How safe is your credit card number with merchants?

In the UK at least, there are rules outlining how merchants deal with credit cards and other secure information. This set of rules is maintained by the PCI Security Standards Council. The main credit card issuers have all agreed to implement these standards when issuing their compliance requirements to merchants. This means that merchants have [...]

GlobalSign Comodo Compromise

Looks like a high profile SSL certificate compromise from well known provider Comodo. Dear Customer, As a valued GlobalSign Partner we would like to make you aware of our official company statement on the recent Comodo compromise. ########## On March 23 2011, the Certification Authority Comodo announced it had mis-issued 9 SSL Certificates to high [...]

Would you send money to help a friend?

I’ve read a several articles about this in the past few weeks. Someone hacks an email account and uses the account’s own contact list to ask ‘friends’ and contacts for money citing some personal tragedy or immediate need. Often these people interact with the contacts using the terminology, phrases, sign off names of their victim [...]

Your Valuable Information

You may know that I operate a webhosting company. I find it amazing some of the information that people give out without even thinking. Take for example a simple question the other day that required us to transfer a domain name from another domain registrar. The client had been in contact with the third party [...]

‘Sucker’ List discovered by Financial Services Authority

An article on the FSA’s site shows that the scamming industry is still alive and well. 38,000 UK names have been discovered on a list used by fraudsters dealing in worthless stocks and shares.

WEP & WPA wireless in business

It’s quite trivial these days to crack a WEP password. A post in a forum I saw a couple of weeks back had a 12 second record! A fundamental flaw in the way WEP recycles its encryption key over and over means that if you collect enough packets, the key can be easily decrypted.

SPF records. The real McCoy

If you’ve never heard of SPF (Sender Policy Framework), don’t worry, you’re probably not an email administrator. SPF was designed as an addition to the email system to prevent sender spoofing. In other words, allowing someone else to send an email pretending they are you.

SSL certificate ssladmin social exploit weakness

ssladmin@ domain name email addresses banned from SSL approval list following an incident where a security expert was allowed to register and subsequently order an SSL certificate for several large webmail providers.

Password reset vulnerabilities

Traditional password reset questions such as “Mother’s maiden name” or “favourite colour” are too easily guessable by robots from publicly available lists and search engines. Companies use this system to save support costs but we need a new, more robust method to authenticate who you are.

SSL certificate trust

The padlock on the website indicating SSL encryption means only that. It does not validate the identity of the website in question, nor does it protect your money. Look for the company information in Extended Validation certificates.

keep looking »