xsrf

Identity theft & payment fraud? That's ASDA price.

Back in March 2014, I contacted ASDA to report several security vulnerabilities and despite a fix promised "in the next few weeks", little appears to have changed. @Stuho1mez All of our sites are secure, I would advise using Chrome. Thanks, Beth— Asda Service Team (@AsdaServiceTeam)…

Paul Moore

MyDish.co.uk Security - Missing a vital ingredient?

Update as of 15/03/13: I have received a number of emails asking for further comments on the situation @ MyDish. I firmly believe that every effort is being made to rectify the issues I've identified - and the insinuation that Carol or the team at MyDish have ignored the problem is entirely without…

Paul Moore

Companies House Security Review - Part 2

Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go. Directory traversal still possible... hint encode/escape or strip, don't add slashes! Significant improvements have been made to the SSL implementation - now scorin…

Paul Moore

Paul Moore

Twitter

xsrf

Identity theft & payment fraud? That's ASDA price.

MyDish.co.uk Security - Missing a vital ingredient?

Companies House Security Review - Part 2