Experian CreditExpert ID Theft Protection - Security Review
Update : 10/05/2013 - 4PM: The community forum has returned - with site-wide SSL enabled. Appropriate cookies are httponly & secure and protocol support, key transmission and cipher strength all pass with flying colours. Superb. It's still not immediately clear to the user that the username/password required for
Forgot your password? You're doing it wrong.
Have you ever struggled to remember a username or password? Join the club. Wouldn't it be great if you could log in to every site using the same password, without compromising your security? Now you can! Introducing AgileBits 1Password, the gold standard in decentralized identity & password management for Windows,
CashPlus: "It is secure" - Ooooh no it isn't.
As part of a wider research project, I joined CashPlus in June (18th to be precise), which is purportedly... better than a business bank account So I paid the £29.99 annual membership fee and waited for the card to arrive. Less than a week later, the card arrived and
cyberstreetwise.com - Really bad #infosec advice.
Be Cyber Streetwise is a cross-government campaign, funded by the National Cyber Security Programme, and delivered in partnership with the private and voluntary sectors. The campaign is led by the Home Office, working closely with the Department for Business, Innovation and Skills and the Cabinet Office. On January 13th 2014,
Virgin Media SuperHub: 7 second security flaw...
OK folks, no waffling, no hyperbole... I'll get straight to the point. If you run a Virgin Media SuperHub or Superhub 2, your network is not secure. The Boot Sequence When you switch on your device, it takes roughly a minute to fully boot, bring up the network cards/WiFi
Council Tax, PCN & Benefits Payment Data Leaked! Are you affected?
Well, I guess it had to happen at some time. To be fair, I was parked on double yellow lines. No excuses, no basis to contest the penalty... I was in the wrong. In those 10 minutes however, I unwittingly caused Walsall Metropolitan Borough Council sufficient financial hardship to warrant
How secure is #Roboform? The 5 minute challenge.
TL;DR - Your master password is sent to Siber Systems and the mobile applications are insecure. Described by its creators, Siber Systems, as "completely secure using military grade encryption", Roboform has been knocking about since 1999. Now, I have a rule when testing password managers. If the
Virgin Media: You're only as secure as your weakest link.
Avid followers will know, I've long been an advocate of password managers... specifically 1Password. So much so, I'm often criticised for treating it as a panacea. With that in mind, it's about time I outlined another risk which isn't immediately obvious; one which allows me access to almost any site
Value security? Avoid TalkTalk.
Update 18/10/2014: TalkTalk have now upgraded their SSL configuration; providing a much healthier "A-" on Qualys. More importantly, it's now PCI compliant. -- Cheap viagra, cialis & diet pills I could benefit from a diet pill or two, but I'm pretty sure my Dad isn't the
Kickstarter Password Managers: The good, the iffy and the dangerous.
Over the last few months, Kickstarter has been awash with password managers. Unless you're willing to invest and use a ridiculously tiny comments box, it's impossible to comment or ask further questions so others can see their response. Rather than clutter the comments area, this article will provide a very
Password Managers: Facts, Fallacies & FUD
Ah, passwords. The thought of choosing, remembering and inevitably resetting them is enough to make your blood boil. As a fundamental part of our digital lives and despite several reports claiming they're dead, our dependence on them shows little sign of slowing. A password manager is a great way to
Roboform Security Revisited: Lies, Deception & Misnomers.
You may recall, I recently published an article entitled "How secure is Roboform: The 5 Minute Challenge". Well, 6 months have passed and although there's been no official public response from Siber Systems, they have made a number of comments to journalists and customers by email/Facebook and
SagePay: Breaching PCI Compliance... intentionally.
Update: 2:50PM 03/02/2015 Just minutes after this article went live, SagePay have once again removed the 56bit cipher. It is being actively monitored, so if it creeps back in, I'll update the article again. As one of the largest payment service providers in the world, SagePay has
Everykey: 3 years and $250,000... is it vaporware?
Update 22/12/2015 I've received several emails regarding this project over the last few months; another landing just a few moments ago. Unbelievably, Everykey has been delayed yet further... with delivery now estimated in February 2016. I'm very grateful to everyone for keeping me informed. However at this stage,