I have updated my GPG key, revoking ID 0x35076cbaa663a704 and replacing it with 0x57974c5b48a00d9b (find it on keyservers).
This whitepaper looks at ransomware and the impact, evolution and defensive strategies that can be employed by organisations.
While the paper is primarily focused on Microsoft Windows due to the historic prevalence and devastating impact on …
Ticketweb (a UK arm of Ticketmaster) have confirmed that someone was able to send emails to subscribers fraudulently. Their initial response was covered on the Naked Security blog.
A second email was sent out this evening:
One part which stands out says:
We sincerely regret any concern that may have been caused by this incident and we can assure you we took immediate action to close the unauthorised access as soon as it was identified.
This afternoon I received an email with the spammy subject “Action Required : Update Your PDF Application”. I almost ignored it until I noticed that the link inside pointed to a domain owned by Ticketmaster. As I have shopped with Ticketmaster before, perhaps this isn’t so surprising.
My first thought was that Ticketmaster had a dodgy redirect on their site, until I looked at the email and saw that it was actually sent from Ticketmaster’s network.
Today I forgot the password for a site I use only occasionally. This is rare, as I have a number of password schemes that I use to create a password unique to each site. After clicking the reset password link, I am confronted with the “password strength checker” below:
This list of rules doesn’t fit very well with my password scheme, primarily because what I computed in my head fails the test for uppercase characters.
So I thought I was being a good internet citizen when I received the following email a week ago:
Please update to our new server click here to begin
Thanks and have a wonderful day.
The site looked like this:
For a while I was confused, after all I run my own email. Did I really need to remind myself of my password? And what had happened to my unlimited quota?
This blog can now be reached over IPv6 (or ipv6.edeca.net), which is surely the final nail in the coffin of IPv4 across the internet.
Tired of seeing repeated attempts to login to a Linux server you run? There are a number of options, all with their own benefits and disadvantages. The easiest way is to move the port that the SSH server runs on, perhaps to 2222 instead of 22. However. this can be annoying behind some firewalls and means that you need to specify the port each time you SSH to a host. This post looks at denyhosts, a viable alternative.