Google SSL

Google has made SSL available for the .com version of its search engine. It has not been rolled out to the specific country code Google versions as of yet but surely it cannot be far off.

‘Sucker’ List discovered by Financial Services Authority

An article on the FSA’s site shows that the scamming industry is still alive and well. 38,000 UK names have been discovered on a list used by fraudsters dealing in worthless stocks and shares.

WEP & WPA wireless in business

It’s quite trivial these days to crack a WEP password. A post in a forum I saw a couple of weeks back had a 12 second record! A fundamental flaw in the way WEP recycles its encryption key over and over means that if you collect enough packets, the key can be easily decrypted.

SPF records. The real McCoy

If you’ve never heard of SPF (Sender Policy Framework), don’t worry, you’re probably not an email administrator. SPF was designed as an addition to the email system to prevent sender spoofing. In other words, allowing someone else to send an email pretending they are you.

SSL certificate ssladmin social exploit weakness

ssladmin@ domain name email addresses banned from SSL approval list following an incident where a security expert was allowed to register and subsequently order an SSL certificate for several large webmail providers.

Password reset vulnerabilities

Traditional password reset questions such as “Mother’s maiden name” or “favourite colour” are too easily guessable by robots from publicly available lists and search engines. Companies use this system to save support costs but we need a new, more robust method to authenticate who you are.

SSL certificate trust

The padlock on the website indicating SSL encryption means only that. It does not validate the identity of the website in question, nor does it protect your money. Look for the company information in Extended Validation certificates.

Traditional passwords and pins. A new solution?

The sheer amount of passwords and pins we need to remember these days, perhaps a change is needed?

Social media and the dangers of revealing your location

Does the public broadcasting of your location compromise your home security?

Forget passwords, you are the biggest threat to yourself

Would you give your personal details out over the phone? Of course not! But what if the call was from your utility or phone provider and needed to discuss your account?