xss

Santander aren't secure - Should we bank online?

"Your financial protection is our priority and we take this very seriously" "Our service actively protects both your identity and your finances." "We take every step possible to keep your finances and personal details safe." Confident statements; so you'd be forgiven for having equal confidence in their abilities to protect

Corporate Identity Theft - Perhaps the biggest risk is where you least expect it...

Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go.  Directory traversal still possible... hint encode/escape or strip, don't add slashes!  Significant improvements have been made to the SSL implementation

Companies House Security Review - Part 2

Update(s): 18/Dec/2012 - One SSL bug now fixed (might want to put security testing out to tender next time!) - but still a few to go.  Directory traversal still possible... hint encode/escape or strip, don't add slashes!  Significant improvements have been made to the SSL implementation

MyDish.co.uk Security - Missing a vital ingredient?

Update as of 15/03/13: I have received a number of emails asking for further comments on the situation @ MyDish. I firmly believe that every effort is being made to rectify the issues I've identified - and the insinuation that Carol or the team at MyDish have ignored the

Identity theft & payment fraud? That's ASDA price.

Back in March 2014, I contacted ASDA to report several security vulnerabilities and despite a fix promised "in the next few weeks", little appears to have changed. @Stuho1mez All of our sites are secure, I would advise using Chrome. Thanks, Beth — Asda Service Team (@AsdaServiceTeam) January 14,

Bank & Mobile Network Security: For want of a nail...

Ever since publishing a "two factor authentication vs two step verification" article in 2014, I've been waiting for an opportunity to irrefutably demonstrate the difference. Note: This article is very much a "work in progress" as until both exploits are patched, I can't provide any technical

SafeBuy: Can you trust a trustmark?

Private, secure & trusted... or is it?

Police CyberAlarm: Abysmal security, yet again.

3 attempts, 3 complete failures. Incredibly, cyberAlarm is now even worse than before.

Contact Me

Have a question? Want me to review a product?

You've successfully subscribed to Paul Moore
Great! Next, complete checkout for full access to Paul Moore
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.