xss
Bank & Mobile Network Security: For want of a nail...
Ever since publishing a "two factor authentication vs two step verification" article in 2014, I've been waiting for an opportunity to irrefutably demonstrate the difference. Note: This article is very much a "work in progress" as until both exploits are patched, I can't provide…
Paul MooreIdentity theft & payment fraud? That's ASDA price.
Back in March 2014, I contacted ASDA to report several security vulnerabilities and despite a fix promised "in the next few weeks", little appears to have changed. @Stuho1mez All of our sites are secure, I would advise using Chrome. Thanks, Beth— Asda Service Team (@AsdaServiceTeam)…
Paul MooreMyDish.co.uk Security - Missing a vital ingredient?
Update as of 15/03/13: I have received a number of emails asking for further comments on the situation @ MyDish. I firmly believe that every effort is being made to rectify the issues I've identified - and the insinuation that Carol or the team at MyDish have ignored the problem is entirely without…
Paul MooreCompanies House Security Review - Part 2
Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go. Directory traversal still possible... hint encode/escape or strip, don't add slashes! Significant improvements have been made to the SSL implementation - now scorin…
Paul MooreCorporate Identity Theft - Perhaps the biggest risk is where you least expect it...
Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go. Directory traversal still possible... hint encode/escape or strip, don't add slashes! Significant improvements have been made to the SSL implementation - now scorin…
Paul Moore