Last year, when doing some digital spring-cleaning, I realised that I had 800 different passwords. I tried going through them, removing long-dead websites, closing old accounts, and deleting anything incriminating. I now have 891 accounts. Arse. I also went through my 31 different 2FA accounts. Getting rid of old employers’ email tokens, failed crypto wallet…
Continue reading →
My mate Dom was moaning to his ISP on Twitter. They sent him a private message so they could look into his account. Blimey! Thankfully, that was a pretty brazen and inept attempt at phishing. Anyone asking for all your card details like that should set the alarm bells ringing. Of course, phishers often target…
Continue reading →
Once in a while, I’ll see someone Tweet a “link” to file:///C:/users/… – that’s the Microsoft Windows way of representing a location on a filesystem. Usually this means that the user has tried to either drag ‘n’ drop something, or copied a link from their file explorer. There are some (mild) infosec risks you should…
Continue reading →
Every so often, I get a glimpse into the thought processes of someone who has a very different view of the world to me. I don’t deal with people’s personal information often. So I was surprised to receive an email with a multi-megabyte spreadsheet called “Pay and Bonuses 2020”. The email contained this doozy of…
Continue reading →
I stared at my TOTP generator. Surely this must be a bug? Leap Year related? Or a cold-start error? Or some freaky prank? How could my login code be 000000?!?! A standard TOTP code is normally 6 digits long. There are a million combinations, from 000000 to 999999. A million isn’t a particularly big number.…
Continue reading →
The HTML5 specification is complicated. I’ve been an author on it, and even I couldn’t tell you all the weird little gotchas it contains. Between that and “idiosyncratic” browser engines, it’s a wonder the world wide web works at all. Let’s talk about the humble <meta> element. As its name suggests, it contains metadata about…
Continue reading →
Here’s something I didn’t know – but should have, because it’s obvious… Your screen’s auto-brightness depends on your webcam. If, like me, you have a privacy cover – this happens: The MacBook I’m using doesn’t have any lux sensors that I can see – most phones have a separate sensor which means the camera isn’t…
Continue reading →
tl;dr Google forgot to renew a domain used in their documentation. It was mildly embarrassing for them. And possibly a minor security concern for some new G-Suite domain administrators Background Choosing a good example domain, to use in documentation, is hard. You want something which is obviously an example, so that users understand they have…
Continue reading →
Thames Water seem to love giving me a new account number each month. That would be fine, but each time they do, I have to manually add that number to my online account. I’m bored of being their data-entry monkey. So, when they rang today, I told them that I expected them to update my…
Continue reading →
Here’s a quick write-up of a minor XSS (Cross Site Scripting) vulnerability on the website of Three.co.uk – one of the UK’s mobile providers. A brief recap… Most websites have a search function. If you search for something which cannot be found, the site will often say “No results found for XYZ.” If we can…
Continue reading →