data loss

13 million plaintext passwords leak from free webhosting firm

000Webhost shows the world how not to properly handle users’ passwords, and how to ignore security researchers warning them that they have a problem.

Read more in my article on the Hot For Security blog.

Another teenager arrested in connection with TalkTalk hack

British police have arrested another teenager related to the TalkTalk data breach. This time he’s 16 years old.

Maybe TalkTalk would be wise to hire some teenagers to check out its website security?

VIDEO: Password scare for some British Gas customers

Make sure that you are using different passwords for every website that you access. Reusing passwords is just asking for trouble.

Watch my video to learn more.

VIDEO: TalkTalk hack. 15-year-old boy arrested

Police officers in Northern Ireland have arrested a 15-year-old boy in connection with the latest internet attack on British telecom provider TalkTalk.

Don’t forget – anyone building a business website who has not learnt about how to protect against SQL injection attacks probably needs to go back to the classroom themselves.

TalkTalk was hacked. But it’s silly to ask if the data was encrypted

Alan Solomon argues that data encryption is irrelevant in the case of the TalkTalk hack.

VIDEO: TalkTalk’s CEO offers some poor advice, following hack

Remember, it’s child’s play for phishers to forge the from: address in an email. Never use a correct from: address as an indicator that an email is legitimate.

Hacked TalkTalk says that it has received ransom demand

TalkTalk has said that it has received a ransom demand, after it suffered a hack which has potentially put the details of up to four million customers at risk.

OWA backdoored to steal thousands of firm’s usernames and passwords

Outlook Web App runs on your company’s servers to give you access to your business email when you’re at home or out on the road.

But one firm found that its systems had been backdoored, giving hackers access to thousands of passwords…

How can banana peels help the infosec community?

A recent ruling against Wyndham Hotels may not cause a dramatic acceleration in security practices of many corporations, but it is perhaps the kick-start that is needed to move both corporate security as well as the Infosec profession in a positive direction.

Guest contributor Bob Covello reports.

Ashley Madison hack claims another victim: Its CEO

Noel Biderman, CEO of Avid Life Media who own the massively-hacked adultery website Ashley Madison, has left the company.

Whether it was the hack, the handling of the hack, or revelations published about the CEO’s private life, that made his position untenable is unclear.

The Ashley Madison mystery: why would you use your work email address?

There might be a good reason why people use their work email rather than their personal email for a site like Ashley Madison.

But that doesn’t mean that there aren’t better ways to keep your private affairs private.

Read more in my article on the Hot for Security blog.

Reports claim Ashley Madison discussed hacking competitor, as users sue for emotional distress

Perhaps Ashley Madison should have got its own house in order before looking for the security weaknesses in others?

Read more in my article on the Hot for Security blog.

‘Bring me the head of the AC/DC-loving Ashley Madison hacker’

At a Toronto Police news conference, law enforcement officers updated the media on the investigation into the Ashley Madison hack.

A $500,000 Canadian dollar reward is up for grabs.

Suicide and Ashley Madison

Nobody deserves to die because of the Ashley Madison leak.

And even if your details were found in the database it DOESN’T mean you were ever a member of the site (as it didn’t verify email addresses), and it definitely doesn’t mean you cheated on your partner.

‘Yes. I was a member of the Ashley Madison website. But I wasn’t there to cheat on anyone’

“There are people out there like me that had no bad intentions and did NOT pay to use the site for what it was designed for. Potentially, those are the people that could be hurt the worst.”

An anonymous contributor explains why his email address could be in the leaked Ashley Madison database.

Ashley Madison: Betting site offers odds on who will be exposed

Paddy Power shows its true colours – offering odds on who will be caught out by the Ashley Madison database breach.