ssl

Corporate Identity Theft - Perhaps the biggest risk is where you least expect it...

Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go.  Directory traversal still possible... hint encode/escape or strip, don't add slashes!  Significant improvements have been made to the SSL implementation

Companies House Security Review - Part 2

Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go.  Directory traversal still possible... hint encode/escape or strip, don't add slashes!  Significant improvements have been made to the SSL implementation

MyDish.co.uk Security - Missing a vital ingredient?

Update as of 15/03/13: I have received a number of emails asking for further comments on the situation @ MyDish. I firmly believe that every effort is being made to rectify the issues I've identified - and the insinuation that Carol or the team at MyDish have ignored the

Experian CreditExpert ID Theft Protection - Security Review

Update : 10/05/2013 - 4PM:  The community forum has returned - with site-wide SSL enabled.  Appropriate cookies are httponly & secure and protocol support, key transmission and cipher strength all pass with flying colours.  Superb.  It's still not immediately clear to the user that the username/password required for

Forgot your password? You're doing it wrong.

Have you ever struggled to remember a username or password?  Join the club. Wouldn't it be great if you could log in to every site using the same password, without compromising your security?  Now you can! Introducing AgileBits 1Password, the gold standard in decentralized identity & password management for Windows,

CashPlus: "It is secure" - Ooooh no it isn't.

As part of a wider research project, I joined CashPlus in June (18th to be precise), which is purportedly... better than a business bank account So I paid the £29.99 annual membership fee and waited for the card to arrive. Less than a week later, the card arrived and

cyberstreetwise.com - Really bad #infosec advice.

Be Cyber Streetwise is a cross-government campaign, funded by the National Cyber Security Programme, and delivered in partnership with the private and voluntary sectors. The campaign is led by the Home Office, working closely with the Department for Business, Innovation and Skills and the Cabinet Office. On January 13th 2014,

Council Tax, PCN & Benefits Payment Data Leaked! Are you affected?

Well, I guess it had to happen at some time. To be fair, I was parked on double yellow lines. No excuses, no basis to contest the penalty... I was in the wrong. In those 10 minutes however, I unwittingly caused Walsall Metropolitan Borough Council sufficient financial hardship to warrant

Value security? Avoid TalkTalk.

Update 18/10/2014: TalkTalk have now upgraded their SSL configuration; providing a much healthier "A-" on Qualys. More importantly, it's now PCI compliant. -- Cheap viagra, cialis & diet pills I could benefit from a diet pill or two, but I'm pretty sure my Dad isn't the

Contact Me

Have a question? Want me to review a product?

You've successfully subscribed to Paul Moore
Great! Next, complete checkout for full access to Paul Moore
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.