Log4Shell-like code execution hole in popular Backstage dev tool

By Paul Ducklin — November 15^th 2022 at 17:49

Good old "string templating", also known as "string interpolation", in the spotlight again...

bs-1200

Public URL scanning tools – when security leads to insecurity

By Paul Ducklin — November 7^th 2022 at 19:59

Never make your users cry/By how you use an API

By Paul Ducklin — October 11^th 2022 at 15:22

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

By Paul Ducklin — September 19^th 2022 at 18:59

Wondering how you'd handle a data breach report if the worst happened to you? Here's a useful example.

By Paul Ducklin — August 29^th 2022 at 16:59

What does the recent LastPass breach mean for password managers? Just a bump in the road, or a reason to ditch them entirely?

By Paul Ducklin — August 24^th 2022 at 18:59

One bit per second makes the Voyager probe data rate seem blindingly fast. But it's enough to break your security assumptions...

By Paul Ducklin — April 25^th 2022 at 16:58

Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.

By Paul Ducklin — January 18^th 2022 at 19:23

There's a tiny data leakage bug in the WebKit browser engine... but it could act as a "supercookie" identifier for your browsing

By Paul Ducklin — December 23^rd 2021 at 17:58

You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.

By Paul Ducklin — November 23^rd 2021 at 00:35

GoDaddy found crooks in its network, and kicked them out - but not before they'd been in there for six weeks.

By Paul Ducklin — November 18^th 2021 at 22:20

Be aware before you share! That's a good rule for developers and techies, just as much as it is for social media addicts.