November 17, 2018

Weekly Update 113

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.Bit of a change of scenery this week; I've gone to the other end of the house whilst...

Beyond Passwords: 2FA, U2F and Google Advanced Protection

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be...

Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies

Presently sponsored by: Netsparker - a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.You know what I really like? A nice, slick, clean set of violation reports from the content security...

Weekly Update 112

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.Wow, didn't the passwords discussions go nuts this week! Passwords suck and they must die, they're never...

When Accounts are “Hacked” Due to Poor Passwords, Victims Must Share the Blame

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.It's just another day on the internet when the news is full of headlines about accounts being...

It’s End of Life for ASafaWeb

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.A lot has changed in the Microsoft technology world in the last 7 years since I launched...

Here’s Why [Insert Thing Here] Is Not a Password Killer

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.These days, I get a lot of messages from people on security related things. Often it's related...

Weekly Update 111

Presently sponsored by: DigiCert — RSA and ECC won't last forever. We're getting a head start on quantum-proof security now. See how.On my first attempt at recording this, I decided the framing was crooked after a couple of minutes...

Weekly Update 110

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricI'm home! And home for another 6 weeks at that which is rather exciting if I'm honest. Travel really takes its toll in so many ways...

Weekly Update 109

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesLast one before home time! But it has been an epic trip and as I say in the...

Weekly Update 108

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.I'm in Texas! And I've had enough BBQ to last me a very long time. I'm here...

Breaking Azure Functions with Too Many Connections

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.For the most part, Have I Been Pwned (HIBP) runs very smoothly, especially given how cheaply I...

Weekly Update 107

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOIt's another "business as usual" week; past events, upcoming events, major security news, someone forgetting...

New Pluralsight Course: Adapting to the New Normal: Embracing a Security Culture of Continual Change

Presently sponsored by: Quantum computing may spell the end of RSA and elliptic curve cryptography. Get ahead of quantum threats with tips from DigiCert's CTOI take more pleasure than I probably should in watching the bewilderment within organisations as...

Weekly Update 106

Presently sponsored by: DigiCert Pro Tips: From locks to thermostats, IoT devices are everywhere in hospitality. Keep them secure with these 6 guidelines.Home again! Another NDC is down and I talk a little about how the talks were rated...

Mmm… Pi-hole…

Presently sponsored by: DigiCert Pro Tips: From locks to thermostats, IoT devices are everywhere in hospitality. Keep them secure with these 6 guidelines.I have a love-hate relationship with ad blockers. On the one hand, I despise the obnoxious ads...

Weekly Update 105

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricIt's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and...

Extended Validation Certificates are Dead

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricThat's it - I'm calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would...

Weekly Update 104

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesWe're on a boat! This week, Scott Helme is back in town so I'm treating him to a...

The 42M Record kayo.moe Credential Stuffing Data

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesThis is going to be a brief blog post but it's a necessary one because I can't load...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.