The queries I’ve been getting lately requesting checks on whether a particular email is spam or not, has been enlightening. It’s clear there’s a problem. Somewhere. Email users are not seeing the “wood for the trees” no matter the fact that spam has been an entrenched part of our lives for a couple of decades […]
The SSL/TLS certificate revocation system (CRL and OCSP) is broken. This is a fact known for a long time by the whole certificate industry. Long-lived certificates that have issues (eg. a certificate that was fraudulently issued), hang around on the Internet for extended periods (currently up to 3 years) potentially causing security and authenticity issues. […]
Browser technology and security events always make for interesting reading especially due to the fact that we do the majority of our online work these days through browsers, be it general web surfing, accessing enterprise apps or managing systems and devices. Browser features and security are therefore critical – this shouldn’t even need to be […]
What happens when the websites we visit and the companies we depend on to provide us with information, are compromised? Supply chain attacks go to the root of information we depend on rather than attack us directly. A recent attack on the Asus infrastructure paints the exact scenario for supply chain attacks. Attackers compromised an […]
The Spectre and Meltdown attacks that came to light at the beginning of the year have been the main focus of this year’s security issues however there has been a lot more going on than that. On that note though, additional Spectre variations have been found (we’re up to v4 now); as well, the BSD […]
It’s been a while since my last post but recent events in SA around security have prompted me to write this post. It starts with an open website containing what is now believed to be upwards of 70 million entries for names, ID numbers, income, addresses and other information on South African citizens/residents including possibly […]
If ever there was a perfect example of stupidity, the new highly virulent strain of WanaCrypt ransomware that is currently spreading like wildfire, is it. And that stupidity is care of the NSA; who in their infinite wisdom, wrote exploits based on 0-day vulnerabilities that should have been reported to the relevant vendors, but was […]
The current mainstream method of authenticating to applications and systems remains a difficult prospect for most people. Password re-use is not a good idea but remembering a separate password for each system is not feasible. Biometrics and 2-factor-authentication are great solutions but not available in all circumstances, and typically the 1st factor is still a […]
Of all the points of electronic insecurity one deals with every day, your TV is probably the last you’d expect. Not so, because Vizio has been caught spying on its customers – through approximately 11 million smart TVs in the US and since 2014. These TVs have automatically tracked consumers’ viewing habits and sent that data […]
We live in the information age and information is arguably the most important form of currency now and we’re bombarded with it 24×365. A never ending stream of information, news and data fed through channels like Facebook, YouTube, Twitter and Instagram. And it’s this overload of information that can lead to bad decisions and behaviour. […]
There have been enough clues over the last few years that the global DNS system as used in its current form, is particularly frail and subject to simple attacks. Yet the main commercial protagonists piggy-backing onto this system, have remained almost spectacularly silent on the issue and there seems to be little impetus to change things. Similar […]
The great Linkedin hack A hacker called “Peace” recently tried to sell a password database of ~ 117 million Linkedin login details that come as a the result of a 2012 breach on the professional relationship social media site. In a blog post published on May 18, LinkedIn CISO Cory Scott wrote, “Yesterday, we became […]
