Clik here to view.
Protecting your embedded content with subresource integrity (SRI)
CDNs are good. You get to put your web things all over the world and then have them served to your global audience from a location close to them. For example, because this blog is served through...
View ArticleClik here to view.
CloudFlare, SSL and unhealthy security absolutism
Let's start with a quick quiz: Take a look at haveibeenpwned.com (HIBP) and tell me where the traffic is encrypted between: You see HTTPS which is good so you know it's doing crypto things in your...
View ArticleClik here to view.
The Dropbox hack is real
Earlier today, Motherboard reported on what had been rumoured for some time, namely that Dropbox had been hacked. Not just a little bit hacked and not in that "someone has cobbled together a list of...
View ArticleClik here to view.
The "Have I been pwned" API rate limit has been brought forward - here's why
Three weeks ago today, I wrote about implementing a rate limit on the Have I been pwned (HIBP) API and the original plan was to have it begin a week from today. I want to talk more about why the rate...
View ArticleClik here to view.
Someone just lost 324k payment records, complete with CVVs
Edit: A day and a half after publishing this post, the source of the data was eventually identified and a statement issued. Do see the updates at the end of this post. I see a lot of data breaches. I...
View ArticleClik here to view.
Here's how broken today's web will feel in Chrome's secure-by-default future
Last week Google announced some changes to Chrome, specifically that come January 2017, practices like this are going to start resulting is browser warnings: That's just one of many such examples I've...
View ArticleClik here to view.
I'm now offering sponsorship of this blog
I have a love-hate relationship with ads, whether they be on my blog or anywhere else for that matter. I get that they're a necessity for many news outlets to keep providing the free information that...
View ArticleClik here to view.
Azure Functions in practice
I wrote recently about how Have I been pwned (HIBP) had an API rate limit introduced and then brought forward which was in part a response to large volumes of requests against the API. It was causing...
View ArticleClik here to view.
Something new: Weekly update 1
I've had this idea in mind for a while to start capturing some video on a weekly basis about things that are topical and interesting but that I'm probably just not going to get around to blogging into...
View ArticleClik here to view.
7 years of blogging and a lifetime later...
Sponsored by: Help Net Security - Trusted source for daily information security news and analysisExactly 7 years ago today, I wrote my first blog post titled Why online identities are smart career...
View ArticleClik here to view.
New Pluralsight Course: Deconstructing the Hack
Sponsored by: Help Net Security - Trusted source for daily information security news and analysisI was on another whirlwind trip back in July, this time to a bunch of spots in the US which included...
View ArticleClik here to view.
Weekly update 2
Sponsored by: Help Net Security - Trusted source for daily information security news and analysisSo much to my surprise (honestly, I really didn't expect it), the weekly update I did last week was...
View ArticleClik here to view.
Here's how I deal with managed platform outages
Sponsored by: Sucuri: Incident Response, Monitoring, DDoS mitigation and WAF for websitesThe other day, my blog went down: Sorry folks, blog is down for a bit while @TryGhost puts out the fire...
View ArticleClik here to view.
Weekly update 3 (Edinburgh edition)
Sponsored by: Sucuri: Incident Response, Monitoring, DDoS mitigation and WAF for websitesGiven this thing seems to have some traction and people are enjoying them, I'm going to keep these weekly update...
View ArticleClik here to view.
Handling Chinese data breaches in Have I been pwned
Sponsored by: Sucuri: Incident Response, Monitoring, DDoS mitigation and WAF for websitesChina is an immensely fascinating place for many reasons. It's geographically bigger than the US, it has almost...
View ArticleClik here to view.
Should you care about the quality of your neighbours on a SAN certificate?
Sponsored by: Help Net Security - Trusted source for daily information security news and analysisWe've all had bad neighbours before. Perhaps they were noisy, maybe the kids ran riot or they could have...
View ArticleClik here to view.
Weekly update 4 (London edition)
Sponsored by: Sucuri: Incident Response, Monitoring, DDoS mitigation and WAF for websitesAnother week in another faraway place. Since the last update in Edinburgh I've spent a couple of days in...
View ArticleClik here to view.
Here's how I handle online abuse
Sponsored by: Sucuri: Incident Response, Monitoring, DDoS mitigation and WAF for websitesI originally wrote this post earlier on in the year. I honestly can’t remember what the abuse was that led to it...
View ArticleClik here to view.
Weekly update 5 (A380 edition)
Sponsored by: Barkly - Make security something your users actually care about. Download the IT Pro's Guide to Raising Security Awareness.I'm on a plane! More importantly though, I'm on a plane home....
View ArticleClik here to view.
Here's everything that goes into a massive international speaking trip
Sponsored by: Barkly - Make security something your users actually care about. Download the IT Pro's Guide to Raising Security Awareness.International travel can look pretty glamorous from the outside...
View Article