Collaborate Disseminate
TL;DR — Tens of millions of credentials obtained from info stealer logs populated by malware were posted to Telegram channels last month and used to shake down companies for bug bounties under the misrepresentation the data originated from their service.
How many attempted scams do you get each day?
Continue reading Begging for Bounties and More Info Stealer Logs
If you’ve landed on this page because you saw a strange message on a completely different website then followed a link to here, drop a note to the site owner and let them know what happened. If, on the other hand, you’re on this page because you’re interested in reading
You know what I really like? A nice, slick, clean set of violation reports from the content security policy (CSP) I run on Have I Been Pwned (HIBP). You know what I really don’t like? Logging on to Report URI and being greeted with something like this:
This blog post
Continue reading Add-ons, Extensions and CSP Violations: Playing Nice with Content Security Policies
I’ve long been a proponent of Content Security Policies (CSPs). I’ve used them to fix mixed content warnings on this blog after Disqus made a little mistake, you’ll see one adorning Have I Been Pwned (HIBP) and I even wrote a dedicated Pluralsight course on browser security headers. I’m a…
Continue reading My Blog Now Has a Content Security Policy – Here’s How I’ve Done It
I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. As it turns out, breaking websites is a heap of fun (with the obvious caveats) and people really get into the exercises. The first one…
Continue reading Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI
What if I told you… that you can get visitors to your site to automatically check for a bunch of security issues. And then, when any are found, those visitors will let you know about it automatically. And the best bit is that you can set this up in a…