Posts

Showing posts from December, 2014

Photobox

Image
I was checking out some free credit on a personal account I have had with Photobox - I had an email notification telling me I somehow had £5 credit and was curious to see how it worked. First things first, check that the TLD (top level domain - www.domain.com) in the email link matches the actual website - prevent easy spoofs and phishing attempts.

As is normal with accounts we haven't touched in ages I'd forgotten the password so hit the "Reset Password" link. What surprised me was not the speed of arrival of the reset email, nor the fact it contained the password for the account in plain text, but that the password itself was a 7-digit numeric.

As well as checking out the credit I thought I'd check what personal details they had - after all I hadn't used the account in a while. As I've captured in the screenshot at the top of this article, there was no SSL or TLS certificate in use at all. None of the traffic between my browser and the Photobox webserv…

Portal Opened

Image
Hi there. This year I split out business into two distinct functions - one of which is based on transformation consultancy, the other on information assurance / security research.

"What if...?"

This blog represents the latter; answering all the more interesting questions generated during my time in various industries. This portal focuses on providing consumer advice (business advice is charged for) and some research results. More news to follow...