Tuesday, September 25, 2018

Weekly Update 105

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricIt's another day-late weekly update courtesy of another hectic week. Scott and I were at NDC Sydney doing a bunch of talks and other events and...

Extended Validation Certificates are Dead

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricThat's it - I'm calling it - extended validation certificates are dead. Sure, you can still buy them (and there are companies out there that would...

Weekly Update 104

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesWe're on a boat! This week, Scott Helme is back in town so I'm treating him to a...

The 42M Record kayo.moe Credential Stuffing Data

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesThis is going to be a brief blog post but it's a necessary one because I can't load...

The Effectiveness of Publicly Shaming Bad Security

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesHere's how it normally plays out: It all begins when a company pops up online and makes some...

Weekly Update 103

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.It's been a week of travel for me with API Days in Melbourne on Tuesday, Fortinet Fast...

Serverless to the Max: Doing Big Things for Small Dollars with Cloudflare Workers and Azure Functions

Presently sponsored by: Do you desire peace of mind? The hackers don't wait, secure your website and mobile apps with Gold Security today.As time has gone by, one of the things I've enjoyed the most in running Have I...

Weekly Update 102

Presently sponsored by: How fast can you update your security after an algorithm is compromised? Improve crypto agility with tips from DigiCert's CTOA few little bits and pieces this week ranging from a new web cam (primarily to do...

Pwned Passwords, Now As NTLM Hashes!

Presently sponsored by: How fast can you update your security after an algorithm is compromised? Improve crypto agility with tips from DigiCert's CTOI'm still pretty amazed at how much traction Pwned Passwords has gotten this year. A few months...

Weekly Update 101

Presently sponsored by: Build scalable, reliable and secure cloud native applications with Tech FabricHome! I got up early today to a balmy 16-degree winter's day as we approach the last week before spring and felt genuinely thankful to be...

Weekly Update 100

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesMade it to 100! And by pure coincidence, it aligned with the week where I've tuned out more...

Weekly Update 99

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesIt's a traveling weekly update this week as I round out a couple of workshops in Sydney and...

New Pluralsight Course: Modern Browser Security Reports

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesRounding out a recent spate of new Pluralsight courses is one final one: Modern Browser Security Reports. This...

New Pluralsight Course: Defending Against JavaScript Keylogger Attacks on Payment Card Information

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesOnly a few weeks ago, I wrote about a new GDPR course with John Elliott. We've been getting...

New Pluralsight Course: Bug Bounties for Researchers

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesEarlier this year, I spent some time in San Fran with friend and Bugcrowd founder Casey Ellis where...

Weekly Update 98

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesIt's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual....

Why No HTTPS? Questions Answered, New Data, Path Forward

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesSo that little project Scott Helme and I took on - WhyNoHTTPS.com - seems to have garnered quite...

Weekly Update 97

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesAlrighty, 2 big things to discuss today and I'll jump right into them here: Exactis: it's hard to know...

Why No HTTPS? Here’s the World’s Largest Websites Not Redirecting Insecure Requests to HTTPS

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesAs of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as...

Weekly Update 96

Presently sponsored by: Netsparker - dead accurate web application security scanning solution - Scan websites for SQL Injection, XSS & other vulnerabilitiesThis week I'm doing my best "dress like a professional" impersonation as I prepare to record the next...

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
ZDNet

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
SecurityWeek

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...