It seems not a day goes by without some record cybersecurity incident hitting the press, be it a data breach, a Zero Day or some malware doing its devious things… Trouble is the frequency of these events, and their scope, has been increasing significantly over the last few years and most people have not latched Read more about Houston, we have a security problem…[…]
The Defence in Depth Security Model is one of those security concepts I often see incorrectly implemented or not used to its full potential to protect services or systems. There is way more to it than first meets the eye. In this article you will learn: What is the Defence in Depth Security Model? The Read more about The Defence in Depth Security Model Explained[…]
I must admit, one of my all time pet peeves is when engineers do not implement their user authentication service in the right way to be defendable against an attack. Take for the instance the recent hack against Zomato in which they had 6.6m hashed user passwords stolen. The real problem here is not that the Read more about User Authentication, you must do it right![…]
Websites or online services come under constant attack from hackers using automated scripts, if left unmanaged such attacks can consume sufficient resources to impact your quality of service, negatively impacting your brand. This article explains why this is a major problem and what the solution is. Online Security Matters, Dictionary Attacks are everywhere Every online Read more about Online Security and Hungry Caterpillars – they have a lot in common…[…]
This new flaw, called the Covert Redirect flaw, was first reported by a Singaporea PhD student in mathematics from Nanyang Technological University. The Covert Redirect flaw is not so easily patched as heartbleed… What is the Covert Redirect flaw? The flaw allows hackers to modify the process of logging into a site, silently redirecting people to dangerous websites Read more about New security flaw in OAuth and OpenID found[…]
Cybercriminals and Internet fraudsters are singling out e-commerce sites and blogs of small businesses for their unscrupulous attacks. Nevertheless, as a business website owner, you can enact some simple precautions to thwart the evil designs of these unwanted intruders. The “Fort Disco” Botnet’s Brute-Force Tactic Both small business networks, as well as, their websites are Read more about Common Security Mistakes That Business Website Owners Make & How to Avoid Them[…]
It appears that Mount Gox, the Bitcoin exchange that got sucked dry by hackers earlier in the week (it lost almost 750,000 of its customers’ bitcoins, see my previous post) with debts of $63.6 million is to fill for bankruptcy protection. As I said before, the whole virtual currency space, more so than real currency, its critically Read more about Mt. Gox Bitcoin Exchange to File for Bankruptcy Protection[…]
According to the media one of Bitcoins exchanges got hacked so badly they had to go off air as a result. Which is quite shocking when you think about, one act of hacking took down a whole monetary exchange system… For those of you wondering what on Earth Bitcoin is – it’s a purely virtual Read more about Is Bitcoin finally busted??[…]
According to reports (see here & here), hackers are becoming a lot smarter in how they attack websites. Rather than trying to individually attack each website they have recognised that standard frameworks are being used to create and maintain websites and thereby making it somewhat easier to attack a whole class of websites ‘en mass’ Read more about Hackers want your business website data![…]