passwords

Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go.  Directory traversal still possible... hint encode/escape or strip, don't add slashes!  Significant improvements have been made to the SSL implementation

Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go.  Directory traversal still possible... hint encode/escape or strip, don't add slashes!  Significant improvements have been made to the SSL implementation

Update as of 15/03/13: I have received a number of emails asking for further comments on the situation @ MyDish. I firmly believe that every effort is being made to rectify the issues I've identified - and the insinuation that Carol or the team at MyDish have ignored the

Have you ever struggled to remember a username or password?  Join the club. Wouldn't it be great if you could log in to every site using the same password, without compromising your security?  Now you can! Introducing AgileBits 1Password, the gold standard in decentralized identity & password management for Windows,

As part of a wider research project, I joined CashPlus in June (18th to be precise), which is purportedly... better than a business bank account So I paid the £29.99 annual membership fee and waited for the card to arrive. Less than a week later, the card arrived and

Be Cyber Streetwise is a cross-government campaign, funded by the National Cyber Security Programme, and delivered in partnership with the private and voluntary sectors. The campaign is led by the Home Office, working closely with the Department for Business, Innovation and Skills and the Cabinet Office. On January 13th 2014,

Avid followers will know, I've long been an advocate of password managers... specifically 1Password. So much so, I'm often criticised for treating it as a panacea. With that in mind, it's about time I outlined another risk which isn't immediately obvious; one which allows me access to almost any site

No lengthy article this time folks, just a flow diagram to demonstrate the differences between two-factor authentication and two-step verification. (full size) Why isn't an OTP via SMS a 2nd factor? At first glance, the mobile phone appears to be "something we have" (one of 3 factors necessary

Ah, passwords. The thought of choosing, remembering and inevitably resetting them is enough to make your blood boil. As a fundamental part of our digital lives and despite several reports claiming they're dead, our dependence on them shows little sign of slowing. A password manager is a great way to

You may recall, I recently published an article entitled "How secure is Roboform: The 5 Minute Challenge". Well, 6 months have passed and although there's been no official public response from Siber Systems, they have made a number of comments to journalists and customers by email/Facebook and

A few weeks ago, I was asked to observe an installation of several wireless access points & VoIP phones, with a view to making recommendations on how best to improve security while maintaining ease of deployment. It didn't take long for several trends to appear; chief amongst which was the

After months of tweets, emails & articles from eminent figures like Troy Hunt & the NCSC, it's about time I weighed in on the debate surrounding sites which disable a user's ability to paste passwords. The general consensus amongst many experts, including those mentioned above, is that disabling paste on

Private, secure & trusted... or is it?