Roboform Security Revisited: Lies, Deception & Misnomers.

You may recall, I recently published an article entitled "How secure is Roboform: The 5 Minute Challenge". Well, 6 months have passed and although there's been no official public response from Siber Systems, they have made a number of comments to journalists and customers by email/Facebook and

Behavioral Profiling: The password you can't change.

We're all familiar with the 3 basic categories of authentication. Knowledge factors (passwords, PINs) Possession factors (a software/hardware token - Yubikey/Google Authenticator/SecureID) Inherence factors (fingerprint, heartbeat, iris/retina scanning) While the vast majority of sites use knowledge factors, a growing number are turning to multi-factor solutions in

Privacy & Password Managers: A Reality Check

Before we begin, let me preface this by saying... I actually quite like Steve Gibson. For all his faults, he often raises very salient points on a variety of topics, typically surrounding security products & services. During the latest "Security Now / TWiT" episode on 20/10/2015, Steve

PwnPhone: Default passwords allow covert surveillance.

A few weeks ago, I was asked to observe an installation of several wireless access points & VoIP phones, with a view to making recommendations on how best to improve security while maintaining ease of deployment. It didn't take long for several trends to appear; chief amongst which was the

Kervball: The Kerv ring data breach...

Here's what happened the day my Kerv arrived...

TOFU Attack: Your registration flow is a breach waiting to happen...

The risks of failing to validate an email address...

Contact Me

Have a question? Want me to review a product?

You've successfully subscribed to Paul Moore
Great! Next, complete checkout for full access to Paul Moore
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.