Training Customers To Be Stupid


Verizon asking for customer's passwords

Companies face a complicated choice. Make things easy for the customers, or make things secure for them. Convenience seems to take priority most of the time. This forces companies to get their customers to risk their own security. In this example, we see Verizon Wireless asking their customers to type their passwords into Twitter for […] Read More

Anatomy of an Amazon Phishing Attack


Fake amazon SMS

Phishing is the devious practice of tricking users into giving away their usernames and passwords to fraudulent sites. It is big business, and the best defence against it is constant vigilance. I'm going to walk you, step-by-step, through a scam that targetted me today. Along the way we'll see how to avoid falling prey to […] Read More

Some thoughts on Amazon's 2FA


A screen from Amazon showing how to use 2FA

Amazon now let you secure your account with Two-Factor-Authentication (2FA). This means you can log on with a one-time password which changes every minute. For some reason, Amazon call it Two-Step-Verification (2SV) - but it is exactly the same as all the other 2FA solutions. The Process There's no direct link to 2FA settings. So […] Read More

Would you fall for this phishing scam?


Fake sign in to Google website

Gmail is usually pretty good at stopping spam from reaching my inbox. When it slips up, it reminds me of just how terrifying the modern internet is. Early one morning, I received this email from someone I know (details redacted by me). It came from his email, it has his signature at the bottom. This […] Read More

Virgin Media are hijacking your router - again!


Virgin's opt-out form

Virgin Media are trying to resell your internet access. Worse still, they appear to be doing it without users' permission. A brief recap: Back in 2015, Virgin Media announced plans for a WiFi sharing network. A user's router would broadcast a separate WiFi network and other Virgin customers could roam on to it via an […] Read More

Password Hashing In The Browser


There are rarely new ideas in cryptography - and I doubt this idea is particularly innovative - but I thought it would be worth discussing. When I want to log in to a system on the web, I have to send that system my password. It is (one hopes) encrypted in transmission, but once it […] Read More

Full Disclosure - This Bluetooth tag is leaking your personal data


tintag unencrypted communications

If you have a TingTag, your location is being broadcast without encryption! Earlier this year I purchased and reviewed the TinTag. I've spent the last month trying to get hold of the company to report a serious privacy problem with their Android app. I've not received an adequate response, so I'm publishing this post to […] Read More

Should you open your WiFi during a disaster?


There has been a terrible natural disaster in Italy. A huge quake has broken a city. Rescue teams race to the scene to try to save lives and stabilise the situation. During the rescue efforts, the Italian Red Cross sends this tweet: #Terremoto, per favorire comunicazioni e operazioni di soccorso vi invitiamo a togliere la […] Read More

PayPal doesn't care about 2FA security


Remember when PayPal was a cool new company dedicated to radically improving online payments? Seems like it was ages ago. Now PayPal is little better than then bloated banks it sought to overthrow. Arcane bureaucracy, impenetrable fees, and a lamentable approach to security. I was minded recently to switch on 2-Factor-Authentication (2FA) for all my […] Read More