Tag: security
-
Is user-agent a privacy concern?
Recently, I had a discussion with an e-commerce client about the implications of logging user-agents for their customers. Are there any privacy concerns involved? Can this data be used for anything other than identifying the browsers customers use to visit the site? And what about customers browsing in incognito mode – does the user-agent reveal…
-
Registration Form Used To Send Spam Via Welcome Email
While reviewing a client site, I recently noticed a small number of accounts had registered with spurious firstName and lastName values such as: firstName:You have 5 new messages from Patty: lastName: http://www.nsbe.org/impakredirect.aspx?url=http://project1200995.tilda.ws After some digging, it appeared these customers had legitimate email addresses, however had placed no orders, nor had they interacted with our site.…
-
Reversing hashes of PwnedPasswords api using number of breaches
I was recently working on a requirement to log the number of breached sites a password appeared on when customers were registering (if that password had been breached at all) Importantly, we are not logging the breached password itself (nor the hash of the password) – just the number of breaches that particular password appeared in…
-
Hide Sensitive Data with Application Insights JavaScript SDK using a Telemetry Initializer
Application Insights is incredibly powerful, especially when using the JavaScript Client SDK. The problem is, sometimes we can be logging a little too much. We can use a Telemetry Initalizer to hide sensitive data in dependencies / requests logged with Application Insights.
-
Phishing with internationalised domains
While on a train this morning, one of my close friends sent me this WhatsApp message: The person who sent it to me is not usually someone to send out scams or spam, but, to me at least, this message, did not look legit. It smelled strongly of a phishing scam. However, it was a…
-
Amazon DDOS attack – hardware failure cover-up
I’m a great fan of Amazon. I admire what they have done for technology, especially with their AWS Platform. However, when the company decided to blame a “hardware failure” for their outages yesterday evening, I felt they were trying to pull the wool over our eyes. An Amazon spokesman said: ‘The brief interruption to our…