McAfee's Failure of Trust


Running a website is hard. Let me clarify - setting up a website is dead simple - keeping it running and updated is tricky. Now, for some of us, it doesn't really matter whether our sites live or die. But for big companies like McAfee it's not simple to switch off a site - especially […] Read More

My Facebook is not Your Facebook - AKA Block Early, Block Often


I got into an argument with a friend a few weeks ago. I was complaining that I really didn't like the spam that Facebook shoves into my newsfeed. His argument was - and I paraphrase... I don't mind the occasional advert - between the Farmville notifications and "inspirational" quotes, I barely notice them. For me, […] Read More

Dark Patterns - Opt-Out / Opt-In


Hanlon's Razor states, "Never attribute to malice that which is adequately explained by stupidity." It would be nice to think that all mistakes and errors we encounter are just the result of bone-headedness. Sadly, that's not the case. Quite often malicious people deliberately try to trick you into taking actions you would normally have ignored. […] Read More

The Unsecured State Part 4 - UK Government Websites Spewing Spam


This is part 4 of a series of blog posts looking at the security of the UK Government's web infrastructure. Over the last few days, I've shown that hundreds of websites run by branches of the UK state are in a perilous state of disrepair. There are multiple sites with hugely embarrassing XSS flaws, running […] Read More

Where is this Pinterest Spam Coming From?


I've started seeing an uptick in Twitter spam - ostensibly from my friends telling me I can make money online. The common denominator is that they all use Pinterest as a vector for spreading the spam. Looking at the accounts of people who have recently tweeted these or similar messages, shows that the majority are […] Read More

Bloggers - Beware of the ASA


Earlier this year, I received an offer from a sleazy marketing company to place adverts on this blog - on the express understanding that they were not identified as sponsored posts. I reported the company - Media Discovery - to the ASA (Advertising Standards Authority) who, after a perfunctory investigation, decided not to prosecute. They […] Read More

Stopping Coral's SMS Spam


I don't like spam. I'm very careful always to tick the "do not pass my details on to 3rd parties" box on forms. So, when I do get SMS spam, I like to know who has been flouting the rules. See my previous investigation. A few weeks ago, I received this rather annoying message: I'm […] Read More