In the UK at least, there are rules outlining how merchants deal with credit cards and other secure information. This set of rules is maintained by the PCI Security Standards Council. The main credit card issuers have all agreed to implement these standards when issuing their compliance requirements to merchants. This means that merchants have [...]
Looks like a high profile SSL certificate compromise from well known provider Comodo. Dear Customer, As a valued GlobalSign Partner we would like to make you aware of our official company statement on the recent Comodo compromise. ########## On March 23 2011, the Certification Authority Comodo announced it had mis-issued 9 SSL Certificates to high [...]
I’ve read a several articles about this in the past few weeks. Someone hacks an email account and uses the account’s own contact list to ask ‘friends’ and contacts for money citing some personal tragedy or immediate need. Often these people interact with the contacts using the terminology, phrases, sign off names of their victim [...]
You may know that I operate a webhosting company. I find it amazing some of the information that people give out without even thinking. Take for example a simple question the other day that required us to transfer a domain name from another domain registrar. The client had been in contact with the third party [...]
An article on the FSA’s site shows that the scamming industry is still alive and well. 38,000 UK names have been discovered on a list used by fraudsters dealing in worthless stocks and shares.
It’s quite trivial these days to crack a WEP password. A post in a forum I saw a couple of weeks back had a 12 second record! A fundamental flaw in the way WEP recycles its encryption key over and over means that if you collect enough packets, the key can be easily decrypted.
If you’ve never heard of SPF (Sender Policy Framework), don’t worry, you’re probably not an email administrator. SPF was designed as an addition to the email system to prevent sender spoofing. In other words, allowing someone else to send an email pretending they are you.
ssladmin@ domain name email addresses banned from SSL approval list following an incident where a security expert was allowed to register and subsequently order an SSL certificate for several large webmail providers.
Traditional password reset questions such as “Mother’s maiden name” or “favourite colour” are too easily guessable by robots from publicly available lists and search engines. Companies use this system to save support costs but we need a new, more robust method to authenticate who you are.
The padlock on the website indicating SSL encryption means only that. It does not validate the identity of the website in question, nor does it protect your money. Look for the company information in Extended Validation certificates.keep looking »