Here’s an interesting read if you work in or with a team that’s responsible for building public facing systems. It’s a collection of the top 25 programming errors that have been responsible for most of the major security breeches and system outages over the last few years. Some of them...
Here’s an interesting screenshot I just took on a website: If you’re into development in any shape or form, you’ll see a number of security issues Three has with their website, including but not limited to: Password stored in plain text in a connection string Trivial password that could be cracked without thinking...
I’ve just found out that it’s National Identity Fraud Prevention Week in the UK at the moment. What is ID fraud? Well, it’s when someone impersonates you or your company and commits criminal deeds which you may eventually be blamed for. The most common crime committed is fraud, using your...
Have you ever had a password-protected Excel document that needed opening up? It happened to me a couple of years ago. I worked for a company that used an Excel sheet in a shared folder to store passwords to different websites that the company had accounts on. One of the...
It’s an unfortunate fact of life that if you own or run a website, at some point in time, you’re going to be faced with someone trying to break into your site. It’s actually more common that you think, as it’s relatively easy for someone to launch a bot that...
I came across a great whitepaper by a company called Pragma Systems that talks about their Fortress product line, designed to secure a wide variety of different platforms using protocols like SSH, SFTP, SCP and others. They have a variety of different offerings ranging from server security suites to a...
I’ve posted before about Clickjacking and how scary this is for most Internet users, regardless of which browser you’re using or whether you have Javascript turn on or off. There’s more information about the threat on the Interweb today, including a demo of how the exploit works and some advice...