Author Archives: mike

‘;–have i been pwned?

There is a well known “white-hat” web site called “‘;–have i been pwned?” which :- Publicises large data breaches of personal information. Collects data breaches looking for compromised accounts. Allows people to check if their own account has been compromised. … Continue reading

Posted in Active Attacks, Passwords | Comments Off on ‘;–have i been pwned?

Email: Spam/Ham and Some Indigestible Acronyms

This posting has been a long time coming, and is probably longer than ideal, but for those who send bulk emails, there may well be some useful tips in here. And for convenience those who use cloud-based services that also … Continue reading

Posted in Email | Tagged , , | Comments Off on Email: Spam/Ham and Some Indigestible Acronyms

Diagnosing a Phishing Attack

I was clearing out some older emails today and encountered an attempt to phish Apple credentials; although this one was specific to Apple, the general lessons apply to all phishing attacks … and indeed more general malicious spam. The attack … Continue reading

Posted in Active Attacks, Email | Tagged , | Comments Off on Diagnosing a Phishing Attack

German University Forced To Reset All Passwords

According to this story in The Register (the source material is reasonably enough in German), one of our German competitors has recently been forced to reset every single account password causing significant queues for service. Plus a significant amount of … Continue reading

Posted in General | Tagged , , | Comments Off on German University Forced To Reset All Passwords

The Anti-Phishing “Gold Star”

Recently a query to a UK HE security list came with a link to https://www.phishingscorecard.com/ScoreCard/United-Kingdom/Education/MTEtMTE%3d which gives us a classification of “Security rockstar” for anti-phishing security measures :- (The “DKIM” green flag only shows up if you upload an appropriate … Continue reading

Posted in Email | Comments Off on The Anti-Phishing “Gold Star”

Keeping Secret Google Meetings Secret

It is possible that some people are unaware (certainly I wasn’t; at least not this week) that it is possible that information about meetings can be seen not by looking at someone’s shared diary but looking at the room booked. … Continue reading

Posted in General | Tagged , , | Comments Off on Keeping Secret Google Meetings Secret

Careful With That Link Eugene

Over the last few weeks, I have noticed an increasing number of very suspicious looking links blocked by our “DNS firewall” – links like “xwhdg.read-this-hot-stuff.today”. The suspicion is that people are being sent emails with links within and they are … Continue reading

Posted in Email, Firewall | Comments Off on Careful With That Link Eugene

‘Shoulder Surfing’ or Is Your Screen Showing Others Information It Shouldn’t?

Every time I travel by train during working hours, I get reminded of the old “shoulder surfing” attack; a surprising number of people are working away on their laptops seeming unaware that anyone peaking over their shoulders has a good … Continue reading

Posted in General | Tagged | Comments Off on ‘Shoulder Surfing’ or Is Your Screen Showing Others Information It Shouldn’t?

Imaging PCs for Offline Analysis

This is going to be a technical post with requirements for access rights that most people do not have, so it can be ignored. The intention is to file this information in a place that can be widely seen for … Continue reading

Posted in Technical | Tagged | Comments Off on Imaging PCs for Offline Analysis

Zoom Desktop Vulnerability for macOS

Update: Apple is now silently pushing out an update to remove the Zoom “hidden feature” so you will be please to know that the geeky removal is no longer necessary. Just make sure you have opted in to all recent … Continue reading

Posted in Active Attacks, Technical | Tagged | Comments Off on Zoom Desktop Vulnerability for macOS