Bitcoin is a well-established virtual currency. Its popularity was largely fueled by a surprisingly strong display of growth in 2013, when the value of a single Bitcoin shot up from around $13 to...
https://www.highseverity.com/2016/05/forget-bitcoin-zimbabwean-dollars-is.html
Most web application security testers will agree that after several years of experience you start to develop an incredible "sixth sense" which allows you to estimate how secure (or insecure!) a ...
https://www.highseverity.com/2014/01/net-price-direct-exposing-my-personal.html
Google Reader is officially shutting down on 1 July 2013. Not everyone has jumped ship yet, so I wouldn't be surprised to see a lot of people suddenly looking for new ways to read their RSS feed...
https://www.highseverity.com/2013/06/rssreader-remote-code-execution.html
Exactly two years ago, I wrote about mastercard.com being taken down by a distributed denial of service (DDoS) attack. One of the interesting things about this attack at the time was that the at...
https://www.highseverity.com/2012/12/how-do-you-measure-success-of-ddos_8.html
Valve has fixed a man-in-the-middle vulnerability in the Windows Steam client, which would have allowed a correctly-positioned attacker to divert and decrypt HTTPS traffic without the victim's...
https://www.highseverity.com/2012/03/valve-fixes-https-vulnerability-in.html
Siemens Meter Services , a division of Siemens plc, claims to be the UK's leading independent expert provider of metering services. They are accredited with CORGI and Ofgem to provide gas meter ...
https://www.highseverity.com/2012/01/dodgy-doorstep-security-advice-from.html
This post highlights how even a small modification to a graphical user interface can be responsible for causing unintended security problems. When Ubuntu's remote desktop service (Vino) first ...
https://www.highseverity.com/2011/11/accidentally-opening-doors-on-ubuntu.html
It's always nice to see a manager or developer fully understand the severity of cross-site scripting (XSS). Displaying user-supplied input without sufficient encoding can have a serious impact o...
https://www.highseverity.com/2011/06/xss-in-confined-spaces.html
Here's a nice video demonstraction of how clickjacking can be used to exploit what would otherwise be an UNexploitable cross-site scripting vulnerability: For further details on the mechanics...
https://www.highseverity.com/2011/03/exploiting-xss-with-clickjacking.html
The London Stock Exchange website exposed some visitors to drive-by malware attacks today. Merely viewing the homepage at WWW.LONDONSTOCKEXCHANGE.COM (without clicking on anything) caused my Win...
https://www.highseverity.com/2011/02/london-stock-exchange-hit-by-malware.html
The Internation Space Station passed overhead at 18:36 this evening, with the space shuttle Discovery closing in and preparing to dock. Having never seen the ISS before, I thought I'd try and ge...
https://www.highseverity.com/2011/02/discovery-docking-with-international.html
Nearly everyone involved in security testing or website design has undoubtedly used the domains EXAMPLE.COM and EXAMPLE.NET to demonstrate something or other. These are special domain names, res...
https://www.highseverity.com/2011/01/examplecom-has-changed.html
When Quora went live a few weeks ago, I was one of many who rushed in to sign up for an account and see what all the excitement was about. It describes itself as "a continually improving collec...
https://www.highseverity.com/2011/01/quora-login-exposes-names-and-photos.html
I previously blogged about T-Mobile's silly fair use policy , but at least they make it clear what the data limit is. Tesco Mobile, on the other hand, seem to be intent on HIDING their fair use ...
https://www.highseverity.com/2011/01/tesco-mobiles-hidden-fair-use-policy.html
Gosh, I had no idea it was this easy to launch a distributed denial of service attack. I particularly like the bit where the hacker demonstrates the effectiveness of this method by carrying out ...
UK mobile network operator T-Mobile is changing its Mobile Internet fair use policy to have a significantly reduced fair use limit of only 500Mb per month. Despite this change, T-Mobile are no...
https://www.highseverity.com/2011/01/t-mobiles-fair-use-policy-is.html
In the midst of the WikiLeaks hosting saga , it was only natural that I should start following WikiLeaks on Twitter . I remember saying at the time, "I'm probably on some government list now." ...
https://www.highseverity.com/2011/01/wikileaks-twitter-paranoia.html
Last month, Netcraft saw WikiLeaks.org being ousted from the United States. A loose-knit group named Anonymous then began launching distributed denial of service (DDoS) attacks against organisa...
https://www.highseverity.com/2011/01/interview-with-anonymous.html
Online security is something I have always been interested in. I've been doing security consultancy and web application security testing for several years at Netcraft , helping major banks and f...
https://www.highseverity.com/2011/01/welcome-to-high-severity.html